|
Mailman was created with the privacy shortcomings of other lists in mind.
There are a number of manager-configurable settings that can
help in preventing spam, subscription abuse, and widespread
disclosure of list traffic to non-subscribers.Subscribing
| Description |
Value |
| Advertise this list when people ask what lists
are on this machine? |
In general, people in the outside world can see a list
of available Mailman lists by visiting http://name.of.host/mailman/listinfo
By setting this value to "no," this list will not be included
in the directory of available lists. |
| What steps are required for subscription? |
Confirm: when a subscription request is made a message
will be sent back to the address being added. The new member will have to
reply to the message (without having to modify anything) for their subscription
to become active. This prevents someone from maliciously adding people against
their will. Require Approval: when a subscription request is made
a note will be sent to the list administrator letting them know that a person
is petitioning to join. The list administrator will be given a URL to follow
that will then show them the request and allow them to approve or deny it
via the web. Confirm+Approval: includes both of the above. |
Membership exposure
| Description |
Value |
| Who can view subscription list? |
This setting dictates access to the subscription list
via the web. Anyone: this allows anyone in the world to browse by
and take a look at who the members of your list are. Never ever use this
setting unless you are trying to say "I have contempt for all of my
list members and hope that they get spammed out of their minds." List
members: this is the traditional setting for most lists, allowing participants
to see who the other people on the list are but blocking view to the general
public. This settings can be overridden by individual users who have set
the "hide" option for their account. List admin only: only the
administrator can see the list members. |
| Show member addrs so they're not directly recognizable
as email addrs? |
This is a nice feature that discourages theft of lists:
the membership list does not show actually addresses but instead shows participants
as "username at foo.com". This should block most harvesters if
they manage to get through to the listing. |
General posting filters Mailman allows you a good deal of control over who
may and may not post to the list. Because there is a bit of good old-fashioned
logic involved some people may be confused by these settings. Please see the chart
following the descriptions of the settings for an illustration of how these settings
work in concert.
| Description |
Value |
| Must posts be approved by an administrator?
|
This settings defines the list as "moderated"
or "unmoderated" in most people's minds. If set to yes, postings
are held and the administrator is notified of their existence. They may
then approve or reject postings via the web interface. If set to "no,"
postings to the list are immediately delivered to list membership. |
| Restrict posting privilege to list members?
(member_posting_only) |
Under nearly all circumstances this should be set to
"yes." This restriction will cause Mailman to hold for administrative
review all posts to the list that do not originate from a list member. Setting
this to yes prevents you from being spammed by people who manage to get
a hold of your list address. Note: there is a use to setting this
to no, see the chart below. |
| Addresses of members accepted for posting to
this list without implicit approval requirement. |
This settings can be used to designate posting privileges
to persons who are not subscribers to the list. It may also be used to specify
persons who are exclusively allowed to post. Please see the chart below
for explanation. |
Posting privileges explained
The posting privileges settings outlined above actually interact with
one another. This chart will help to explain their use so that you can optimally
configure your posting privileges. Each box shows who may post for each of the
configurations.
| Who
is allowed to post? |
Posting restricted to list members?
|
| Yes |
No |
| Are there implicitly approved
people? |
Yes |
List members and individuals listed. |
Only listed persons may post. |
| No |
List members only. |
Anyone in the universe. |
Spam-specific posting filters
| Value |
Description |
| Must posts have list named in destination (to,
cc) field (or be among the acceptable alias names, specified below)? |
This prevents the list from being used as part of a
BCC (Blind Carbon Copy) spam. |
| Alias names (regexps) which qualify as explicit
to or cc destination names for this list. |
Helps Mailman make allowances for mail systems that
do not substitute the address for alias or for mail servers where list address
receives mail from an alias with a different name. |
| Ceiling on acceptable number of recipients
for a posting. |
Prevents the list from being used as part of a mass
recipient spam. Also discourages use of list as recipient of office jokecast
notes and bogus solicitations. |
| Addresses whose postings are always held for
approval. |
Allows manager to designate special special individuals
whose postings are always held for approval while when postings are otherwise
allowed through. |
| Hold posts with header value matching a specified
regexp. |
Allows you to filter out known addresses or domains
that function primarily as spambone providers. |
| Hide the sender of a message, replacing it
with the list address (Removes From, Sender and Reply-To fields) |
This tells Mailman to rewrite the header so that traffic
appears to be coming from the list itself instead of the original poster.
Provides some added privacy for posters, but may be annoying to some list
members as mailbox headers show only the list name instead of the actual
poster. |
|
Go to Previous Page
