Re: [Mailman-Users] New Lists not getting emails from internal domain

Neilrey Espino wrote: >Just realized Mark The other lists are actually fine,,,I'm only >having problems with the newly created list. I'm not sure if there's a >typo on the aliases. If mail from the internet reaches the list, then it would seem the aliases would be OK. If not, there might be

Re: [Mailman-Users] any info on this reported exploit?

Brad Knowles wrote: > If we insist that everyone follow the proper procedure every time, > then we shouldn't have any problems. Well, I disagree with the current procedure, which based on past emails, suggests that no one is kept informed about security concerns, and only those that hear about

Re: [Mailman-Users] New Lists not getting emails from internal domain

Just realized Mark The other lists are actually fine,,,I'm only having problems with the newly created list. I'm not sure if there's a typo on the aliases. What else could I check ? Thanks, Neilrey -Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: Sunday, Januar

Re: [Mailman-Users] any info on this reported exploit?

Stephen J. Turnbull wrote: >> "Jim" == Jim Popovitch <[EMAIL PROTECTED]> writes: > > Jim> She was asking a very important question about something that > Jim> was already public. > > What important question? I quote Diana from her original email that sparked this thread: "The notice sugg

Re: [Mailman-Users] any info on this reported exploit?

> "Jim" == Jim Popovitch <[EMAIL PROTECTED]> writes: Jim> She was asking a very important question about something that Jim> was already public. What important question? It's an easy to execute exploit (in fact, it occasionally happens due to ordinary mail, that's why it was found an

Re: [Mailman-Users] any info on this reported exploit?

<> THANK you, Brad!! I think all Admins/Owners have same prob at one time or another-;( Ed -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/

Re: [Mailman-Users] How hard is it to spoof an email?

At 4:50 PM -0500 2006-01-29, Jp Possenti wrote: > So basically what you are saying is that Mailman is very insecure? (in > short) No, not Mailman. At least, not Mailman per se. No, *ALL* SMTP e-mail is inherently insecure -- unless you add stuff to it to make it secure. HTTP is inh

Re: [Mailman-Users] How hard is it to spoof an email?

At 4:31 PM -0500 2006-01-29, Jim Popovitch wrote: >DKIM takes it a step > further and adds an encrypted email header "key" that is carried with > the email during it's entire journey through multiple servers. This key > enables every "hop" to val

Re: [Mailman-Users] any info on this reported exploit?

At 4:10 PM -0500 2006-01-29, Jim Popovitch wrote: > But, Diana wasn't emailing sensitive info. She was asking a very > important question about something that was already public. You then > told her that she should have gone to the secret-handshake club. Are > you suggesting that all "Hey,

Re: [Mailman-Users] Why are footers sent as attachments?

At 2:24 PM -0500 2006-01-29, Jp Possenti wrote: > Why is it that when I set Mailman to apply a footer with some info, Outlook > detects it as an attachment? > Is this yet another problem with just outlook? Outlook and certain other MUAs, yes. > Also does the footer in mailman support

Re: [Mailman-Users] How hard is it to spoof an email?

At 1:56 PM -0500 2006-01-29, Jp Possenti wrote: > How hard would it be for someone to maliciously start sending all the users > in my list emails or start deleting people from it by sending bounce errors > or by spoofing the admin email and start emailing everyone on the list? It's tri

Re: [Mailman-Users] Is there a workaround to this?

At 1:53 PM -0500 2006-01-29, Jp Possenti wrote: > I have been reading throughout the web and it seems that when one is reading > a mailing list in Outlook, Mailman does something like this: > > http://www.washington.edu/computing/mailman/faqs/mailman.header.html > > Is there a work-around to t

Re: [Mailman-Users] Newbie question regarding multiple domains with oneMailman installation

Daniel Spreadbury wrote: > >Apologies if this is covered in the Mailman docs or the FAQs, but I'm having >problems finding any concrete information. Searching the FAQ wizard at >Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py for virtual will return some relevant information including FAQ

[Mailman-Users] Newbie question regarding multiple domains with one Mailman installation

Hi folks, Apologies if this is covered in the Mailman docs or the FAQs, but I'm having problems finding any concrete information. I've installed Mailman via the FreeBSD ports collection on my FreeBSD server (running 4.7). My MTA is Exim 4.22, and my web server is Apache 1.3.x. I currently have m

Re: [Mailman-Users] How hard is it to spoof an email?

