[Mailman-Users] Re: broadcast only

Darron Froese darron at javelindigital.com
Wed Nov 29 17:53:52 CET 2000 

On 11/29/00 8:02 AM, "John A. Martin" <jam at jamux.com> wrote:

> Another way to frame the issue is to consider implementing the
> recommendation rfc2369 for an announcements list,
> 
> 3.4. List-Post
> 
>   The List-Post field describes the method for posting to the
>   list.  This is typically the address of the list, but MAY
>   be a moderator, or potentially some other form of
>   submission. For the special case of a list that does not
>   allow posting (e.g., an announcements list), the List-Post
>   field may contain the special value "NO".
> 
> then applying the principle of least surprise and enforcing "does not
> allow posting" by bouncing attempted posts while allowing the
> list-owner and his friends to post through the 'posters' option (in
> Privacy Options).
> 
> 'no-posting' would want of course he a list-owner option to be set or
> reset without bothering the mailman site administrator.  Entangling
> it with other options would be to the detriment of the folks who
> operate such lists, IMHO.

That sounds like it would work.

In recap for Announce only lists:

1. List-Post: NO in the headers of the email.

2. Automatic Bounce of posts except from those already set in the Poster
option with a message stating "This is an announce only list."

3. A way to use a different "$home_prefix/templates/subscribeack.txt" so
that the "NO POSTING" could be clearly indicated when the user signed up.
This would help with the consistency problems I noted earlier. (The listinfo
page can already be changed manually without any problems.)

The only problem I can see with this would be this:

Having implicitly allowed certain email addresses to post to the list
*without* approval could be problematic if someone decides to send an email
as that user.

Simply looking over the posted items on the lists would give you the email
addresses that you could set up in your mail reader and you may be able to
post as that user unrestricted and unhindered.

What *may* be better could be a new parameter like "Authorized Submitters"
which would hold all the email addresses that were allowed to submit items
to the list. Those items that they sent would still have to be authorized by
a list admin BUT this could help with:

1. Spoofed email from those addresses.
2. Posting requests from people not on the list would be automatically
rejected if they're not on the list of "Authorized Submitters".

Make sense? Am I being too paranoid?
--
darron froese
new media technologist
sutton javelin corporate communications
t  403.265.9980
f  403.265.7662
e  darron at javelindigital.com

More information about the Mailman-Users mailing list