[Mailman-Users] Unsubscribe from list w/o passwd

[Scott Russell]

To follow up my own hack, I did a bit more testing and found this works
to allow users to subscribe and unsubscribe to a list w/o worrying about
choosing a password. To set this up you'll need to create a dummy email
address that dumps messages into /dev/null or some other mail 
queue. Here's a quick break down:

dummy at myhost.com -> This is the address all subscribe / unsubscribe
messages should come from.

user at userhost.com -> The user email address who wants to subscribe or
unsubscribe.

mylist at myhost.com -> The mailman list using a list passwd of
'mylistpasswd'.

1) User selects mylist from a drop down menu on a web page and enters
   their email address of user at userhost.com. They then click 'subscribe'
   to submit the form.

2) CGI creates an email addressed to mylist-request at myhost.com from
   dummy at myhost.com. The email has no subject and a single line in the
   body: "subscribe address=user at userhost.com"

3) Depending on list options the user will get a confirm message.

4) Depending on list options the list admin will get a new user subscribed
   message.

5) dummy at myhost.com will get a 'Your command results' message which will
   be routed to /dev/null or some other mail queue as to not bother the
   list admin.

To have a user unsubscribe it's the same process execpt in step 2 the
email body should contain the line: "unsubscribe mylistpasswd
user at userhost.com".

I know php3/php4 can do this rather nicely with the mail() function. Just
be sure to keep your listpasswd out of the webpage to prevent a user from
getting it by viewing the source.

-- 
Scott

On Thu, Sep 14, 2000 at 09:45:49AM -0400, Scott Russell wrote:
> Here's a hack.
> 
> Create a web form that allows the user to enter their email address. My
> example is 'joeuser at nowhere.com'. 
> 
> Generate an email to mylist-request at mailman.server.com w/o a subject and
> the single line of: "unsubscribe <list passwd> joeuser at nowhere.com". Make
> sure the mail header says it is from some generic list admin address.
> 
> Mailman should then unsubscribe the user taking the list passwd instead of
> the users passwd. I tested this and it seems to work with the exception of
> a mail back to person who sent the message does contain the list
> passwd. I think you can work around this problem by setting the email from
> header to be from some generic admin address.
> 
> Be sure to test this! You don't want users to get a hold of the list
> passwd!
> 

-- 
Regards,
 Scott Russell (scottrus at raleigh.ibm.com)
 Linux Technology Center, System Admin, RHCE.