If I may, Mark -;). <> I don't think that's correct?? <> Even tho I only have 4 Lists with not even a total of 200 folks I have an "alias" on each one. I have a seperate file folder with a Rule that puts List Mail there. That, although somewhat of a PITA, I KNOW things are working correctl

Re: [Mailman-Users] How hard is it to spoof an email?

Jim Popovitch wrote: > >> You say I should not have my admin email as a list member. By that you mean >> "[EMAIL PROTECTED]" which is the default address as the admin? > >Your admin email would be [EMAIL PROTECTED] That address >doesn't belong in the subscribers list, nor does [EMAIL PROTECTED]

Re: [Mailman-Users] How hard is it to spoof an email?

JC Dill wrote: > >I just updated the announcement list FAQ: > > > >to include: > Thanks JC >I don't know how HTML formatting and other email client oddities may >affect using the approved

Re: [Mailman-Users] How hard is it to spoof an email?

Jim Popovitch wrote: > >It's not hard at all. In fact it's quite easy. This is because the raw >archive data is available to the public. See this FAQ: >http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.066.htp Only if the list has public archives. If there are no archives, there ob

Re: [Mailman-Users] How hard is it to spoof an email?

Jp Possenti wrote: > So basically what you are saying is that Mailman is very insecure? (in > short) :-) Honestly, NO. Mailman is much more secure, in deed very secure, than most software I see.The integrity of Mailman depends highly on the security of your OS, your MTA and your webserver.

Re: [Mailman-Users] How hard is it to spoof an email?

So basically what you are saying is that Mailman is very insecure? (in short) You say I should not have my admin email as a list member. By that you mean "[EMAIL PROTECTED]" which is the default address as the admin? If so then what am I supposed to create, and why would creating one make a diffe

Re: [Mailman-Users] How hard is it to spoof an email?

Jp Possenti wrote: > How hard would it be for someone to maliciously start sending all the users > in my list emails or start deleting people from it by sending bounce errors It's not hard at all. In fact it's quite easy. This is because the raw archive data is available to the public. See thi

Re: [Mailman-Users] How hard is it to spoof an email?

Jp Possenti wrote: > I have a couple of questions regarding that FAQ link: > > 1. Setting the max_num_recipients to 1 will mean that any time I make a > newsletter to the public, I need to login and approve that request, correct? The number of "recipients" is the number of addresses in the email

Re: [Mailman-Users] any info on this reported exploit?

Brad Knowles wrote: > At 2:11 PM -0500 2006-01-28, Jim Popovitch wrote: > >> The whole reason for me waxing so passionately on this thread is the >> earlier suggestion that Diana shouldn't have even emailed mailman-users, >> but rather mailman-security and kept it quiet thereafter (this after i

Re: [Mailman-Users] Verifying posts

Brad Knowles wrote: > At 1:28 AM +0900 2006-01-30, Stephen J. Turnbull wrote: > >> There was a thread about this in the fairly recent past, perhaps it >> was on mailman-developers, though. IIRC the consensus was "making >> this more trouble than it's worth is not going to be easy". > > Th

Re: [Mailman-Users] Why are footers sent as attachments?

Jp Possenti wrote: > >If I decide to do the one that is like this: > >[EMAIL PROTECTED] > >The "command" goes in the subject or body? > >In this case unsubscribe would be in which? Or does it not matter? The '-request' processing processes the Subject: and the first mm_cfg.DEFAULT_MAIL_COMMANDS_M

Re: [Mailman-Users] How hard is it to spoof an email?

Jp Possenti wrote: >I have a couple of questions regarding that FAQ link: > >1. Setting the max_num_recipients to 1 will mean that any time I make a >newsletter to the public, I need to login and approve that request, correct? Maybe. See below. >I am just confused about the wording of the comm

Re: [Mailman-Users] Why are footers sent as attachments?

Mark, If I decide to do the one that is like this: [EMAIL PROTECTED] The "command" goes in the subject or body? In this case unsubscribe would be in which? Or does it not matter? Kind regards, Jp Possenti -Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: Sunday,

Re: [Mailman-Users] Why are footers sent as attachments?

Jp Possenti wrote: >Why is it that when I set Mailman to apply a footer with some info, Outlook >detects it as an attachment? >Is this yet another problem with just outlook? > >Also does the footer in mailman support HTML? Please read the FAQ. A search of the FAQ for footer should turn up the a

Re: [Mailman-Users] How hard is it to spoof an email?

I have a couple of questions regarding that FAQ link: 1. Setting the max_num_recipients to 1 will mean that any time I make a newsletter to the public, I need to login and approve that request, correct? I am just confused about the wording of the command. Does that mean that the message will go t

[Mailman-Users] Why are footers sent as attachments?

