Re: [Mailman-Users] Approved header, mailman password and security
On Mon, 25 Apr 2011, Mark Sapiro wrote: I have created a tracker item at https://bugs.launchpad.net/mailman/+bug/770581 for this and implemented it for Mailman 2.1.15. Hi Mark, It's nice to return from a prolonged weekend to find this in the mailbox :) Thanks a lot ! PS I broke the news on github as well for future reference: https://github.com/github/github-services/pull/84 Kind regards, -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- dagit linux solutions, i...@dagit.net, http://dagit.net/ [Any errors in spelling, tact or fact are transmission errors] -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Approved header, mailman password and security
I have created a tracker item at https://bugs.launchpad.net/mailman/+bug/770581 for this and implemented it for Mailman 2.1.15. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Approved header, mailman password and security
On Thu, 14 Apr 2011, Dag Wieers wrote: We have been using the Approved header as a way to automatically approve commit logs to a read-only mailinglist. We recently moved our infrastructure to github and I wrote a patch to the github Email service hook to add an Approved header. https://github.com/github/github-services/pull/84 Now the problem of course is that this secret currently is either the list admin or the list moderator password, which is far from secure. Especially if the mails are not created on the mailman list server. So I would propose to allow to set a separate secret used for approved messages. If compromised, it's easy to change that secret on both sides. Is this acceptable ? I received no feedback on this. Shall I open a ticket for this, or is this not considered valuable ? -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- dagit linux solutions, i...@dagit.net, http://dagit.net/ [Any errors in spelling, tact or fact are transmission errors] -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Approved header, mailman password and security
Dag Wieers wrote: On Thu, 14 Apr 2011, Dag Wieers wrote: We have been using the Approved header as a way to automatically approve commit logs to a read-only mailinglist. We recently moved our infrastructure to github and I wrote a patch to the github Email service hook to add an Approved header. https://github.com/github/github-services/pull/84 Now the problem of course is that this secret currently is either the list admin or the list moderator password, which is far from secure. Especially if the mails are not created on the mailman list server. So I would propose to allow to set a separate secret used for approved messages. If compromised, it's easy to change that secret on both sides. Is this acceptable ? I received no feedback on this. Shall I open a ticket for this, or is this not considered valuable ? Sorry for not responding sooner. I do think it is a good idea. Although many lists do not need separate admins and moderators and could thus use the moderator password in this way, I think a separate 'posters' password would be a valuable change. The problem is Mailman 2.1 is supposed to be feature frozen, and this is a rather extensive change involving the web GUI to set the password, and list migration changes to ensure that list objects have the poster password attribute. We can certainly consider this for MM3. Please open a tracker item at https://bugs.launchpad.net/mailman/+filebug, and I'll see what I can do. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Approved header, mailman password and security
Hi, We have been using the Approved header as a way to automtically approve commit logs to a read-only mailinglist. We recently moved our infrastructure to github and I wrote a patch to the github Email service hook to add an Approved header. https://github.com/github/github-services/pull/84 Now the problem of course is that this secret currently is either the list admin or the list moderator password, which is far from secure. Especially if the mails are not created on the mailman list server. So I would propose to allow to set a separate secret used for approved messages. If compromised, it's easy to change that secret on both sides. Is this acceptable ? Thanks in advance -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- dagit linux solutions, i...@dagit.net, http://dagit.net/ [Any errors in spelling, tact or fact are transmission errors] -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Approved header problem
--- Mark Sapiro [EMAIL PROTECTED] wrote: If not, try sending the message to the list with a Bcc: to yourself. Then, if possible, examine the raw message received via Bcc:. It may not be sufficient to look at it in Agent, unless Agent can show you the raw message as received. You may be able to save it to a file from Agent and examine that with an editor, or possibly view Agent's mail folder with an editor. Good idea, provided good information. I tried the Bcc trick last night, and the header line did not come through, even though it appears in the copy in the Sent folder of my email program. I have to assume that Yahoo is removing the line on the outbound side. I have one email account with a different service I can try, but it will take some setting up. Roy Harvey Beacon Falls, CT -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved header problem
