[Mailman-Developers] [ mailman-Bugs-566691 ] check for subscriber fails w/ moderated

noreply@sourceforge.net noreply@sourceforge.net
Mon, 10 Jun 2002 21:50:05 -0700 

Bugs item #566691, was opened at 2002-06-10 01:09
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=100103&aid=566691&group_id=103

Category: security/privacy
Group: 2.0.x
Status: Open
Resolution: None
Priority: 5
Submitted By: Jeff Garvas (jgarvas)
Assigned to: Nobody/Anonymous (nobody)
Summary: check for subscriber fails w/ moderated

Initial Comment:
When you run a list that is non-moderated, but you limit 
posts to the subscribers list, a post by a non-member 
results in this error:

Reason: Post by non-member to a members-only list

If you go into "Privacy Options" and change "Must posts 
be approved by an administrator?" and 
maintain "Restrict posting privilege to list members" a 
post by a non-subscriber results in THIS reason:

Reason:  Post to moderated list

Unless I am missing a configuration option, I believe this 
is a flaw in the order in which mailman is checking 
posts.  Even if a list is moderated, the reason this 
individual post was rejected should still read

Reason: Post by non-member to a members-only list

or, a new reason should be made like this:

Reason: Post by a non-member to a members-only 
AND moderated list

This may seem like a silly request, but if you run a 
members only list that happens to be moderated as 
well, you run into the problem of accidentally approving a 
post from a non-member when the content of that post 
was "on topic".

Is there a fix for this?  Would this classify as a bug?

Does anyone know of any other work arounds?

When you have a few thousand people on a mailing list, 
its not really easy to realize on your own that a specific 
individual isn't a subscriber to the list.  Especially when 
you have multiple individuals help administrate the list 
itself.


----------------------------------------------------------------------

>Comment By: Jeff Garvas (jgarvas)
Date: 2002-06-11 00:50

Message:
Logged In: YES 
user_id=560554

I've been experimenting with Mailman/Handlers/Hold.py 
(playing with python for the first time ever) and after spending 
some time trying to figure out how to compile it, I came up 
with a simple idea.

I moved the code that checks if the list is moderated to 
immediately after the code that checks if the list 
is "subscriber only" and the post is coming from a subscriber 
or not.

The result:  Exactly what I want.   However, I don't know if I've 
managed to miss something obvious by doing this.  Have I 
possibly broken an aspect of Mailman and I'm not realizing it?

With this modification to Hold.py a post from a non-
subscriber to a moderated (and subscriber only) list ends up 
in the administrative queue with a reason of "Post by non-
member to member-only list" instead of a moderated list 
bounce.  This seems like the logical and proper way for this 
to operate.

Can someone tell me if this appears to be a safe and proper 
solution?   If so, I think it should be rolled into the current 
version.  I generated a patch file with diff -C 2, attached here, 
but possibly not created properly.  Beware when running it! :)



----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=100103&aid=566691&group_id=103