[Mailman-Users] How do I run 2.x mailman more securely?

[Carl Zwanzig]

I'm sure Mark has more complete answers, but diving in anyways :)

On 5/30/2018 2:36 PM, Parker, Michael D. wrote:
> I've been assigned the task of attempting to secure our current implementation of GNU MailMan.
You're probably better off changing to MM3, but if you have to stay with v2--

> What did you do?
Needs a better definition of "secure" and an understanding of the intended 
goals- protect the archive? spam prevention? keep users from (un)subscribing 
lists? Are these goals part of the _mailing_list_manager_ or another part of 
the system (web server, email MTA & spam filtering, file sharing, etc)?


> Some of the initial items that have been directed my way:
> 1.       Can archiving be totally and permanently be eliminated?
More than turning it off on a per-list basis? (This doesn't "secure" 
mailman, it only makes archives unusable. You'd be better off to hide them 
behind a web page requiring web-server authentication.) Won't stop users 
from keeping their own archives, of course. (Or change the code to disable 
them.)


> 2.       How and where are the passwords stored?
IIRC users' list passwords are stored in the list config 'pickle' in the 
lists/ directory; see the comments in "Mailman/SecurityManager.py".


> 3.       Can user passwords be eliminated and have the list administrator make any user adjustments which should not be necessary?
At a great loss of utility, sure. This would require a code change.


> 4.       Does the website have to run in http: since passwords are entered at points in the interactions?
No, the FAQ describes to to enable HTTPS.


Later,

z!