On Sunday 03 February 2002 03:20, Matthias Jaenichen wrote: > Hi, > > As we have chosen to use SSL with the Mailman-Interface it would be nice > to get more protection for the passwords. > > 1.) How can we send the list reminders without the PWs?
Remove the job out of mailman's cron that sends out the reminder. Add your own message and have cron send that instead, if you want a monthly reminder. > > 2.) How can we limit User- and Listadministration from WEB only (no > e-mail)? Set the list so that it does not look for Administriva, then reroute the list-request alias to /dev/null or to an autoresponder that sends back a note telling folks to use the web. > > 3.) What about the e-mail itself? Any ideas, how to encrypt the e-mails, > so that non-list-members will not be able to read them? This is interesting... There are actually MTA's that will do this for you - that will encrypt the mail leaving the server, and decrypt the mail coming to the server. You could also run the mail bodies through a pre-processor that encrypted the bodies using something like gpg. Procmail will allow you to do this. For it to work properly, you will need to have a savvy user group. They will have to be smart enough to decrypt the message on their end. > > 4.) Certainly there are more steps to be taken to make MailMan more > secure. We have already chosen QMail, Apache and RSBAC to protect the > system but are there any plans/implementations to improve MailMan in such > direction? I can't speak for the direction of Mailman. It's open source though, so feel free to pull it in the direction you would like to see it go. All contributions are accepted. Jon Carnes ------------------------------------------------------ Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