Why is it that when I set Mailman to apply a footer with some info, Outlook detects it as an attachment? Is this yet another problem with just outlook? Also does the footer in mailman support HTML? I want to make it so at the bottom of every email I can include a reply to address for them to un

Re: [Mailman-Users] Is there a workaround to this?

So basically there is none yet. Hopefully in the future there will be. I don't want to hack anything really, just don't feel comfortable enough, and it maybe breaking something else in the long run after an upgrade or update. Kind regards, Jp -Original Message- From: Mark Sapiro [mailt

Re: [Mailman-Users] How hard is it to spoof an email?

Jp Possenti wrote: >How hard would it be for someone to maliciously start sending all the users >in my list emails or start deleting people from it by sending bounce errors >or by spoofing the admin email and start emailing everyone on the list? It all depends on how your list is set up. >Is t

Re: [Mailman-Users] New Lists not getting emails from internal domain

Neilrey Espino wrote: > >I have successfully migrated our Mailman to a new server. All seem to >work perfectly on the existing Lists. > >However when, I created a new list, somehow emails coming from the >internet are being accepted/relayed and bounced properly but email >coming from my own domai

Re: [Mailman-Users] Is there a workaround to this?

Jp Possenti wrote: >I have been reading throughout the web and it seems that when one is reading >a mailing list in Outlook, Mailman does something like this: > >http://www.washington.edu/computing/mailman/faqs/mailman.header.html > >Is there a work-around to that yet? See

[Mailman-Users] How hard is it to spoof an email?

How hard would it be for someone to maliciously start sending all the users in my list emails or start deleting people from it by sending bounce errors or by spoofing the admin email and start emailing everyone on the list? Is this a common problem, or is mailman secure about it? What are some ways

[Mailman-Users] New Lists not getting emails from internal domain

Hi, I have successfully migrated our Mailman to a new server. All seem to work perfectly on the existing Lists. However when, I created a new list, somehow emails coming from the internet are being accepted/relayed and bounced properly but email coming from my own domain indicates "unknown user

[Mailman-Users] Is there a workaround to this?

I have been reading throughout the web and it seems that when one is reading a mailing list in Outlook, Mailman does something like this: http://www.washington.edu/computing/mailman/faqs/mailman.header.html Is there a work-around to that yet? Kind regards, Jp -

Re: [Mailman-Users] 1 xxx moderator request(s) waiting

Peter wrote: > >=Waring message everyday= > >The [EMAIL PROTECTED] mailing list has 1 request(s) waiting for your >consideration at: > >http://xxx/cgi-bin/mailman/admindb/xxx > >Please attend to this at your earliest convenience. This notice of >pending requests, if any

Re: [Mailman-Users] Verifying posts

At 1:28 AM +0900 2006-01-30, Stephen J. Turnbull wrote: > There was a thread about this in the fairly recent past, perhaps it > was on mailman-developers, though. IIRC the consensus was "making > this more trouble than it's worth is not going to be easy". There is a FAQ entry on how t

Re: [Mailman-Users] Verifying posts

> "Jim" == Jim Popovitch <[EMAIL PROTECTED]> writes: Jim> Hi all, I've been looking into TMDA (http://tmda.net) and got Jim> to wondering if something like this (or a subset of it) Jim> should be incorporated into Mailman. There was a thread about this in the fairly recent past, p

Re: [Mailman-Users] any info on this reported exploit?

> "Jim" == Jim Popovitch <[EMAIL PROTECTED]> writes: Jim> Stephen J. Turnbull wrote: >> Oh, if you prefer windstorms, hurricane is a bad analogy. Far >> more accurate is "tornado".<0.1 wink> Jim> Hurricane is the most accurate analogy, because with Jim> hurricanes nobody

Re: [Mailman-Users] any info on this reported exploit?

At 2:11 PM -0500 2006-01-28, Jim Popovitch wrote: > The whole reason for me waxing so passionately on this thread is the > earlier suggestion that Diana shouldn't have even emailed mailman-users, > but rather mailman-security and kept it quiet thereafter (this after it > was already released o

[Mailman-Users] 1 xxx moderator request(s) waiting

Hi I have a wating meassge, but the cue is empty. How can I get off this waring? The xxx are repace to hide (spam) the real neames =Waring message everyday= The [EMAIL PROTECTED] mailing list has 1 request(s) waiting for your consideration at: http://xxx/cgi-bin/mail