Mark Sapiro schrieb: It may not be sufficient to look at it in Agent, unless Agent can show you the raw message as received. It can. You may be able to save it to a file from Agent and examine that with an editor, That is possible, too. -thh -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved header problem
--- Mark Sapiro [EMAIL PROTECTED] wrote: First, the order of the headers is not relevant. Mailman will find the Approved: header wherever it is and remove it from any message delivered to the list members. If the Approved: header contains the correct list password without any trailing whitespace, the message will be marked approved. The idea of position among the header lines did not seem like it should matter. Thanks for the confirmation. Second, how does this protect you against revealing the password by sending it to the wrong place? You could still add the Approved: header to an email to a non-list address. My email program, Agent, provides a way to associate specific personas with specific destination addresses. I created a new persona just for this broadcast list. The special header line is associated with the persona. As long as I don't link the persona with any other target address I should be fine. Third, this is a cPanel Mailman so there could be a cPanel issue involved. See FAQ 6.11 http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq06.011.htp. When I started the list I read up on Mailman, but cPanel is new to me. Thanks for the pointer, I will look into that angle. But, I suspect the issue is trailing whitespace on the Approved: password header. I.e., if the password is aBc123, 'Approved: aBc123' will work, as will 'Approve: aBc123' and even 'Approved: aBc123', but 'Approved: aBc123 ' will not. When I view the outgoing message in my Sent folder, and show all header fields, I am not seeing any trailing blank. When I edit the item in my email program where the password is entered there is no trailing blank. Which is not to say that there isn't one when it is sent, just that I can't see one. I will try saving the password again, perhaps that will do it. Thanks for your help. Roy Harvey Beacon Falls, CT -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved header problem
Roy Harvey wrote: --- Mark Sapiro [EMAIL PROTECTED] wrote: Second, how does this protect you against revealing the password by sending it to the wrong place? You could still add the Approved: header to an email to a non-list address. My email program, Agent, provides a way to associate specific personas with specific destination addresses. I created a new persona just for this broadcast list. The special header line is associated with the persona. As long as I don't link the persona with any other target address I should be fine. As long as you don't Cc: or Bcc: anyone other than the list with this persona. When I view the outgoing message in my Sent folder, and show all header fields, I am not seeing any trailing blank. When I edit the item in my email program where the password is entered there is no trailing blank. Which is not to say that there isn't one when it is sent, just that I can't see one. I will try saving the password again, perhaps that will do it. If not, try sending the message to the list with a Bcc: to yourself. Then, if possible, examine the raw message received via Bcc:. It may not be sufficient to look at it in Agent, unless Agent can show you the raw message as received. You may be able to save it to a file from Agent and examine that with an editor, or possibly view Agent's mail folder with an editor. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Approved header problem
I've been using Mailman with great success for almost 9 months through EMWD (http://www.emwd.com/mailman.html). Now I have a question that I have been unable to find a match to in the old messages or FAQ. Following the instructions in the FAQ entry 3.11, How do I create a newsletter/announcement/one-way list?, I have been sending to an announcement list for months by adding the Approved: password line at the start of the message text. But sometimes I screw up and past it into the wrong email, and then have to change the password. In an attempt to avoid that mistake I figured out how to make my email program add this as a actual header line. It adds it as the third header line, after the From and To, before the Subject. But Mailman, running version 2.1.9.cp2, rejects it and sends it back as it would if I left the Approved out. Does anyone have any ideas? I see no way in my email program to control the position of the Approved header item in the list. Thanks! Roy Harvey Beacon Falls, CT -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved header problem
