[Mailman-Users] How do I run 2.x mailman more securely?

Grant Taylor gtaylor at tnetconsulting.net
Thu May 31 15:40:57 EDT 2018

On 05/31/2018 01:18 PM, Dimitri Maziuk wrote:
> Yeah, I too once thought that was a good idea.

I'm not quite following you.  Are you saying that you now dislike 
HTTP(S) usernames & passwords specifically?  Or are you saying that you 
dislike hosting something yourself?

> And then heartbleed came along, and our knee-jerk security department 
> cut off everyone who hasn't patched in 24 hours -- at the gateway.

Problems happen.  It's how you (or the powers that be) respond to 
something that matters.

> As Murphy would have it, I was traveling across the Atlantic and our 
> other IT guy was driving across North America. And of course cut-off at 
> the gateway meant no mail, no ssh, no way to know what happened and no 
> way to fix it.

Yep.  Murphy and his law will get you when you least expect it or are 
least able to respond to it.

> This stuff sounds like it's coming from the same security experts. 
> Proper answer with those guys is don't run mailman. Export the subscribers 
> and use it as CC list in Orifice'365: you can't go wrong with "industry 
> standard".

I'm going to disagree with you there.  You most certainly can go wrong 
with "industry standard" or "what everybody else does".

Grant. . . .
unix || die

More information about the Mailman-Users mailing list