Re: [Mailman-Users] problems in posting to a list
On 6/14/06, Harold Goldstein [EMAIL PROTECTED] wrote: i am an administrator (but i didn't install it nor do i have access to the server) of an announcement only mailing list. despite having 3 addresses listed as administrator and moderator, we have only been able to use one address to post. that was ok till last week when we were subject to a spoofing attack appearing to come from that address. The 'administrator' and 'moderator' addresses aren't considered when determining if a message is to be allowed. Any addresses you'd like to accept mail from, add to 'accept_these_nonmembers' under 'Sender filters' under 'Privacy Options' in the web interface. ALTERNATIVELY, include as the first line of your message: 'Approved: list admin password' (this is better, since it's totally proof against spoofing. Man-in-the-middle attacks, however, can theoretically intercept your mail on the way to the server, and get the password out of it. FYI.) -- - Patrick Bogen -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] problems in posting to a list
thanks for your response Any addresses you'd like to accept mail from, add to 'accept_these_nonmembers' under 'Sender filters' under 'Privacy Options' in the web interface. hmmm ... ok ... but why would i be considered a 'non-member' ... i never would have guessed to use this. ALTERNATIVELY, include as the first line of your message: 'Approved: list admin password' (this is better, since it's totally proof against spoofing. an excellent approach ... i take it that the characters ARE included in the above?? thanks again harold ... Harold Goldstein - [EMAIL PROTECTED] ~~,__o ~^^ Goldray Consulting: http://goldray.com/ ~_-\ , ~ o \ Web Development/Internet Training (*)/ (*) ~ / { \ Save The Apes: http://bushmeat.net/ / { o} amber for everyone - http://amberlady.com - fossil bugs too -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] problems in posting to a list
Harold Goldstein wrote: thanks for your response Any addresses you'd like to accept mail from, add to 'accept_these_nonmembers' under 'Sender filters' under 'Privacy Options' in the web interface. hmmm ... ok ... but why would i be considered a 'non-member' ... i never would have guessed to use this. Or, just turn off your mod flag in the membership list (assuming you are a member). ALTERNATIVELY, include as the first line of your message: 'Approved: list admin password' (this is better, since it's totally proof against spoofing. an excellent approach ... i take it that the characters ARE included in the above?? No, they aren't. And this is a better method because it is spoof proof. I.e. allow no one to post just because of who they claim to be - require the password. See http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq03.011.htp and http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq03.034.htp. Also note that to use the Approved: pw as a first line, it must be in a plain text part which is the first plain text part of the message. Also, prior to Mailman 2.1.7, it must not be in any other parts such as a text/html alternative part, or it will leak to the list. The better method is to add it as an actual header, but many people's MUA's will not do this conveniently or at all. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] problems in posting to a list
On 6/14/06 6:38 PM, Harold Goldstein at [EMAIL PROTECTED] wrote: ALTERNATIVELY, include as the first line of your message: 'Approved: list admin password' (this is better, since it's totally proof against spoofing. an excellent approach ... i take it that the characters ARE included in the above?? No they are not. Just Approved: password -- Larry Stone [EMAIL PROTECTED] http://www.stonejongleux.com/ -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp