Differences between revisions 4 and 5
Revision 4 as of 2008-06-10 14:17:06
Size: 1919
Editor: terri
Comment:
Revision 5 as of 2008-06-10 14:17:07
Size: 1870
Editor: terri
Comment: Migrated to Confluence 4.0
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#pragma page-filename DOC/versions/14352521 #pragma page-filename DOC/versions/17891648
Line 3: Line 3:
Line 13: Line 14:
    * As noted in article 3.11 (see [[../How do I create a newsletter, announcement, or one-way list?|How do I create a newsletter, announcement, or one-way list?]]), the secure way to do this is to set everyone's moderation bit on and set the default for new subscribers to moderated and post using an Approved: header. This way, no one can post directly to the list without a header of the form
Approved: <<Verbatim([)>>list password<<Verbatim(])>>

As noted in article 3.11 (see [[../How do I create a newsletter, announcement, or one-way list?|How do I create a newsletter, announcement, or one-way list?]]), the secure way to do this is to set everyone's moderation bit on and set the default for new subscribers to moderated and post using an Approved: header. This way, no one can post directly to the list without a header of the form

Approved: [list password]
Line 18: Line 21:
    * I suppose the Approved: header would also work if all messages are held via set max_num_recipients = 1 as long as require_explicit_destination is set to "yes" to preclude allowing a post with zero recipients (i.e. list in Bcc:\).
''Last changed on Wed Jan 23 11:45:11 2008 by'' jidanni
<<Color2(Converted from the Mailman FAQ Wizard, col=darkgreen)>>This is one of many [[../Frequently Asked Questions|Frequently Asked Questions]].

I suppose the Approved: header would also work if all messages are held via set max_num_recipients = 1 as long as require_explicit_destination is set to "yes" to preclude allowing a post with zero recipients (i.e. list in Bcc:).

''Last changed on Wed Jan 23 11:45:11 2008 by'' jidanni<<BR>> Converted from the Mailman FAQ Wizard

This is one of many [[../Frequently Asked Questions|Frequently Asked Questions]].

3.34. How do I spoof-proof my one-way (announcements or newsletter) list?

If you've had problems with virus-generated messages with spoofed senders getting through to a one-way list (we have), you can completely spoof-proof your list by requiring Web-based approval of every message even if it is sent by the list's moderator (the author, in case of a one-way newsletter).

Under Privacy Options, Recipient Filters, set max_num_recipients to 1. This will cause every message posted by the moderator to require approval via the Web (Reason: too many recipients)

If there's a hole in this logic somewhere, please let us know.

Q: One? Don't you mean zero?

No. Its definition is "If a posting has this number, or more, of recipients, it is held for admin approval. Use 0 for no ceiling." That's how it's defined, I'm afraid.

As noted in article 3.11 (see How do I create a newsletter, announcement, or one-way list?), the secure way to do this is to set everyone's moderation bit on and set the default for new subscribers to moderated and post using an Approved: header. This way, no one can post directly to the list without a header of the form

Approved: [list password]

in either the headers or the first body line of the message. The header is of course removed before the post is delivered to the list.

I suppose the Approved: header would also work if all messages are held via set max_num_recipients = 1 as long as require_explicit_destination is set to "yes" to preclude allowing a post with zero recipients (i.e. list in Bcc:).

Last changed on Wed Jan 23 11:45:11 2008 by jidanni
Converted from the Mailman FAQ Wizard

This is one of many Frequently Asked Questions.

MailmanWiki: DOC/How do I spoof-proof my one-way (announcements or newsletter) list? (last edited 2014-07-04 09:09:21 by msapiro)