Re: [Mailman-Users] Approved header, mailman password and security

On Mon, 25 Apr 2011, Mark Sapiro wrote: I have created a tracker item at for this and implemented it for Mailman 2.1.15. Hi Mark, It's nice to return from a prolonged weekend to find this in the mailbox :) Thanks a lot ! PS I broke the news

Re: [Mailman-Users] Approved header, mailman password and security

I have created a tracker item at for this and implemented it for Mailman 2.1.15. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan ---

Re: [Mailman-Users] Approved header, mailman password and security

Dag Wieers wrote: >On Thu, 14 Apr 2011, Dag Wieers wrote: > >> We have been using the Approved header as a way to automatically approve >> commit logs to a read-only mailinglist. We recently moved our infrastructure >> to github and I wrote a patch to the github Email service hook to add an >>

Re: [Mailman-Users] Approved header, mailman password and security

On Thu, 14 Apr 2011, Dag Wieers wrote: We have been using the Approved header as a way to automatically approve commit logs to a read-only mailinglist. We recently moved our infrastructure to github and I wrote a patch to the github Email service hook to add an Approved header. https://gi

[Mailman-Users] Approved header, mailman password and security

Hi, We have been using the Approved header as a way to automtically approve commit logs to a read-only mailinglist. We recently moved our infrastructure to github and I wrote a patch to the github Email service hook to add an Approved header. https://github.com/github/github-services/pul

Re: [Mailman-Users] Approved header problem

--- Mark Sapiro <[EMAIL PROTECTED]> wrote: > If not, try sending the message to the list with a Bcc: to > yourself. > Then, if possible, examine the raw message received via Bcc:. It > may > not be sufficient to look at it in Agent, unless Agent can show you > the raw message as received. You may

Re: [Mailman-Users] Approved header problem

Mark Sapiro schrieb: > It may > not be sufficient to look at it in Agent, unless Agent can show you > the raw message as received. It can. > You may be able to save it to a file from > Agent and examine that with an editor, That is possible, too. -thh -

Re: [Mailman-Users] Approved header problem

Roy Harvey wrote: >--- Mark Sapiro <[EMAIL PROTECTED]> wrote: > >> Second, how does this protect you against revealing the password by >> sending it to the wrong place? You could still add the Approved: >> header to an email to a non-list address. > >My email program, Agent, provides a way to ass

Re: [Mailman-Users] Approved header problem

--- Mark Sapiro <[EMAIL PROTECTED]> wrote: > First, the order of the headers is not relevant. Mailman will find > the > Approved: header wherever it is and remove it from any message > delivered to the list members. If the Approved: header contains the > correct list password without any trailing

Re: [Mailman-Users] Approved header problem

Roy Harvey wrote: > >But sometimes I screw up and past it into the wrong email, and then >have to change the password. > >In an attempt to avoid that mistake I figured out how to make my >email program add this as a actual header line. It adds it as the >third header line, after the From and To, b

[Mailman-Users] Approved header problem

I've been using Mailman with great success for almost 9 months through EMWD (http://www.emwd.com/mailman.html). Now I have a question that I have been unable to find a match to in the old messages or FAQ. Following the instructions in the FAQ entry 3.11, "How do I create a newsletter/announcement

Re: [Mailman-Users] Approved: header

Mark Sapiro wrote: > Presumably, if approve(d) is misspelled, the post will be held > anyway. If not, why are we putting an approved line there in the > first place? Now that is a good thought to ponder. Thanks Mark. -Jim P. -- Mailman-Users ma

Re: [Mailman-Users] Approved: header (was: Batch member attributes)

Jim Popovitch wrote: > >This is a question that has been bugging me for a while. If a moderator >adds an "Approved: xx" header but misspells "Approved", then their >password goes on to the list for all to see. Without setting filters >for each and every password (esp., moderator passwords

[Mailman-Users] Approved: header (was: Batch member attributes)

Mark Sapiro wrote: > A much better way is to give these authorized posters the moderator > password for the lists and have them post using an Approved: header or > first body line. Although, if they reallty need 80 different passwords > each, I can see that would be quite a pain. This is a questio

Re: [Mailman-Users] "Approved:" header not stripped from mail delivered to list...

On Apr 22, 2005, at 17:41, Katharina wrote: After trying out the "Approved: "as the first line in the content of a mail I wanted to post to a (test) list, as described in some archive entries of the mailman-users mailing list, I found out that my mail was ideed posted to the list passing through

[Mailman-Users] "Approved:" header not stripped from mail delivered to list...

Hi! After trying out the "Approved: "as the first line in the content of a mail I wanted to post to a (test) list, as described in some archive entries of the mailman-users mailing list, I found out that my mail was ideed posted to the list passing through moderation but the header-like first l

Re: [Mailman-Users] "Approved header" ?

