[Mailman-Users] Announcement only

[Ben Burnett]

My apologies to all for bad formatting.

-Ben

------- Original Copy -------
>Subject: Fw: Re: [Mailman-Users] Announcement only 
>Date: 06/14/2001 10:37 AM
>From: Ben Burnett<benwa at ocentrix.com>
>To: benwa at ocentrix.com
>Reply-To: benwa at ocentrix.com

>On Thu, 14 Jun 2001, Jeremy Sharp wrote:
>> Can I ensure that my list:
>> - will not pass unauthorised posts for moderation, but
>just rejects them
>
>Jeremy,
>
>Ralf Laue has come up with a way to do this under very
>specific circumstances.  If you can configure your Mailman
>installation the way he outlines it will work, but it isn't
>a simple thing to do.  Below is an email he sent to me
>describing the process.  I hope you find it useful.
>
>-Ben
>
>------- Original Copy -------
>Hello,
>
>Some weeks ago, you have posted a useful document about how
>to setup
>announce only mailman lists to the Mailman-Developers list.
>
>If you should write something like a HOWTO about this
topic,
>you should
>consider one additional point:
>
>You describe how to configure a list to allow only certain
>addresses
>to post. However, these "sender" addresses can be faked
very
>easily.
>
>If you really have to avoid unauthorized posting, I suggest
>another way:
>1) Mailman and your mail server run on two different
>machines.
>2) A firewall does not allow SMTP connections to the
Mailman
>machine
>from
>the outside. SMTP is only possible to the mail server.
>3) We must allow administrative requests to be sent to the
>Mailman
>machine
>from the outside. To do this:
>- point the MX entry for mailman.you.com from your external
>DNS to the
>mailserver
>- Set up an internal DNS that cannot be accessed from the
>outside and
>define a host entry (and MX) for realmailman.you.com,
>pointing to the
>Mailman server.
>- Create some forwardings on the mail server:
>listname-admin at mailman.you.com will be forwarded to
>listname-admin at realmailman.you.com
>listname-owner at mailman.you.com will be forwarded to
>listname-owner at realmailman.you.com
>(sendmail users could use virtusertable)
>Be sure that mail to
>listname at mailman.you.com will NOT be forwarded to
>listname-owner at realmailman.you.com!
>Note that your mail server as an internal server has access
>to the
>internal
>DNS server. For this reason it can send mail to
>realmailman.you.com. A
>user from the
>outside has not, so that realmailman.you.com is not visible
>from the
>outside.
>
>This is a much stronger solution, because nobody with a
>faked sender
>address can
>send mail to the Mailman server. However, it is still not
>safe enough if
>you have to
>be afraid of internal users sending unauthorized e-mail to
>the list.
>
>Best Wishes,
>Ralf Laue
>