[Mailman-Users] Re: security on an announce-only list
At 03:23 AM 6/17/2003, you wrote: On Monday, Jun 16, 2003, at 20:48 Canada/Mountain, Paul H Byerly wrote: > After a lot of trial and error I find that it works for plain > text messages, but not for html messages. If there is any html in the > message it goes through, but the password stays with it. LuKreme answered: That is because in an HTML message the FIRST LINE is not "Approved: password" the first line is "" Well duh, why didn't I realize that? What had me fooled was that it seemed to read the password. I realize now it was reading and stripping the text password, and ignoring the one in the html. And I don't see any easy way around that. I may have it beat. I send the message in plain text, with the approved header on the top, and then the html code below that. It comes out right when received by Eudora, and I assume would be good in others, but anyone reading plain text only is going to get code I think. <>< Paul "Your version of Window can not open the file. A 10 hour $$$ upgrade will fix the problem." -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Re: security on an announce-only list
On Mon, 2003-06-16 at 16:25, Paul H Byerly wrote: > I'm still trying to figure out how to put the password in the first > line and not have it show up in the post. What I am using is "Approved: > password" . Should it be something else? You are sending messages as plain text aren't you? If they are multipart/alternative (ie text & html parts) there will be 2 sets of message data that need the Approved: pseudo-header stripping, and if its straight html then you may confuse the parser... other things that could make it break would be strange character sets or encoding. Nigel. -- [ Nigel Metheringham [EMAIL PROTECTED] ] [ - Comments in this message are my own and not ITO opinion/policy - ] -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Re: security on an announce-only list
On Monday, Jun 16, 2003, at 20:48 Canada/Mountain, Paul H Byerly wrote: Jeroen Valcke wrote: When I put the Approved: MailMan passes the msg and strips the first line with the passwd. This is on MailMan 2.1.1. After a lot of trial and error I find that it works for plain text messages, but not for html messages. If there is any html in the message it goes through, but the password stays with it. That is because in an HTML message the FIRST LINE is not "Approved: password" the first line is "" -- And the three men I admire most, the father son and the holly ghost, they caught the last train for the coast... -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Re: security on an announce-only list
Jeroen Valcke wrote: When I put the Approved: MailMan passes the msg and strips the first line with the passwd. This is on MailMan 2.1.1. After a lot of trial and error I find that it works for plain text messages, but not for html messages. If there is any html in the message it goes through, but the password stays with it. And of course the only lists I want to use this on are also the only ones that use html. Sigh. <>< Paul -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Re: security on an announce-only list
On Mon, Jun 16, 2003 at 01:35:07PM -0600, LuKreme wrote: > On Monday, Jun 16, 2003, at 02:31 Canada/Mountain, Jeroen Valcke wrote: > >In 'membership management' I disabled moderation for people who should > >be able to send msgs to the list. > > NO, tun on moderation for EVERYONE. Sorry, I meant to say 'enabled'. See my first paragraph. > When someone wants to post, the start their message with > > Approved: > > the message gets posted and the Approved: header is stripped. Yeps, indeed. Works fine now. However I was wondering could an extra check be added? Like for example msgs with approve are only allowed from certain addresses. -Jeroen- -- Jeroen Valcke [EMAIL PROTECTED] [EMAIL PROTECTED] -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Re: security on an announce-only list
On Monday, Jun 16, 2003, at 02:31 Canada/Mountain, Jeroen Valcke wrote: In 'membership management' I disabled moderation for people who should be able to send msgs to the list. NO, tun on moderation for EVERYONE. When someone wants to post, the start their message with Approved: the message gets posted and the Approved: header is stripped. -- "As God as my witness, I though turkey's could fly," Arthur Carlson, WKRP in Cincinnati -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Re: security on an announce-only list
On Mon, Jun 16, 2003 at 10:25:33AM -0500, Paul H Byerly wrote: > Jeroen Valcke wrote: > >IMHO, the problem with the approve passwd is that anybody who knows (or > >guesses) the approve passwd can post to the list. > > I'm still trying to figure out how to put the password in the first > line and not have it show up in the post. What I am using is "Approved: > password" . Should it be something else? > When I do it as a header it strips it, but that option is not > workable for some who need to be able to get posts through. When I put the Approved: MailMan passes the msg and strips the first line with the passwd. This is on MailMan 2.1.1. -Jeroen- -- Jeroen Valcke [EMAIL PROTECTED] [EMAIL PROTECTED] -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Re: security on an announce-only list
Jeroen Valcke wrote: IMHO, the problem with the approve passwd is that anybody who knows (or guesses) the approve passwd can post to the list. I'm still trying to figure out how to put the password in the first line and not have it show up in the post. What I am using is "Approved: password" . Should it be something else? When I do it as a header it strips it, but that option is not workable for some who need to be able to get posts through. <>< Paul -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
