Paul Tomblin wrote:
And so one thing i'm looking at
would be a way to send an announcement to all the lists on my server. I
understand that you can send mail to a list with an x-approved with the
list password, but can you do the same with the admin password?
If by admin password, you mean
Quoting Mark Sapiro ([EMAIL PROTECTED]):
Paul Tomblin wrote:
And so one thing i'm looking at
would be a way to send an announcement to all the lists on my server. I
understand that you can send mail to a list with an x-approved with the
list password, but can you do the same with the
Paul Tomblin wrote:
You mean that if people used the Approve: header that Mailman doesn't
strip it out before it sends it? That seems like a huge security hole.
No I don't mean that. It is removed whether or not the password is
valid. When I said This is intentional to discourage sending the
Quoting Mark Sapiro ([EMAIL PROTECTED]):
Paul Tomblin wrote:
You mean that if people used the Approve: header that Mailman doesn't
strip it out before it sends it? That seems like a huge security hole.
No I don't mean that. It is removed whether or not the password is
valid. When I
Quoting Paul Tomblin ([EMAIL PROTECTED]):
My wife is asking what she needs to do with all my servers if i'm
incapacitated or dead. One of the things that would need to be turned over
to somebody else are all my mailman lists. And so one thing i'm looking at
would be a way to send an
On Wed, 17 Jan 2007, Mark Sapiro wrote:
Paul Tomblin wrote:
You mean that if people used the Approve: header that Mailman doesn't
strip it out before it sends it? That seems like a huge security hole.
No I don't mean that. It is removed whether or not the password is
valid. When I said
Larry Stone wrote:
But it also minimizes the risk of accidental disclosure of the site
password. I assume if Approved was misspelled in a header or as the first
line of the message, it would be included in the message if it was
susequently approved by a moderator or met other critieria for not
On Wed, 17 Jan 2007, Mark Sapiro wrote:
Paul Tomblin wrote:
You mean that if people used the Approve: header that Mailman doesn't
strip it out before it sends it? That seems like a huge security hole.
No I don't mean that. It is removed whether or not the password is
valid. When I said
David Lee wrote:
If the inbound email contains not only the plain text message but also its
equivalent in HTML
and if the Approved: is specified as the first line of the body rather
than as a header
then
the password is in danger of leaking outbound, being stripped only from
the