[Mailman-Users] (no subject)

[Brad Knowles]

On 8/22/07, Nicoll, Alan wrote:

>  1.  We don't want any 'list owners' or 'moderators'.  Just we lucky few
>  admins will run the lists.

Then use a single central alias or mailing list as the list owner for 
each of those lists, and have that be directed to your admins.  For 
one site I help administer, "listmaster" is the registered owner of 
virtually all mailing lists on the system, and that in turn is an 
alias which gets sent out to a few admins on the project.

>  2.  We want the majority of the lists to be open for users to
>  subscribe/unsubscribe without any passwords required.

If your lists are publicly accessible, this will open you up to being 
abused as a DDOS facility.  Imagine your personal e-mail address 
being subscribed to several hundred mailing lists that don't do any 
validation or require any confirmation that you do actually want to 
be subscribed.

If these lists are not publicly accessible, and you have adequate 
security controls elsewhere, then you should be okay.


However, even if the users are directly subscribed and without 
confirmation, they'll still be issued passwords and those passwords 
will be sent out to them on a monthly basis, so that they have the 
ability to log into a web site on your server and manage their 
subscriptions.

I guess you could simply choose not to run the standard cron job for 
"mailpasswds", but that won't prevent the system from generating the 
passwords for the user, just from having it send out those password 
reminders on a monthly basis.

You're not going to get completely rid of this feature, at least not easily.

>  3.  We want the other very few lists to be setup so only the single list
>  admin(s) adds and removes names from the list.

As above, but make sure that these lists require approval (from the 
list owner/admin staff).

>  4.  All of the lists are for broadcast only with the majority being used by
>  automated processes that do not react nicely to bounces or other
>  administrivia and are not members of each list.

Mailman should handle issues with bounces internally, unless the 
recipient has a broken mail system which sends bounces back to the 
original sender.  You've seen some of that on this list, and I nuked 
the users in question very quickly, because I didn't want them to get 
into auto-responder wars with others on the list.

That said, you could always configure your automated processes to use 
a sender address that can handle bounces or auto-replies, and which 
is on the appropriate "white list" for each mailing list, so that it 
no longer matters whether bounces or auto-replies are sent back to 
the original sender or not.

Since you provide the sender address as input to the process when the 
message is generated, you can make this whatever you want.

-- 
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0