[Mailman-Users] How do I run 2.x mailman more securely?
Grant Taylor
gtaylor at tnetconsulting.net
Thu May 31 15:40:57 EDT 2018
On 05/31/2018 01:18 PM, Dimitri Maziuk wrote:
> Yeah, I too once thought that was a good idea.
I'm not quite following you. Are you saying that you now dislike
HTTP(S) usernames & passwords specifically? Or are you saying that you
dislike hosting something yourself?
> And then heartbleed came along, and our knee-jerk security department
> cut off everyone who hasn't patched in 24 hours -- at the gateway.
Problems happen. It's how you (or the powers that be) respond to
something that matters.
> As Murphy would have it, I was traveling across the Atlantic and our
> other IT guy was driving across North America. And of course cut-off at
> the gateway meant no mail, no ssh, no way to know what happened and no
> way to fix it.
Yep. Murphy and his law will get you when you least expect it or are
least able to respond to it.
> This stuff sounds like it's coming from the same security experts.
> Proper answer with those guys is don't run mailman. Export the subscribers
> and use it as CC list in Orifice'365: you can't go wrong with "industry
> standard".
I'm going to disagree with you there. You most certainly can go wrong
with "industry standard" or "what everybody else does".
--
Grant. . . .
unix || die
More information about the Mailman-Users
mailing list