> >I cannot understand why anyone would not want to keep their list open
> >to non-subscriber postings. Is there something I am missing?
>
> I can't understand why anyone WOULD want their lists open to non-subscriber
> postings (is that what you meant?) I can't believe its the default in the
> current version of majordomo to have lists open to random posts -- that
> seems rather, well, dumb.
For most lists, it causes no harm (great) to allow people to send to
the list without subscribing. the only real problems with it (that i
can think of 8-) are:
(1) SPAM!,
(2) idiots being jerks, and
(3) newbies asking stupid questions without being informed of
the FAQ, or whatever.
Usually (2) can be taken care of with reasonable pointers to FAQs
wherever the mailing lists are advertised.
On the other hand, there are benefits to having "open-posting" lists:
(1) allows people who have a quick question that isn't easily
answered by list archives or a FAQ to ask it, and not
get completely swamped by (for the) irrelevant mail.
(This is especially true for high-volume lists.)
(2) allows people who have a "floating" e-mail address to use
the list reasonably... (for instance, i send most of
my mail from here (lagavulin), but often from other
machines, and most of the mailing lists i'm subscribed
to are subscribed to my berkeley.edu addresses... 8-)
If you restrict postings to people who are subscribed,
this becomes harder to deal with properly.
all of the lists i run (22, or so, at last count) are "open posting."
(Interesting, _not_ all are open subscription, but even the one that
isn't is open to all posters...)
> But I also can't understand why it isn't harder
> for outsiders to figure out the outgoing mail alias (I mean
> listname-outgoing IS fairly obvious...)
Especially since it may be in the mail headers of your outgoing mail!
e.g.:
Received: (daemon@localhost) by miles.greatcircle.com (8.6.9/Miles-941015-1) id XAA02833 for list-managers-outgoing; Sat, 11 Mar 1995 23:52:40 -0800
in the message that i'm replying to.
I think the big stroke of luck is that (with a few exceptions) the
people most likely to abuse mailing lists are also those least
likely to actually know what the headers are telling them. 8-)
In any case:
The presence in the headers can be dealt with (at worst by hacking
sendmail; i dunno what all the relevant options are).
The "-outgoing" name is just a convention; you can set it up to use
whatever you'd like (assuming your admin is amenable). To keep
outsiders from finding the new outgoing address, you could disable
EXPNs. Or, if that's not reasonable and you (or they) are willing to
hack the sendmail.cf on your machine, you can get the incoming list
archive to get pointed to someplace where the outgoing list name is
not obvious. (I don't know how standard this is, but) we point the
incoming mail to a special mail delivery rule, with sendmail, and have
it figure out the right outgoing name and use that.
It's not drop-dead-simple to get the security (in terms of
subscription, finding out who's on the list, posting to the list,
etc.) that a "sensitive" list requires, but it's definitely not too
hard...
It's definitely worth noting that if you're running a "sensitive"
list, and you're really concerned about its traffic being monitored or
its users being discovered, it's probably a bad idea to be running it
on a "shared" machine, e.g. a machine owned by a big shell-account
provider. Given that you or a trusted individual would be running the
machine, there should be no problem arranging for all the sendmail
hacks necessary to make the mailing list secure. 8-)
chris
References:
|
|
