[Mailman-Users] Listreminder without PWs
Jon Carnes
jonc at nc.rr.com
Sun Feb 3 21:25:19 CET 2002
On Sunday 03 February 2002 03:20, Matthias Jaenichen wrote:
> Hi,
>
> As we have chosen to use SSL with the Mailman-Interface it would be nice
> to get more protection for the passwords.
>
> 1.) How can we send the list reminders without the PWs?
Remove the job out of mailman's cron that sends out the reminder. Add your
own message and have cron send that instead, if you want a monthly
reminder.
>
> 2.) How can we limit User- and Listadministration from WEB only (no
> e-mail)?
Set the list so that it does not look for Administriva, then reroute the
list-request alias to /dev/null or to an autoresponder that sends back a
note telling folks to use the web.
>
> 3.) What about the e-mail itself? Any ideas, how to encrypt the e-mails,
> so that non-list-members will not be able to read them?
This is interesting... There are actually MTA's that will do this for you
- that will encrypt the mail leaving the server, and decrypt the mail
coming to the server.
You could also run the mail bodies through a pre-processor that encrypted
the bodies using something like gpg. Procmail will allow you to do this.
For it to work properly, you will need to have a savvy user group. They
will have to be smart enough to decrypt the message on their end.
>
> 4.) Certainly there are more steps to be taken to make MailMan more
> secure. We have already chosen QMail, Apache and RSBAC to protect the
> system but are there any plans/implementations to improve MailMan in such
> direction?
I can't speak for the direction of Mailman. It's open source though, so
feel free to pull it in the direction you would like to see it go. All
contributions are accepted.
Jon Carnes
More information about the Mailman-Users
mailing list