[Mailman-Users] Message IDs & Security

Mark Sapiro msapiro at value.net
Thu Aug 24 02:59:13 CEST 2006 

Jon Loose wrote:
>
>On looking at the downloadable archives, the message ids are very long indeed (over 100 characters).  I took a look at the same file for this list, and the ids seem shorter.  Is there any way to get shorter message ids?  (This is just a cosmetic issue as regards reading the archives, but important for users.)


For messages in the archive, the Message-Id: is set by the poster's MUA
(or maybe MTA if the MUA is non-compliant). Mailman has nothing to do
with it.


>Also, as regards security, I would appreciate recommendations of the simplest way to set up a postfix/mailman system with https on apache2.  I've seen the FAQ and am still struggling to get my head around it.


Admittedly,
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.027.htp>
could at least be better organazed, but that's the downside of a FAQ
which is "wiki-like".

That said, perhaps after you've gotten at least partially around it,
you could ask a more specific question.


>Finally, what is the overall security level of mailman, given that passwords are sent out in monthly reminders to the individuals concerned?  If the answer is "not very secure", are there plans to change this?


Member passwords provide moderate security against someone
inadvertently or maliciously changing a member's options. Currently,
anyone concerned about the monthly reminder can turn it off. In any
case the reminder will go away completely in Mailman 2.2. The member
passwords, unlike the admin and moderator passwords, are stored in
cleartext in the list's config.pck file so are subject to compromise
by that route if an unauthorized person can gain access to the file.
At some future point beyond the initial 2.2 release, a more flexible
and secure user/moderator/admin authentication system will be
implemented - maybe in a later 2.2 release or maybe in 3.0.

I believe the admin and moderation functions of Mailman are currently
quite secure (although somewhat inflexible) as long as the passwords
aren't widely known.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list