[Mailman-Users] Confirmation logging
Kip Warner
kip at thevertigo.com
Thu Jul 4 01:28:30 CEST 2013
On Wed, 2013-07-03 at 12:41 +0900, Stephen J. Turnbull wrote:
> Each step of a subscription is logged. IP addresses of web requests
> are logged, both in logs/subscribe and by the webserver.
>
> IP addresses of the last remote MTA for a request by mail are logged
> by the local MTA. IP address of the source MTA or MUA cannot be
> reliably determined in malicious cases, and even for honest messages,
> the source IP is both expensive to compute accurately and less than
> 100% reliable. I don't think Mailman even tries to log these, but I
> don't have an actual case to hand in my own logs -- everybody uses the
> web interface.
>
> It seems to me that you can probably comply with DreamHost's
> requirements simply by disabling processing of admin commands by
> mail. Caveat: I haven't read DreamHost's policy so I don't know for
> sure. Most likely very few people will be bothered. You'll also want
> to edit the "please confirm" message to remove the reference to
> confirm by mail. You could also achieve the same effect by requiring
> confirmation by mail, but this might require more invasive changes to
> the code.
>
> I'm not sure how to disable admin-by-mail offhand, but Mark can
> probably help.
Hey Stephen. Thanks for your help. I passed on your comments to DH and
this is what they said:
The web interface has the same problem as the mail interface --
the logs rotate and are not available after a certain span of
time. Everything else in [Stephen's] email is theoretical and
not applicable to our installation as it exists now.
It just seems goofy, given that they allow us to use Mailman for a
discussion list, but not as an announcement list. The only practical
difference between the former and latter is that only one person is
typically allowed to post in the latter case, whereas both situations
can potentially have a post with thousands of recipients.
--
Kip Warner -- Software Engineer
OpenPGP encrypted/signed mail preferred
http://www.thevertigo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20130703/62ccdfca/attachment.pgp>
More information about the Mailman-Users
mailing list