[Mailman-Users] FW: No One Can Post a Message but the Server

Dragon dragon at crimson-dragon.com
Tue Jul 18 03:40:46 CEST 2006


Greg Sims sent the message below at 06:32 PM 7/17/2006:
>Thanks Patrick!
>
>It appears this password is striped from the email header before it is sent
>out.  This is important as the list password would be disclosed to everyone!

Yes, the Approved: line with the password gets stripped from the mail 
if and ONLY if it meets one of two criteria.

1. It is the very first line in the body of the e-mail, there can be 
no other lines before it.

2. It is used as a header (I think this is really the best approach 
if you can do it, I am certain this can be done in Python, Perl and 
PHP, not so sure, about a bash script).

>Should the <list password> be the administrator for the list?  This is the
>way it is setup for the server early Tuesday morning.  I hope it is correct.

I believe the moderator password will work too. I am sure somebody 
will correct me if I am wrong. If so, you ought to use it because if 
it somehow becomes disclosed accidentally, there is much less 
potential for damage by malicious people than with the administrator password.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the Mailman-Users mailing list