[Mailman-Developers] 2.1.8 documentation mismatch
Brad Knowles
brad at stop.mail-abuse.org
Thu Jun 8 20:26:03 CEST 2006
At 4:54 PM +0100 2006-06-08, David Lee wrote:
> To the average non-techie managerial type, what terminology (Authorised?
> Authenticated? etc.) is preferable?
I think that the authentication thing is a red herring. Stick to
the original idea and make relatively minimal modifications to the
code, and let Barry, Tokio, Mark, and others deal with the deeper
technical and architectural issues that Ian is raising.
> That would, indeed, probably be the ideal. But that would itself mean
> that all paths by which the Mailman machine might be reached would have to
> be known to have an enforced mechanism for authenticated SMTP. (And what
> about (say) "cron" jobs generating email which might legitimately go
> through lists?)
Which is part of why you shouldn't worry about trying to solve
this problem. With your original concept, you're not really opening
any new security holes, and you shouldn't have to worry about trying
to close those that already exist.
Just make sure that you put in the appropriate cleanup code into
place to remove the headers in question, as is done today for the
"Approved:" header.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Developers
mailing list