Hien HUYNH HUU wrote:
Again about this issue ,
Please guide me how to configure Approve Header for email policy ? And I
wonder If using Microsoft Outlook or Outlook Express to send mail to list ,
can user set header for him ?
I am not an Outlook expert by any means, but I don't think
=sbsc.com...@python.org
[mailto:mailman-users-bounces+hien.hh=sbsc.com...@python.org] On Behalf Of
Barry Warsaw
Sent: Wednesday, November 11, 2009 12:15 PM
To: Conrad Richter
Cc: Mailman-Users@python.org
Subject: Re: [Mailman-Users] Fake Email
On Oct 31, 2009, at 12:47 PM, Conrad Richter wrote
Conrad Richter wrote:
Another way to deal with this is sender confirmation by email, where,
like subscriber confirmation by email, a message is sent with a
confirmation link. Mailman doesn't have this capability presently but it
seems to me that since it already has subscriber confirmation, it
On Oct 31, 2009, at 10:54 AM, Todd Zullinger wrote:
I don't know if the patches at http://non-gnu.uvt.nl/mailman-ssls/
would be helpful here or not. It's an attempt to add some OpenPGP and
S/MIME capabilities to Mailman.
I'll take a closer look at some point, but I suspect they won't be
On Oct 31, 2009, at 12:47 PM, Conrad Richter wrote:
Another way to deal with this is sender confirmation by email, where,
like subscriber confirmation by email, a message is sent with a
confirmation link. Mailman doesn't have this capability presently
but it
seems to me that since it already
Barry Warsaw wrote:
On Oct 31, 2009, at 1:28 AM, Stephen J. Turnbull wrote:
A better way to do this would be to set up the MTA on Mailman's host
to only deliver to the list address (ie, Mailman) if the sender has
been authenticated (eg, with TLS).
Or to use digital signatures for sender
Barry Warsaw wrote:
On Oct 31, 2009, at 1:28 AM, Stephen J. Turnbull wrote:
A better way to do this would be to set up the MTA on Mailman's host
to only deliver to the list address (ie, Mailman) if the sender has
been authenticated (eg, with TLS).
Or to use digital signatures for sender
Barry Warsaw wrote:
On Oct 31, 2009, at 1:28 AM, Stephen J. Turnbull wrote:
A better way to do this would be to set up the MTA on Mailman's host
to only deliver to the list address (ie, Mailman) if the sender has
been authenticated (eg, with TLS).
Or to use digital signatures for sender
: Saturday, October 31, 2009 12:28 PM
To: Hien HUYNH HUU
Cc: mailman-users@python.org
Subject: [Mailman-Users] Fake Email
Hien HUYNH HUU writes:
I recognize that mailman can accept a fake sender . Example, I
have a maillist with only an email account (x...@abc.com) can
send messages
Hi,
HOw would you propose such verification of the authenticity of a sender be
performed in Mailman?
It's hard enough to do anyway, but as has been pointed out, it's probably
more the function of the MTA than of Mailman. The MTA can do things like
insist on client-side certificates and
Hien HUYNH HUU wrote:
Hi Stephen,
I can't do that because may be the sender is on another MTA and mailman
server can't force they do an authentication.
Is this a weak point of Mailman ?
They still could connect and authenticate to the Mailman server's MTA
for list posting purposes.
If
Hien HUYNH HUU writes:
Hi Stephen,
I can't do that because may be the sender is on another MTA and mailman
server can't force they do an authentication.
Is this a weak point of Mailman ?
No, this is a weak point of your MTA. The MTA has all the information
needed, and in
On Nov 1, 2009, at 9:06 PM, Stephen J. Turnbull wrote:
If you really want Mailman to do the authentication, you can either
use the Approved header field, which is not very secure, or you can
use the 3rd-party patch to use public-key signatures which somebody
else mentioned. I'm pretty sure
On Oct 31, 2009, at 1:28 AM, Stephen J. Turnbull wrote:
A better way to do this would be to set up the MTA on Mailman's host
to only deliver to the list address (ie, Mailman) if the sender has
been authenticated (eg, with TLS).
Or to use digital signatures for sender verification. This is
Barry Warsaw wrote:
On Oct 31, 2009, at 1:28 AM, Stephen J. Turnbull wrote:
A better way to do this would be to set up the MTA on Mailman's host
to only deliver to the list address (ie, Mailman) if the sender has
been authenticated (eg, with TLS).
Or to use digital signatures for sender
Dear all,
I recognize that mailman can accept a fake sender . Example, I have a
maillist with only an email account (x...@abc.com) can send messages to all
emails in the list. But , if someone can send a fake From address is
x...@abc.com, mailman will delivery messages to the list . This is
Hien HUYNH HUU writes:
I recognize that mailman can accept a fake sender . Example, I
have a maillist with only an email account (x...@abc.com) can
send messages to all emails in the list. But , if someone can
send a fake From address is x...@abc.com, mailman will delivery
17 matches
Mail list logo