Roy Harvey wrote: But sometimes I screw up and past it into the wrong email, and then have to change the password. In an attempt to avoid that mistake I figured out how to make my email program add this as a actual header line. It adds it as the third header line, after the From and To, before the Subject. But Mailman, running version 2.1.9.cp2, rejects it and sends it back as it would if I left the Approved out. Does anyone have any ideas? I see no way in my email program to control the position of the Approved header item in the list. First, the order of the headers is not relevant. Mailman will find the Approved: header wherever it is and remove it from any message delivered to the list members. If the Approved: header contains the correct list password without any trailing whitespace, the message will be marked approved. Second, how does this protect you against revealing the password by sending it to the wrong place? You could still add the Approved: header to an email to a non-list address. Third, this is a cPanel Mailman so there could be a cPanel issue involved. See FAQ 6.11 http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq06.011.htp. But, I suspect the issue is trailing whitespace on the Approved: password header. I.e., if the password is aBc123, 'Approved: aBc123' will work, as will 'Approve: aBc123' and even 'Approved:aBc123', but 'Approved: aBc123 ' will not. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved: header (was: Batch member attributes)
Jim Popovitch wrote: This is a question that has been bugging me for a while. If a moderator adds an Approved: xx header but misspells Approved, then their password goes on to the list for all to see. Without setting filters for each and every password (esp., moderator passwords which I prefer admins to not know, and vice versa) is it a good idea to add a feature to Mailman that would automatically hold emails that contained an admin or moderator password in the first few lines of the email body? Well, we already accept Approve: and are case insensitive. Beyond that, it might be difficult in general because we don't have a plain text password to look for, so we would need to check every 'word' against the admin and moderator passwords and maybe the site password just in case someone thought it could be used here, and we still wouldn't catch a misspelled password or one with an extra space in it. Consider the possibility that someone had a hand shifted on the keyboard and mistyped both Approved: and the password. It would be fairly easy for a human to figure out what happened and decode the password, but I don't know how to program it's detection in advance. There are some possibilities to consider. We could hold any post with a header like line in the body that wasn't Subject: or Keywords:, but is this necessary? Presumably, if approve(d) is misspelled, the post will be held anyway. If not, why are we putting an approved line there in the first place? -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved: header
Mark Sapiro wrote: Presumably, if approve(d) is misspelled, the post will be held anyway. If not, why are we putting an approved line there in the first place? Now that is a good thought to ponder. Thanks Mark. -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Approved: header (was: Batch member attributes)
Mark Sapiro wrote: A much better way is to give these authorized posters the moderator password for the lists and have them post using an Approved: header or first body line. Although, if they reallty need 80 different passwords each, I can see that would be quite a pain. This is a question that has been bugging me for a while. If a moderator adds an Approved: xx header but misspells Approved, then their password goes on to the list for all to see. Without setting filters for each and every password (esp., moderator passwords which I prefer admins to not know, and vice versa) is it a good idea to add a feature to Mailman that would automatically hold emails that contained an admin or moderator password in the first few lines of the email body? -Jim P -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Approved: header not stripped from mail delivered to list...
Hi! After trying out the Approved: list-moderator-pwd as the first line in the content of a mail I wanted to post to a (test) list, as described in some archive entries of the mailman-users mailing list, I found out that my mail was ideed posted to the list passing through moderation but the header-like first line I had added for that porpose was not stripped as it was supposed to be. What has gone wrong? Thanks a lot, katharina -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Approved: header not stripped from mail delivered to list...
On Apr 22, 2005, at 17:41, Katharina wrote: After trying out the Approved: list-moderator-pwd as the first line in the content of a mail I wanted to post to a (test) list, as described in some archive entries of the mailman-users mailing list, I found out that my mail was ideed posted to the list passing through moderation but the header-like first line I had added for that porpose was not stripped as it was supposed to be. What has gone wrong? Did your message consist of only a single plain-text part? (The Approved: header is not stripped from other parts, like an RTF or HTML version in a multipart-alternative message.) -- Jim Tittsler http://www.OnJapan.net/ GPG: 0x01159DB6 Python Starship http://Starship.Python.net/crew/jwt/ Mailman IRC irc://irc.freenode.net/#mailman -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Approved header ?
