[Mailman-Users] BUG(S): Mailman ignoring setting of privacy

Nicholson James D James.Nicholson at amedd.army.mil
Mon Apr 12 02:30:28 CEST 1999 

> When you say 'From field', do you mean the header that looks like
> 
>    From: test2-admin at ncsa.uiuc.edu
> 
> or
> 
>    From test2-admin at ncsa.uiuc.edu  Sat Apr 10 00:48:53 1999
> 
> (basically, the envelope sender or the From: header)?
> 
	[Nicholson James D]  Here's what I received from a test message to
my test lists.  My PC is being used to post to the list and I use qpopper to
pop mail from the IRIX machine.:

					Received: 
	                         from <IRIX machine name> ([<IP of my PC>])
by <IRIX Machine name>
	                         (950413.SGI.8.6.12/950213.SGI.AUTOCF) via
ESMTP id XAA18532 for
	                         <lightchain@<IRIX Machine Name>>; Sun, 10
Apr 1999 23:49:20 -0500
	              Message-ID: <370ECDCD.D6F9C112@<IRIX Machine Name>>
	                    Date:  Sat, 10 Apr 1999 00:04:29 -0400
	                    From: Jim <jim>

	As you can see, the From: field is directed back at me even though I
used the admin privacy option to send it back to the list.
	I think Microsoft Outlook [hisssssss] looks at the From: line to
figure out where to reply to.  So, I need to make that From: line say
listname at machine.name.  I am assuming that that is what the privacy option
to redirect mail to the list was intended to do.

>  
> 
>    o Changed nobody uid/gid to 65534 to match mailman settings
> 
	[Nicholson James D]  
	 My mailman is set up to be uid/gid 2001/50 with appropriate group
entry.  Why are you setting nobody to match mailman settings?  Won't this
cause security problems down the line if someone can access your machine as
nobody?
	  
>    
> Then I added these directives to httpd.conf *exactly* as they appear
> below.
> 
	[Nicholson James D]  
	Thanks for the tip.  This set of commands was not in httpd.conf.  It
made a difference.  It was also not mentioned in the docs for mailman.
Adding these allowed me to access mailman and still to deny a directory
listing.

>    <Directory /home/staff/mailman/cgi-bin/>
>       Allow from all
>       Options SymLinksIfOwnerMatch ExecCGI
>    </Directory>
> 
>    ScriptAlias /mailman/ /home/staff/mailman/cgi-bin/
> 
> 
	[Nicholson James D]  
	Now the reason you have to include both
	ScriptAlias /mailman/  ......   & ScriptAlias /~mailman/ ...... is
not because /mailman/ doesn't work.  It works fine.  The problem is that the
message that was sent out to new subscribers said to access the web
interface at http://<machine name>/~mailman/listinfo/<listname>.  You can
have it either way, but I was confused by the other URL being sent to my
test accounts.  So, I suppose I can have both of them there.  It doesn't
seem to hurt anything.

More information about the Mailman-Users mailing list