FAQ
Is there a relatively straightforward mechanism to protecting list
archives from prying eyes? From what I can tell, anyone that can
guess the URL of the archives (e.g. www.foo.org/pipermail/listname)
can view the archives of the list, even if they're not a subscriber
to the list.

Rather than make a .htaccess file for each list, or even disable
archives altogether, what can I do to secure this? This is with
mailman-2.1.9, built-in pipermail on RHEL 4. I have ~ 830 lists with
a couple hundred messages per list, on average.

Thanks,


Chris

Search Discussions

  • Brad Knowles at Aug 13, 2007 at 10:25 pm

    On 8/13/07, Chris Waltham wrote:

    Is there a relatively straightforward mechanism to protecting list
    archives from prying eyes? From what I can tell, anyone that can
    guess the URL of the archives (e.g. www.foo.org/pipermail/listname)
    can view the archives of the list, even if they're not a subscriber
    to the list.
    Make the archives private, and only subscribers will be able to log
    in and see it. This is independent of whether or not the list itself
    is advertised or not.
    Rather than make a .htaccess file for each list, or even disable
    archives altogether, what can I do to secure this? This is with
    mailman-2.1.9, built-in pipermail on RHEL 4. I have ~ 830 lists with
    a couple hundred messages per list, on average.
    You shouldn't need to do anything unusual here. For a single list,
    you should be able to go to the web admin page for the list, then go
    down to the "Archiving Options" section, and click the radio button
    to make the archives private as opposed to public, then click the
    button at the bottom which says "Submit Your Changes".

    Now, for automating this for ~830 lists, you'll probably want to do
    that using a "withlist" script and a bit of Python code.

    --
    Brad Knowles <brad at shub-internet.org>, Consultant & Author
    LinkedIn Profile: <http://tinyurl.com/y8kpxu>
    Slides from Invited Talks: <http://tinyurl.com/tj6q4>

    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  • Chris Waltham at Aug 14, 2007 at 1:00 pm

    On Aug 13, 2007, at 6:25 PM, Brad Knowles wrote:
    On 8/13/07, Chris Waltham wrote:

    Is there a relatively straightforward mechanism to protecting list
    archives from prying eyes? From what I can tell, anyone that can
    guess the URL of the archives (e.g. www.foo.org/pipermail/listname)
    can view the archives of the list, even if they're not a subscriber
    to the list.
    Make the archives private, and only subscribers will be able to log
    in and see it. This is independent of whether or not the list
    itself is advertised or not.
    Thanks Brad, I got this suggestion privately right about the same
    time you sent this one. :-)
    Rather than make a .htaccess file for each list, or even disable
    archives altogether, what can I do to secure this? This is with
    mailman-2.1.9, built-in pipermail on RHEL 4. I have ~ 830 lists with
    a couple hundred messages per list, on average.
    You shouldn't need to do anything unusual here. For a single list,
    you should be able to go to the web admin page for the list, then
    go down to the "Archiving Options" section, and click the radio
    button to make the archives private as opposed to public, then
    click the button at the bottom which says "Submit Your Changes".

    Now, for automating this for ~830 lists, you'll probably want to do
    that using a "withlist" script and a bit of Python code.
    I'll try searching the archives to see if there's a command to do
    what I want, otherwise I could just input and output some config
    files and run sed over them ;-)


    Chris
  • Mark Sapiro at Aug 19, 2007 at 4:38 am

    Chris Waltham wrote:
    I'll try searching the archives to see if there's a command to do
    what I want, otherwise I could just input and output some config
    files and run sed over them ;-)

    You don't need to do anything that tricky. Just run

    #! /bin/bash
    file=`mktemp`
    echo 'archive_private = 1' > $file
    cd path/to/mailman
    for list in `bin/list_lists --bare`
    do bin/config_list -i $file $list
    done
    rm $file

    to set every list's archive to private. bin/config_list -i doesn't
    change anything that isn't in it's input file.

    - --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedAug 13, '07 at 8:08p
activeAug 19, '07 at 4:38a
posts4
users3
websitelist.org

People

Translate

site design / logo © 2022 Grokbase