Subject: The mailing list for listmasters using Sympa
List archive
RE: [sympa-users] Restricting postings to a list without a challenge/response.
- From: Steve Shipway <address@concealed>
- To: "Michael D. Sofka" <address@concealed>, sympa-users <address@concealed>
- Subject: RE: [sympa-users] Restricting postings to a list without a challenge/response.
- Date: Fri, 24 May 2013 09:06:50 +0000
One option you have, is that you can use an S/MIME signature to validate the
email. We have this on some lists. You just obtain an S/MIME signature for
the people entitle to post to the list, and make sure your send scenario
covers them (maybe make them list editors, or have a separate list in a
file). Set the send scenario to require an S/MIME signature.
Your current way is a bit insecure if anyone finds out the password - though
not as insecure as having no additional confirmation, of course! If
moderation and confirmation mails are not acceptable, then S/MIME is probably
the way to go, and is more secure anyway.
You *could* create a custom send scenario that validates the content of the
message to contain the password field, but there is no way I know of to
remove the password line from the body before distribution.
Another possibility is to have a password *header* -- eg, X-Password: -- and
set the list options to strip the header before distribution, similar to the
way the Approved header works in NNTP. Then a custom posting scenario could
validate the password header line. However, you would need to send the
message from a mail client that is capable of adding custom headers.
Steve
Steve Shipway
University of Auckland ITS
UNIX Systems Design Lead
address@concealed
Ph: +64 9 373 7599 ext 86487
________________________________________
From: address@concealed
[address@concealed] on behalf of Michael D. Sofka
[address@concealed]
Sent: Friday, 24 May 2013 8:03 a.m.
To: sympa-users
Subject: [sympa-users] Restricting postings to a list without a
challenge/response.
We are migrating from Listproc to Sympa---an ongoing proces---and we are
down to the more difficult lists. There is one list used for a daily,
campus-wide newsletter. Under listproc we are using password
confirmation, meaning the email body starts with "Confirm:<password>".
There does not appear to be a similar setting in Sympa. The closest I
have found is the editorkeyonlyauth and newsletterkeyonly, which send
back an email challenge. This would require an auto-responder to
accept the challenge, or a moderator to give the final approval, both of
which has been rejected by management.
Is there something equivalent to the "password" option with Sympa?
Mike
--
Michael D. Sofka address@concealed
C&MT Sr. Systems Programmer, Email, HPC, TeX, Epistemology
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
-
[sympa-users] Restricting postings to a list without a challenge/response.,
Michael D. Sofka, 05/23/2013
-
RE: [sympa-users] Restricting postings to a list without a challenge/response.,
Steve Shipway, 05/24/2013
- Re: [sympa-users] Restricting postings to a list without a challenge/response., Michael D. Sofka, 05/28/2013
-
RE: [sympa-users] Restricting postings to a list without a challenge/response.,
Steve Shipway, 05/24/2013
Archive powered by MHonArc 2.6.19+.