Re: [Mailman-Users] Protecting user data

2002-10-05 Thread Slap's Mailing List Account 

Jon,

I may implement that for a temporary solution, but it does not take away
the full problem because anybody could be subscribed to the mailing list
(which isn't very high traffic anyhow) and see the IP addresses in the
message headers. Ideally I'd like to be able to protect my users from
being seen in the email headers at all. Is there any way to do this? Will
I have to do something with sendmail to make this happen?

Thanks
Sean



--
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/

[Mailman-Users] Protecting user data

2002-10-03 Thread Slap's Mailing List Account 

Hiya,

I run a discussion list using Mailman 2.1 for a small open-source project.
Recently, there was a security vulnerability discussed on my list and
shortly after it was brought to light, several users of my list were
attacked by a cracker through this security issue. I believe that the
attacker saw the posts on our list (in the public archives or he could
even be subscribed) and used that information to attack our users, and
that he gained their IP addresses through the headers of their posts to
the list.

I have this option enabled: (Hide the sender of a message, replacing it
with the list address (Removes From, Sender and Reply-To fields)), but
when the user sends email, it still shows it as originating from their
personal computer. I need a way to protect this information (their IP
address, etc) so that it looks like the messages are just coming from my
Mailman server instead.

Since there are several users on my list who are running my software and
posting to the list from the same server, I need to be able to protect
them - otherwise, we will not be able to safely discuss issues such as
security concerns again.

If anybody can help me with this, I'd greatly appreciate it.

Thanks!

Sean B


--
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/

Re: [Mailman-Users] Protecting user data

2002-10-03 Thread Jon Carnes 

There are couple of things you can do.

 - Edit the source of the arching program so that it drops the header
info from messages before archiving them (I did this last year for a
list and it's worked great).

 - Run a script that edits the Mbox file for the list directly and then
re-archive after you run the script.

Note, that folks have the option under the default install to download
the mbox file for the list. If you simply edit the archives, then
someone can still grab all the headers, etc, from the mbox.

Good Luck - Jon Carnes
==
On Thu, 2002-10-03 at 15:15, Slap's Mailing List Account wrote:
 Hiya,
 
 I run a discussion list using Mailman 2.1 for a small open-source project.
 Recently, there was a security vulnerability discussed on my list and
 shortly after it was brought to light, several users of my list were
 attacked by a cracker through this security issue. I believe that the
 attacker saw the posts on our list (in the public archives or he could
 even be subscribed) and used that information to attack our users, and
 that he gained their IP addresses through the headers of their posts to
 the list.
 
 I have this option enabled: (Hide the sender of a message, replacing it
 with the list address (Removes From, Sender and Reply-To fields)), but
 when the user sends email, it still shows it as originating from their
 personal computer. I need a way to protect this information (their IP
 address, etc) so that it looks like the messages are just coming from my
 Mailman server instead.
 
 Since there are several users on my list who are running my software and
 posting to the list from the same server, I need to be able to protect
 them - otherwise, we will not be able to safely discuss issues such as
 security concerns again.
 
 If anybody can help me with this, I'd greatly appreciate it.
 
 Thanks!
 
 Sean B
 
 
 --
 Mailman-Users mailing list
 [EMAIL PROTECTED]
 http://mail.python.org/mailman/listinfo/mailman-users
 Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/



--
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/