[Mailman-Users] Prevent Web Subscription Confirmation?
Mark Sapiro
msapiro at value.net
Thu Nov 25 18:26:57 CET 2004
Speedy Gonzalis wrote:
>In ver 2.1.4 I want to prevent subscription confirmation via the web. Subscribing via the web is fine, but not confirmation. Allowing this lets people/IPs black listed at server level in postfix to go around my spam /security system.
You could always modify the verify.txt template to remove the link and
the reference to it.
>Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
See FAQ article 4.48 for information on changing templates on a per
list, per domain or site wide basis.
Note that this solution is not really secure as a knowledgable user
could construct the proper URI from the confirm command that is
included in the message. You could securely eliminate all web
confirmations for subscribe, unsubscribe and address change site wide
by just deleting the cgi-bin/confirm wrapper or changing its
permissions so it couldn't be run. If this is too big a hammer, you'd
need to hack the code in Mailman/Cgi/confirm.py for a finer solution.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list