Hello. I was reading the 3.11 Mailman FAQ Section and I quote: `How to post to the announcement list: [..] A more secure alternative is for your approved posters to add an Approved header to their postings as a header, or as the first line of the post.´ Well, the poster in my environment uses Mozilla Mail 1.7.3 to post messages and I don't know how to customize Mozilla headers. On the other hand I can't figure out how's that thing of using a `first line of the post´. Every thing I post in the message body will be delivered to all subscribers!, won't it? TIA -- Arlequín _o) amahoro_AT_adinet_DOT_com_DOT_uy / \\ http://counter.li.org/ _(___V Linux Registered User #207262 -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Re: [Mailman-Users] Approved header ?
Arlequín wrote: On the other hand I can't figure out how's that thing of using a `first line of the post´. Every thing I post in the message body will be delivered to all subscribers!, won't it? No. If you put the Approved: password line as the first line of the body , Mailman will recognize it as the header and remove it from the body. Follow it with a blank line because the line following the Approved: line is removed too (in Mailman 2.1.4 anyway). -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
[Mailman-Users] Approved: Header
I checked the FAQ for info on the Approved header, but although I found references to using it, I didn't find references to exactly HOW to use it. All I want is for a poster to a list to put an Approved line as the first line of the body and then have that line stripped before the message is passed to the list. How do I set this up and what needs to be on the approved line? -- The older you get the more you need the people you knew when you were young. -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Approved: Header
L == LuKreme [EMAIL PROTECTED] writes: L I checked the FAQ for info on the Approved header, but although L I found references to using it, I didn't find references to L exactly HOW to use it. L All I want is for a poster to a list to put an Approved line as L the first line of the body and then have that line stripped L before the message is passed to the list. L How do I set this up and what needs to be on the approved line? You don't need to do anything to set this up. Say you have a list with an admin password of geddy. If a non-member (or otherwise unapproved poster) sends a message to the list with a regular mail header of Approved: geddy then the message, which normally would be held or bounced, goes through to the list without moderation. Putting that line as the first non-whitespace line in the body of the message is equivalent. In both cases, the header and/or body line is removed before the message is forwarded. Approve: passwd is a synonym. Both the list admin password and the moderator password is accepted. Note that there's a related feature; if the header is Urgent: with the appropriate password, then the message is sent to all members immediately, including digest members (who get it twice -- once immediately and once in the digest). -Barry -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Approved header option
KW == Kory Wheatley [EMAIL PROTECTED] writes: KW In mailman 2.1b.1 How do you use the Approved:password to send KW your message to a moderated list. I'm the owner and I have the KW Emergency Moderation turned on and I what to send my message KW through. I don't want to use the Pending Administrative KW requests web interface to do this. I know in majordomo you can KW do this by adding Approved:password to the email message and KW sending it back through. How is this done in Mailman. Same way! Did you try it? :) Note that Mailman accepts Approved: password or Approve: password because I can never remember what the defacto standard is. :) -Barry -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
[Mailman-Users] Approved header option
In mailman 2.1b.1 How do you use the Approved:password to send your message to a moderated list. I'm the owner and I have the Emergency Moderation turned on and I what to send my message through. I don't want to use the Pending Administrative requests web interface to do this. I know in majordomo you can do this by adding Approved:password to the email message and sending it back through. How is this done in Mailman. -- # Kory Wheatley Academic Computing Analyst Sr. Phone 282-3874 # Everything must point to him. -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Re: [Mailman-Users] Approved header
"JT" == James Thompson [EMAIL PROTECTED] writes: JT For what it's worth. The Approve.py handler in mailman does JT seem to check for the Approved: header and will compare it's JT value to the mail list admin password. It looks like this JT should work fine from what I've found in the source. However, JT it doesn't seem to. JT Is there any way to make mailman produce some type of JT debugging output? James, did you ever get more information about this problem? Mailman definitely supports Approved: headers and it works fine for me testing against MM2.0.1 and the current CVS snapshot. From your original message though, it seems like you're asking about adding Approved: to the first line of the /body/ of the message instead of the headers. No, Mailman does not support that. -Barry -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
[Mailman-Users] Approved header
My last majordomo user has decided to move their lists to Mailman. Yea! However they had some questions I couldn't answer. First, Mailman doesn't seem to allow a user to type Approved: Password as the first line of the mail to the list to bypass the approval by the administrator. The user doesn't want to maintain the list of posters that bypass approval. So this is holding up the migration of 3 lists. Is this not supported? Thanks. Jamest -- James Thompson138 Cardwell Hall Manhattan, Ks 66506785-532-0561 Kansas State University Department of Mathematics -- -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Approved header
On Fri, Feb 02, 2001 at 09:11:14AM -0600, Dave Sherohman wrote: On Fri, Feb 02, 2001 at 08:46:42AM -0600, James Thompson wrote: First, Mailman doesn't seem to allow a user to type Approved: Password as the first line of the mail to the list to bypass the approval by the administrator. The user doesn't want to maintain the list of posters that bypass approval. So this is holding up the migration of 3 lists. Is this not supported? No. Mailman doesn't use an Approved header, so adding one has no effect. (Incidentally, what you describe seems like a very ugly, labor-intensive, insecure, and just plain *wrong* way of allowing multiple people to post to a moderated list. I can't see how allowing list members to bypass moderation could be a Good Thing. Shame on majordomo!) No, this is not the case. Approved headers, while perhaps slightly inelegant, are more secure (FSVO "secure") than simply allowing a set of posters to post. Anyone can trivially fake a "From" header in an email address, whereas with an approved header you need to know the password. -- Dominic Hargreaves | http://dom.magd.ox.ac.uk/ You can get my PGP key from my web site. "Only two things are infinite: the Universe and human stupidity, and I'm not sure about the former" - Albert Einstein -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Approved header
On Fri, Feb 02, 2001 at 04:01:25PM +, Dominic Hargreaves wrote: No, this is not the case. Approved headers, while perhaps slightly inelegant, are more secure (FSVO "secure") than simply allowing a set of posters to post. Anyone can trivially fake a "From" header in an email address, whereas with an approved header you need to know the password. Does majordomo remove the Approved header while forwarding messages? If not, finding out the password is even more trivial than forging From:. -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P+ L+++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+ -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Approved header
On Fri, Feb 02, 2001 at 02:24:07PM -0600, Dave Sherohman wrote: On Fri, Feb 02, 2001 at 04:01:25PM +, Dominic Hargreaves wrote: No, this is not the case. Approved headers, while perhaps slightly inelegant, are more secure (FSVO "secure") than simply allowing a set of posters to post. Anyone can trivially fake a "From" header in an email address, whereas with an approved header you need to know the password. Does majordomo remove the Approved header while forwarding messages? If not, finding out the password is even more trivial than forging From:. Yes, it does. -- Dominic Hargreaves | http://dom.magd.ox.ac.uk/ You can get my PGP key from my web site. "Only two things are infinite: the Universe and human stupidity, and I'm not sure about the former" - Albert Einstein -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Approved header
On Fri, Feb 02, 2001 at 08:26:33PM +, Dominic Hargreaves wrote: Does majordomo remove the Approved header while forwarding messages? If not, finding out the password is even more trivial than forging From:. Yes, it does. In that case, I stand corrected. Thanks for straightening me out. -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P+ L+++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+ -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Approved header
For what it's worth. The Approve.py handler in mailman does seem to check for the Approved: header and will compare it's value to the mail list admin password. It looks like this should work fine from what I've found in the source. However, it doesn't seem to. Is there any way to make mailman produce some type of debugging output? Take Care, James -- James Thompson138 Cardwell Hall Manhattan, Ks 66506785-532-0561 Kansas State University Department of Mathematics -- -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
