Re: [Mailman-Users] spam proof announcement style list

[Stephanie Westbrook]

Well, I tried using the Approved line method. But there were several 
problems. 

First, my mail client is pegasus 4.12a ono Win xp pro sp2. Mailman 
is 2.1.6.

Problem 1 is major. On my mailing list for the time being I have 
several of my own email addresses. They are setup as separate 
users (not separate identities) in pegasus. In some, but not all, I see 
the approved line with password, ie it was not removed from the 
message.

Problem 2 is less grave but still a problem. The message now 
arrives with a text attachment which is the footer for the mailing list. 
So you no longer see it as part of the message, but as a separate 
attachment. And since it contains info such as how to change list 
options, I'd rather have it there in plain sight.

At this point I will go back to hiding the sender.  

Thanks and comments appreciated.

Stephanie

On 8 Oct 2005 at 12:28, Mark Sapiro wrote:

Stephanie Westbrook wrote:

I've just configured my first announcement style list. There will
only be a few people on the list without the moderator bit set and I
have it set to hide the sender's address will default to
[EMAIL PROTECTED]

And I set it so that messages from non members are rejected and 
new
members are always moderated.

Is this safe? Have I taken care of everything?


It is fairly safe, but it could be safer. The issue here is that
anyone can post by spoofing the address of one of the unmoderated
posters. Since you have the list set to anonymous, these addresses
won't be totally obvious, but they still might be available for
example in the list run by link at the bottom of the listinfo page.

Also, with various malware harvesting addresses from people's 
address
books it is even possible that some malware might mail itself to the
list while spoofing an authorized poster.


I read about having everyone moderated but don't really 
understand
how it is supposed to work. If this is a better solution, could
someone explain? Does it mean that the few people allowed to 
post on
the list will have to go in and approve their messages each time?


This is the safer way to do it. Everyone is moderated and any 
ordinary
post will be rejected no matter who it is from. Authorized posters
need to know the list password and put the line

Approved: list_password

either as a header if their MUA allows this conveniently or as the
first body line of the post. This allows the post to go directly to
the list. Note that if you put the Approved: line in the body, follow
it with a blank line as at least some Mailman versions remove the
following line when removing the Approved: line.

--
Mark Sapiro [EMAIL PROTECTED]   The highway is for gamblers, 
San
Francisco Bay Area, Californiabetter use your sense - B. Dylan




--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

[Mailman-Users] hiding sender on announce only

[Stephanie Westbrook]

Hi,

I have a mailing list that should be of the announcement only type. I 
have it setup to hide the sender and there will only be a few of us 
with permission to post to the list.

So sender is hidden, reply to headers are stripped and reply to is set 
to explicit. 

The problem with this is that members will surely want to reply on 
occasion, to ask a question or comment. They wouldn't be replying 
to the list, of course (also because they can't) but to the admin of 
the organization. And they are used to being able to do this since 
the mailing list is currently just a distribution list in one members 
mail client. So messages to the list go out as [EMAIL PROTECTED] and 
people can just reply.

So unless the make sure to click the reply all in their mail client they 
will just be replying to the list. I have it set so that moderated 
members receive a nice message saying the list is read only and to 
communicate with the organization they need to write to 
[EMAIL PROTECTED] not the list. And I can explain all this in the first 
message that goes out.

But is there a better way?

Thanks,

Stephanie

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp

[Mailman-Users] spam proof announcement style list

[Stephanie Westbrook]

Hi,

I've just configured my first announcement style list. There will only 
be a few people on the list without the moderator bit set and I have it 
set to hide the sender's address will default to [EMAIL PROTECTED]

And I set it so that messages from non members are rejected and 
new members are always moderated.

Is this safe? Have I taken care of everything?

I read about having everyone moderated but don't really understand 
how it is supposed to work. If this is a better solution, could 
someone explain? Does it mean that the few people allowed to post 
on the list will have to go in and approve their messages each time?

Thanks,

Stephanie


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp