Re: [Mailman-Users] Subscribers accessing private list archives

2011-08-20 Thread Richard Damon 

On 8/20/11 12:24 AM, Mark Sapiro wrote:
But as I implied at least in the reply referenced above, if you set 
the list's unsubscribe_policy to Yes, even a users confirmed 
unsubscribe is not effective until approved by an admin/moderator so 
this can be used to prevent users from unsubscribing, but you can't 
prevent a user from getting an on-demand password reminder and logging 
in to her options page and setting "no mail". 


A bigger problem is that even if you can force the list to send mail to 
the user, the user can still black list the mail if they really don't 
want to see it, and there is nothing you can do unless you are also 
being their MSP. And the problem with them blacklisting you is that for 
some MSPs that can affect their spam filters and others (who want to get 
your message) my find it being blocked by spam filters.


This is part of the reason such a policy doesn't work. Forcing someone 
to receive messages just doesn't work, there needs to be enough value in 
them that the people want to get them.


--
Richard Damon

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Subscribers accessing private list archives

2011-08-19 Thread Mark Sapiro 
On 8/19/11 6:41 PM, Richard Damon wrote:

> Perhaps you could create a dummy subscription that you give people the
> information for. That way you could give people the password for that
> subscription. Just need to watch to make sure no one plays with its
> settings.


And the email address, but this is a much better idea than giving
everyone the same "generic" password which I suggested but advised
against in my reply at
.


> Also, they are still able to unsubscribe themselves, as they can get an
> unsubscription message sent to their email and then use it to confirm
> the unsubscription.


But as I implied at least in the reply referenced above, if you set the
list's unsubscribe_policy to Yes, even a users confirmed unsubscribe is
not effective until approved by an admin/moderator so this can be used
to prevent users from unsubscribing, but you can't prevent a user from
getting an on-demand password reminder and logging in to her options
page and setting "no mail".

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, CaliforniaBetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Subscribers accessing private list archives

2011-08-19 Thread Richard Damon 

On 8/19/11 9:36 AM, Prietz, Ian wrote:

Hi,

I help manage a series of mailing lists. It is currently configured for me to 
manually subscribe users. We do not offer the subscribers the opportunity to 
manage their own subscription...they are required to be a part of this list. We 
do not have passwords setup for subscribers, so they do not have to do the 
periodic password updates.

I also have the lists setup to privately archive.

I am looking for a way to give subscribers a generic password that would 
authenticate them to be able to view the archives (so they can revisit any past 
messages). Note, I do not want them to be able to access their subscriber 
settings to be able to unsubscribe themselves. I would almost like to just have 
everyone be given a generic password (that I could give out upon request), so 
they can view the private archives. That's all.

Any ideas? Our Mailman access is restricted just to accessing our mailing lists 
administration pages on the web. Our service is hosted...I do not have direct 
access to the server.

Thanks,

Ian
Perhaps you could create a dummy subscription that you give people the 
information for. That way you could give people the password for that 
subscription. Just need to watch to make sure no one plays with its 
settings.


Also, they are still able to unsubscribe themselves, as they can get an 
unsubscription message sent to their email and then use it to confirm 
the unsubscription.


Mailman is setup to allow people to unsubscribe (and a hosted service 
isn't going to let you change that), if you want to not allow this, your 
best bet is with social/political rules with appropriate penalties for 
violations.


--
Richard Damon

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Subscribers accessing private list archives

2011-08-19 Thread Mark Sapiro 
Geoff Shang wrote:

>On Fri, 19 Aug 2011, Prietz, Ian wrote:
>
>> I am looking for a way to give subscribers a generic password that would 
>> authenticate them to be able to view the archives (so they can revisit 
>> any past messages). Note, I do not want them to be able to access their 
>> subscriber settings to be able to unsubscribe themselves. I would almost 
>> like to just have everyone be given a generic password (that I could 
>> give out upon request), so they can view the private archives. That's 
>> all.
>
>I would set the archives to be public, but require authentication through 
>the webserver for this area of the site.  If you can use .htaccess files, 
>you might be able to require that a password be entered to access 
>/pipermail/ under your domain.
>
>since I admin my own servers, I don't know how easy this would be to do, 
>but someone here would.


This is a good idea, but since the OP's Mailman is hosted and the OP
doesn't have access to the host server, it would require that the host
admins install the .htaccess files and maintain the 'htpasswd' files
for authentication. They may be willing to do this as the .htaccess
files could be installed per list as
archives/private/LISTNAME/.htaccess. This also requires that the
archives/private/LISTNAME/ directories be directly or indirectly
"AllowOverride AuthConfig".

Another possibility is that since all users have a password whether
they know it or not, you could set the password to a known generic
value for all users. I wouldn't advise this however, as it would allow
any user to access any other user's options with the same password.

That raises another question. Since this is a hosted Mailman, I would
assume it is pretty "vanilla" so presumably, you prevent users from
unsubscribing by setting unsubscribe_policy to Yes, otherwise they
could easily unsubscribe by email, but how do you prevent them from
requesting a password reminder from the options login page and then
using it to login and change their options, e.g. set mail delivery off.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Subscribers accessing private list archives

2011-08-19 Thread Geoff Shang 

On Fri, 19 Aug 2011, Prietz, Ian wrote:

I am looking for a way to give subscribers a generic password that would 
authenticate them to be able to view the archives (so they can revisit 
any past messages). Note, I do not want them to be able to access their 
subscriber settings to be able to unsubscribe themselves. I would almost 
like to just have everyone be given a generic password (that I could 
give out upon request), so they can view the private archives. That's 
all.


I would set the archives to be public, but require authentication through 
the webserver for this area of the site.  If you can use .htaccess files, 
you might be able to require that a password be entered to access 
/pipermail/ under your domain.


since I admin my own servers, I don't know how easy this would be to do, 
but someone here would.


Geoff.



--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Subscribers accessing private list archives

2011-08-19 Thread Prietz, Ian 
Hi,

I help manage a series of mailing lists. It is currently configured for me to 
manually subscribe users. We do not offer the subscribers the opportunity to 
manage their own subscription...they are required to be a part of this list. We 
do not have passwords setup for subscribers, so they do not have to do the 
periodic password updates.

I also have the lists setup to privately archive.

I am looking for a way to give subscribers a generic password that would 
authenticate them to be able to view the archives (so they can revisit any past 
messages). Note, I do not want them to be able to access their subscriber 
settings to be able to unsubscribe themselves. I would almost like to just have 
everyone be given a generic password (that I could give out upon request), so 
they can view the private archives. That's all.

Any ideas? Our Mailman access is restricted just to accessing our mailing lists 
administration pages on the web. Our service is hosted...I do not have direct 
access to the server.

Thanks,

Ian
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org