Background: Currently majordomo, but rapid switch to Mailman being considered. About 20,000 users. Over 2,000 lists, the majority being "announcement" with very limited numbers of permitted senders. Have been majordomo-based for many years. Recent spoof email jumped the priority of a potential majordomo->Mailman transition to very high. Installed Mailman 2.1.5 (that version simply for local proof-of-concept convenience). Would anticiapate running latest stable version. Very new to running a Mailman service (be gentle!).
Executive summary of query: The existing "Approved:" mechanism needs a password shared in common across multiple people (which feels poor and doesn't scale well) and across multiple lists (again, scaling problems). Is there a facility, or plans for such, for each permitted sender to have (optionally) their own password, useable across many lists? (Note the numbers, and high proportion of limited access "annnouncement" lists in the above.) Details of query: I've read the FAQ. The nearest items to my query seem to be 3.11, 3.34, 3.46 etc. Our recent problem was a spoof email through Majordomo, via a small number of large lists to the entire institution, spoofing the "From:" of a valid Majordomo "posters" email address. The Mailman "Approved:" mechanism looks as if it should address much of this (but not as much as might be possible: see below). With Mailman, I've done an "Approved:" proof-of-concept demo: two lists, same list password; moderation switched on for everybody. Proved the working of: Approved: <list password> (1) being able to bypass the moderation function (good); (2) its absence or error being diverted to moderator (good). So our genuine posters can use "Approved:" and the email would go straight through, whereas the spoofer wouldn't be able to do this and the request would be diverted (very good!) to the various list moderators. BUT... ... in the environment described above we can see major benefits of a somewhat different authorisation slant. Problem: A spoof to many lists would go to many moderators within a list and across lists, requiring coordination of moderators within a list, and consistent action of one or more moderators per list across the lists. Very poor scaling at a large site (with many clusters of many lists). Suggestion: An approval process to allow a sender-based password. So something like: From: [EMAIL PROTECTED] # may or may not be spoofed To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], ... Approved: <pw belonging to "permitted.poster.1"> and also that pw being potentially shareable across multiple lists. This doesn't seem possible at present (v 2.1.5). But it seems related to FAQ 3.46, in particular section "A password scheme could potentially be implemented ...". Is it yet possible? (Assuming not, then ...) List subscribers can already have passwords attached to their membership of a particular list, but this is (I understand) only for subscription maintenance, not for posting authorisation. So the concept of password linked to email address is already present in Mailman. It would seem reasonable to extend Mailman to have a variant of the "Approved:" scheme (albeit with its inherent weak authentication) in which the password is associated with each "permitted.poster.1" sender name to discriminate a real sender from the spoofer. Does that seem reasonable? What are the drawbacks (those that would have significantly worse problems/weaknesses than existing mechanisms)? Comments? If it is possible now (i.e. I have overlooked the relevant documentation), please point me in the correct direction, to documentation etc. If not yet possible, but acceptable in theory (perhaps with amendments), then we would hope to consider volunteering some effort into coding it. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp