[Mailman-Users] Hello List
Mark Sapiro
mark at msapiro.net
Fri Dec 18 20:00:42 CET 2009
Lindsay Haisley wrote:
>On Fri, 2009-12-18 at 18:34 +0200, Geoff Shang wrote:
>> Yes I can clear their moderation flag, and in fact this is what I first
>> suggested, but my message was in response to a message from Mark who was
>> putting forward the position that this was a bad idea and that it's better
>> to post using the Approved: header instead.
>
>I don't entirely agree with Mark on this. I generally offer my
>customers the option of using either mechanism, with the caveat that
>using the mod flag is potentially less secure.
FWIW, I was recommending the Approved: <password> approach in the
context of a reply where the OP said "I only want the list
administrator to be able to post messages to the list".
I agree that in the case where you have authorized posters who are not
necessarily admins or moderators that controlling posting by
unmoderating posters and/or accept_these_nonmembers is appropriate
although still subject to spoofing. It all depends on the list.
>You have two moderation passwords, one for "administrators" and one for
>"moderators". Either will work in an "Approved" header or pseudo-
>header. If you don't designate any moderators, then only the
>administrator password is effective. There's no reason you couldn't
>designate a group of moderators and give them the password, and then
>change it administratively if their service is no longer needed.
Just to be clear, the presence or absence of an email address in the
owner or moderator attributes of a list has nothing to do with who can
do what. It only controls where notices are sent and what appears in
web page footers.
It is quite possible to set a moderator password without adding any
addresses to 'moderator', and anyone who knows that password can post
an Approved: or Urgent: message and log in to the admindb page.
See the FAQ at <http://wiki.list.org/x/5YA9>.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list