1870
Comment: Migrated to Confluence 4.0
|
← Revision 6 as of 2014-07-04 09:09:21 ⇥
1891
Added note about Approved: <password>. Cleaned up other wording.
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
#pragma page-filename DOC/versions/17891648 | #pragma page-filename DOC/versions/4030556 |
Line 8: | Line 8: |
If there's a hole in this logic somewhere, please let us know. | You must also set require_explicit_destination is set to "yes" to preclude allowing a post with zero recipients (i.e. list in Bcc:). |
Line 12: | Line 12: |
No. Its definition is "If a posting has this number, or more, of recipients, it is held for admin approval. Use 0 for no ceiling." That's how it's defined, I'm afraid. | No. Its definition is "If a posting has this number, or more, of recipients, it is held for admin approval. Use 0 for no ceiling." |
Line 17: | Line 17: |
Approved: [list password] | Approved: <password> |
Line 21: | Line 21: |
In the above, <password> is the list's admin, moderator, or (in 2.1.15 and up) poster password. | |
Line 22: | Line 23: |
I suppose the Approved: header would also work if all messages are held via set max_num_recipients = 1 as long as require_explicit_destination is set to "yes" to preclude allowing a post with zero recipients (i.e. list in Bcc:). | |
Line 24: | Line 24: |
''Last changed on Wed Jan 23 11:45:11 2008 by'' jidanni<<BR>> Converted from the Mailman FAQ Wizard | The Approved: header would also work to pre-approve posts if all messages are held via set max_num_recipients = 1, but moderation of members offers more options than just holding posts. Converted from the Mailman FAQ Wizard |
3.34. How do I spoof-proof my one-way (announcements or newsletter) list?
If you've had problems with virus-generated messages with spoofed senders getting through to a one-way list (we have), you can completely spoof-proof your list by requiring Web-based approval of every message even if it is sent by the list's moderator (the author, in case of a one-way newsletter).
Under Privacy Options, Recipient Filters, set max_num_recipients to 1. This will cause every message posted by the moderator to require approval via the Web (Reason: too many recipients)
You must also set require_explicit_destination is set to "yes" to preclude allowing a post with zero recipients (i.e. list in Bcc:).
Q: One? Don't you mean zero?
No. Its definition is "If a posting has this number, or more, of recipients, it is held for admin approval. Use 0 for no ceiling."
As noted in article 3.11 (see How do I create a newsletter, announcement, or one-way list?), the secure way to do this is to set everyone's moderation bit on and set the default for new subscribers to moderated and post using an Approved: header. This way, no one can post directly to the list without a header of the form
Approved: <password>
in either the headers or the first body line of the message. The header is of course removed before the post is delivered to the list.
In the above, <password> is the list's admin, moderator, or (in 2.1.15 and up) poster password.
The Approved: header would also work to pre-approve posts if all messages are held via set max_num_recipients = 1, but moderation of members offers more options than just holding posts.
Converted from the Mailman FAQ Wizard
This is one of many Frequently Asked Questions.