> > The problem remains, however: How do I prevent spoofing? In this case they > have a real fear due to a board member who is soon to be ejected from the > board and have organizational membership taken away. They feel he is capable > (both emotionally and technically) of major disturbances on one or more of > about a dozen mailing lists the organization maintains. > > What makes this even more of a challenge¹ is that the account is on a > shared server. > I think that you're trying to deal with a sociological problem here. I'll presume that the organization is prepared to make a statement about this personnel action. In general, that's a Public Relations issue, not a technological one.
I'll also presume that the individual who is involved does not have administrative access (root, etc.) to the Mailman host site. The site administrator(s) need to be informed of the action that is about to take place, and told to secure the site appropriately, etc. So far as handling any fall-out from this action on one or more mail lists, I'll suggest that you have list moderators (list administrator level, but the job is "moderation") prepared to weather developments. It would be very wise to have somebody in a list administration role who is prepared to handle Public Relations handling of the fallout from this action. Technically, start with embargoing the individual's known accounts (unsubscribe, or at least put on moderation, and use the Mailman filters to catch probable variations, prevent posting from non-registered addresses, and require moderator review of new subscriptions). Then, wait for developments. Experience with this sort of thing suggests that the problem individual will try to post, and will ultimately succeed, but will have built up such a head of steam that the post will lose whatever support the individual might have had. Mailman has some very good resources a savvy moderator can use effectively for damage control. The ultimate weapon, of course, is putting the entire list on emergency moderation. I won't go into detail here, but the major list I set up a Mailman host site for survived a split between the two co-founders, in which one was "fired," about three years ago. The individual who was removed did have several "bogey" addresses, and once he discovered that his main addresses were moderated, blew a fuse and posted a couple of real flames, some months afterward. Net effect: six resignations (out of 2500 members), and some offlist discussion about "if this is the way the guy really is, who needs him?" Hank ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
