The mailing list for listmasters using Sympa

["Joe Gilbert" <address@concealed>]

Adam,

Yes, the newsletter with confirmation is another option that I played
around with as well.  I think you get the gist of what I am trying to
solve.  My design considerations are that I want to make this secure and
also make it as simple for the user as possible.  It is quite likely
that I could even automate the posting through a cgi script.

I think there are two ways of making a list server secure that should
both be pretty easy to do.

1) Restrict posting by IP - This is definitely preferable because it
does not require a confirmation step by the user.

2) Restrict by moderation to list editors - In testing this in the past,
it looks like once the editor would have to go to the web interface to
authorize a message.  This just seems a little too complicated for my
purposes.  I would most likely use procmail or some custom script to
make #1 a reality if it is not inherent in sympa.

The reason I am leaning so heavily to #1 is that I will probably have
scripts actually sending the messages out and I do not want to have to
maintain code that receives mail, parses it and does something through a
web page.  That is just a little complicated.  At the same time, I do
need it to be spoof-proof.  Does that give you a clearer picture of what
I intend?

-----Original Message-----
From: Adam Bernstein [mailto:address@concealed] 
Sent: Friday, July 18, 2003 10:31 AM
To: Joe Gilbert
Cc: address@concealed
Subject: RE: [sympa-users] Restriction of sending by IP Address


> I plan to have the user send the email through smtp to 
> <mylist>@hostname.  I do need to lock it down because it is supposed 
> to be a fairly user-friendly setup where the people sending mail do 
> not have to do anything special but it would be too easy for someone 
> to maliciously spoof a sending address.

I think some more information about what you're trying to do would be
helpful.  If you just need announcement lists that are postable only by
staffers or a certain group of email addresses, and you need to make it
spoof-proof, then I would suggest just making them moderators and using
the "newsletter... with confirmation" setting.  A posted message will be
sent back to the moderator's addresses for confirmation, ensuring that
only the real owners of those addresses can post.

    adam