Developers of Sympa

[address@concealed]

address@concealed wrote:
> Hello,
>
> I am working on moving our list services from Lyris to Sympa. One thing Lyris
> allows a list owner to do is bypass moderation by putting a password in the
> body of the email. Is this something Sympa can do and if so where can this be
> configured?
>   
There are several way to do thinks that look like what you request. The 
easier way is to use the "request_auth" feature. If a scenario return 
"request_auth" then a email chalenge is sent to the sender. If the 
sender validate the chalenge, the message is parced again but 
authentication method is "MD5" and the scenario result may then return 
"do_it". The message is then distributed and there is nothing to do for 
the moderator.

see : http://www.sympa.org/wiki/manual/authorization-scenarios

Another solution is to test DKIM on Sympa. This can be done with a 
milter that add a dkim status x header ; such header can be tested then 
by Sympa scenario and trusted for authentication.

Verify password received by mail may be impossible if some SSO is used. 
So introduce such feature in Sympa seems difficult. In addition, we 
don't want is to put any more password in a message. I known Sympa does 
it for password reminder but we are going to change this because it is 
unsecure.

see : 
http://www.sympa.org/wiki/dev/project_direction#authentication_architecture

Regards
Serge Aumont