[Mailman-Users] Archive browsing question
From a web browser, non-members of a mail list can browse the archives. Is this a correct statement? For example, if I am NOT a member of mail-list, I can still go to http://mailman/pipermail/mail-list and browse the archives. Now, there must be a way to block non-members to browse the archives of mail-list In todays security world there sure must be a way. I would like to know others experiences. Thanks Elvis -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Archive browsing question
On Mon, 2005-12-19 at 11:47 -0800, Elvis Fernandes wrote: From a web browser, non-members of a mail list can browse the archives. Is this a correct statement? For example, if I am NOT a member of mail-list, I can still go to http://mailman/pipermail/mail-list and browse the archives. Now, there must be a way to block non-members to browse the archives of mail-list In todays security world there sure must be a way. I would like to know others experiences. Some lists are appropriate for public consumption, some are not. That is why mailman supports both public and private archives, it is a per list configuration. However please note, the security protection on the private archives is not terribly strong, it requires only a username/password, something which by default is mailed in the clear once a month. Security in general was not a prime design point for mailman, a limitation which is recognized and hopefully will be better addressed in MM 3.0. If you have very sensitive information in your archives you may want to consider an alternate solution. -- John Dennis [EMAIL PROTECTED] -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Archive browsing question
Making the archives private with a username / passwd access will be okay to start with. Make the archive private on the list's Archiving Options page. This will remove the symlinks from the archives/public/ directory I see that the links are removed. and force archive access to be via http://example.com/mailman/private That works! Thanks Elvis On 12/19/05, Mark Sapiro [EMAIL PROTECTED] wrote: Elvis Fernandes wrote: From a web browser, non-members of a mail list can browse the archives. Is this a correct statement? Only if the archives are public. Now, there must be a way to block non-members to browse the archives of mail-list Make the archive private on the list's Archiving Options page. This will remove the symlinks from the archives/public/ directory and force archive access to be via http://example.com/mailman/private. The links on admin and listinfo pages will use the private url, so everything will work except perhaps for old links that people have saved or posted in messages. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Archive browsing question
Elvis Fernandes wrote: From a web browser, non-members of a mail list can browse the archives. Is this a correct statement? Only if the archives are public. Now, there must be a way to block non-members to browse the archives of mail-list Make the archive private on the list's Archiving Options page. This will remove the symlinks from the archives/public/ directory and force archive access to be via http://example.com/mailman/private. The links on admin and listinfo pages will use the private url, so everything will work except perhaps for old links that people have saved or posted in messages. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Archive browsing question
I guess I spoke too early! When I go to http://example.com/mailman/private/mail-list , the screen displays The mail-list Archives. But when I click on [thread] [Subject] [Author] [Date], it comes back with the screen No such list 2005-december Am I missing something? Any info will be appreciated. Thanks Elvis On 12/19/05, Elvis Fernandes [EMAIL PROTECTED] wrote: Making the archives private with a username / passwd access will be okay to start with. Make the archive private on the list's Archiving Options page. This will remove the symlinks from the archives/public/ directory I see that the links are removed. and force archive access to be via http://example.com/mailman/private That works! Thanks Elvis On 12/19/05, Mark Sapiro [EMAIL PROTECTED] wrote: Elvis Fernandes wrote: From a web browser, non-members of a mail list can browse the archives. Is this a correct statement? Only if the archives are public. Now, there must be a way to block non-members to browse the archives of mail-list Make the archive private on the list's Archiving Options page. This will remove the symlinks from the archives/public/ directory and force archive access to be via http://example.com/mailman/private. The links on admin and listinfo pages will use the private url, so everything will work except perhaps for old links that people have saved or posted in messages. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Archive browsing question
Elvis Fernandes wrote: I guess I spoke too early! When I go to http://example.com/mailman/private/mail-list , the screen displays The mail-list Archives. But when I click on [thread] [Subject] [Author] [Date], it comes back with the screen No such list 2005-december Try going to http://example.com/mailman/private/mail-list/ If the URL doesn't end in a slash, the browser will think the relative link in the archives is relative to the previous slash. Where did the http://example.com/mailman/private/mail-list URL come from? Was this a link on a Mailman page or did you just type it? -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Archive browsing question
Okay, going to http://example.com/mailman/private/mail-list/ does work. Where did the http://example.com/mailman/private/mail-list URL come from? Was this a link on a Mailman page or did you just type it? I typed it. When I go to http://example.com/mailman/private the screen tells me You must specify a list. So I specified mail-list. Now I know that the trailing / needs to be there. Thanks! Elvis On 12/19/05, Mark Sapiro [EMAIL PROTECTED] wrote: Elvis Fernandes wrote: I guess I spoke too early! When I go to http://example.com/mailman/private/mail-list , the screen displays The mail-list Archives. But when I click on [thread] [Subject] [Author] [Date], it comes back with the screen No such list 2005-december Try going to http://example.com/mailman/private/mail-list/ If the URL doesn't end in a slash, the browser will think the relative link in the archives is relative to the previous slash. Where did the http://example.com/mailman/private/mail-list URL come from? Was this a link on a Mailman page or did you just type it? -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
