On 05/31/2018 09:33 PM, incoming-pythonli...@rjl.com wrote:
I wrote scripts that read the list and generated a rule per network.
It can be slow, but has worked reliably for many years. Since it is a
mailserver, performance has not been a big issue. I am in the process
of designing a replaceme
On 05/31/2018 06:24 PM, Grant Taylor via Mailman-Users wrote:
>
>> There are many ways to implement the same thing. Before there were
>> modules in the kernel for this, I simply pulled lists of address
>> blocks out of databases and incorporated them into my IPtables
>> lists. There are better to
On 05/31/2018 06:37 PM, incoming-pythonli...@rjl.com wrote:
Both are valid alternatives. There may be performance advantages,
to stopping attacks at the firewall level instead of higher up in the
application stack.
Agreed, on both accounts.
Firewalls also have a tendency to protect multiple
On 05/31/2018 11:25 AM, Grant Taylor via Mailman-Users wrote:
> I feel like I'm missing something and as such have some questions.
>
> On 05/31/2018 11:42 AM, incoming-pythonli...@rjl.com wrote:
>> Depending on where your users are coming from, it might be easier to
>> limit access to the GUI using
On 05/31/2018 04:52 PM, Grant Taylor via Mailman-Users wrote:
> On 05/31/2018 03:05 PM, Dimitri Maziuk wrote:
>> What exactly is it about mailman usernames and passwords that you are
>> trying to protect with HTTPS?
>
> I wasn't talking about Mailman usernames (email addresses) and
> passwords. I
On 05/31/2018 03:05 PM, Dimitri Maziuk wrote:
What exactly is it about mailman usernames and passwords that you are
trying to protect with HTTPS?
I wasn't talking about Mailman usernames (email addresses) and
passwords. I was talking about the usernames and passwords for Basic
HTTP(S) authen
On 05/31/2018 02:40 PM, Grant Taylor via Mailman-Users wrote:
> On 05/31/2018 01:18 PM, Dimitri Maziuk wrote:
>> Yeah, I too once thought that was a good idea.
>
> I'm not quite following you. Are you saying that you now dislike
> HTTP(S) usernames & passwords specifically?
I do dislike the HTTP
On 05/31/2018 01:18 PM, Dimitri Maziuk wrote:
Yeah, I too once thought that was a good idea.
I'm not quite following you. Are you saying that you now dislike
HTTP(S) usernames & passwords specifically? Or are you saying that you
dislike hosting something yourself?
And then heartbleed came
On 05/31/2018 01:25 PM, Grant Taylor via Mailman-Users wrote:
> On 05/30/2018 03:36 PM, Parker, Michael D. wrote:
>> I've been assigned the task of attempting to secure our current
>> implementation of GNU MailMan.
>
> One thing that I've not seen (or missed) in this thread is the idea of
> levera
I feel like I'm missing something and as such have some questions.
On 05/31/2018 11:42 AM, incoming-pythonli...@rjl.com wrote:
Depending on where your users are coming from, it might be easier to
limit access to the GUI using a firewall.
Why are you using a firewall instead of leveraging the w
On 05/31/2018 12:25 PM, Grant Taylor wrote:
IMHO the web server has a LOT more experience at user access control
than most web applications. As such, I feel like the web server probably
has a better handle on how to do it.
Apache (and I suspect Nginx) has the ability to use client side TLS
ce
On 05/30/2018 03:36 PM, Parker, Michael D. wrote:
I've been assigned the task of attempting to secure our current
implementation of GNU MailMan.
One thing that I've not seen (or missed) in this thread is the idea of
leveraging HTTPS usernames and passwords to protect the web interface.
IMHO
On 05/31/2018 09:52 AM, Mark Sapiro wrote:
> On 05/31/2018 08:10 AM, Carl Zwanzig wrote:
>
>>> 3. Can user passwords be eliminated and have the list
>>> administrator make any user adjustments which should not be necessary?
>> At a great loss of utility, sure. This would require a code change
On 05/31/2018 08:10 AM, Carl Zwanzig wrote:
> I'm sure Mark has more complete answers, but diving in anyways :)
Carl's answers are good, but to add a bit ...
> On 5/30/2018 2:36 PM, Parker, Michael D. wrote:
>
>> Some of the initial items that have been directed my way:
>> 1. Can archivi
I'm sure Mark has more complete answers, but diving in anyways :)
On 5/30/2018 2:36 PM, Parker, Michael D. wrote:
I've been assigned the task of attempting to secure our current implementation
of GNU MailMan.
You're probably better off changing to MM3, but if you have to stay with v2--
What
I've been assigned the task of attempting to secure our current implementation
of GNU MailMan.
Have any of you out there done this?
What did you do?
Some of the initial items that have been directed my way:
1. Can archiving be totally and permanently be eliminated?
2. How and wh
16 matches
Mail list logo