Arlequín wrote: > >On the other hand I can't figure out how's that thing of using a >`first line of the post´. Every thing I post in the message body will be > delivered to all subscribers!, won't it? No. If you put the Approved: line as the first line of the body , Mailman will recognize i

[Mailman-Users] "Approved header" ?

Hello. I was reading the 3.11 Mailman FAQ Section and I quote: `How to post to the announcement list: [..] A more secure alternative is for your approved posters to add an Approved header to their postings as a header, or as the first line of the post.´ Well, the poster in my environment use

[Mailman-Users] "Approved header"?

Hello. I was reading the 3.11 Mailman FAQ Section and I quote: `How to post to the announcement list: [..] A more secure alternative is for your approved posters to add an Approved header to their postings as a header, or as the first line of the post.´ Well, the poster in my environment use

Re: [Mailman-Users] Approved: Header

> "L" == LuKreme <[EMAIL PROTECTED]> writes: L> I checked the FAQ for info on the Approved header, but although L> I found references to using it, I didn't find references to L> exactly HOW to use it. L> All I want is for a poster to a list to put an Approved line as L>

[Mailman-Users] Approved: Header

I checked the FAQ for info on the Approved header, but although I found references to using it, I didn't find references to exactly HOW to use it. All I want is for a poster to a list to put an Approved line as the first line of the body and then have that line stripped before the message is p

Re: [Mailman-Users] Approved header option

> "KW" == Kory Wheatley <[EMAIL PROTECTED]> writes: KW> In mailman 2.1b.1 How do you use the Approved:password to send KW> your message to a moderated list. I'm the owner and I have the KW> Emergency Moderation turned on and I what to send my message KW> through. I don't want

[Mailman-Users] Approved header option

In mailman 2.1b.1 How do you use the Approved:password to send your message to a moderated list. I'm the owner and I have the Emergency Moderation turned on and I what to send my message through. I don't want to use the Pending Administrative requests web interface to do this. I know in majordo

Re: [Mailman-Users] Approved header

> "JT" == James Thompson <[EMAIL PROTECTED]> writes: JT> For what it's worth. The Approve.py handler in mailman does JT> seem to check for the Approved: header and will compare it's JT> value to the mail list admin password. It looks like this JT> should work fine from what

Re: [Mailman-Users] Approved header

> For what it's worth. The Approve.py handler in mailman does seem to check > for the Approved: header and will compare it's value to the mail list > admin password. It looks like this should work fine from what I've found > in the source. However, it doesn't seem to. > > Is there any way t

Re: [Mailman-Users] Approved header

For what it's worth. The Approve.py handler in mailman does seem to check for the Approved: header and will compare it's value to the mail list admin password. It looks like this should work fine from what I've found in the source. However, it doesn't seem to. Is there any way to make mailm

Re: [Mailman-Users] Approved header

On Fri, Feb 02, 2001 at 08:26:33PM +, Dominic Hargreaves wrote: > > Does majordomo remove the Approved header while forwarding messages? If not, > > finding out the password is even more trivial than forging From:. > > Yes, it does. In that case, I stand corrected. Thanks for straightening

Re: [Mailman-Users] Approved header

On Fri, Feb 02, 2001 at 02:24:07PM -0600, Dave Sherohman wrote: > On Fri, Feb 02, 2001 at 04:01:25PM +, Dominic Hargreaves wrote: > > No, this is not the case. Approved headers, while perhaps slightly > > inelegant, are more secure (FSVO "secure") than simply allowing a set of > > posters to

Re: [Mailman-Users] Approved header

On Fri, Feb 02, 2001 at 04:01:25PM +, Dominic Hargreaves wrote: > No, this is not the case. Approved headers, while perhaps slightly > inelegant, are more secure (FSVO "secure") than simply allowing a set of > posters to post. Anyone can trivially fake a "From" header in an email > address,

Re: [Mailman-Users] Approved header

On Fri, Feb 02, 2001 at 09:11:14AM -0600, Dave Sherohman wrote: > On Fri, Feb 02, 2001 at 08:46:42AM -0600, James Thompson wrote: > > First, Mailman doesn't seem to allow a user to type > > Approved: Password > > > > as the first line of the mail to the list to bypass the approval by the > > adm

Re: [Mailman-Users] Approved header

On Fri, Feb 02, 2001 at 08:46:42AM -0600, James Thompson wrote: > First, Mailman doesn't seem to allow a user to type > Approved: Password > > as the first line of the mail to the list to bypass the approval by the > administrator. The user doesn't want to maintain the list of posters that > by

[Mailman-Users] Approved header

My last majordomo user has decided to move their lists to Mailman. Yea! However they had some questions I couldn't answer. First, Mailman doesn't seem to allow a user to type Approved: Password as the first line of the mail to the list to bypass the approval by the administrator. The user do