On 8/13/07, Chris Waltham wrote:
Is there a relatively straightforward mechanism to protecting list
archives from prying eyes? From what I can tell, anyone that can
guess the URL of the archives (e.g. www.foo.org/pipermail/listname)
can view the archives of the list, even if they're not a subscriber
to the list.
Make the archives private, and only subscribers will be able to log
in and see it. This is independent of whether or not the list itself
is advertised or not.
Rather than make a .htaccess file for each list, or even disable
archives altogether, what can I do to secure this? This is with
mailman-2.1.9, built-in pipermail on RHEL 4. I have ~ 830 lists with
a couple hundred messages per list, on average.
You shouldn't need to do anything unusual here. For a single list,
you should be able to go to the web admin page for the list, then go
down to the "Archiving Options" section, and click the radio button
to make the archives private as opposed to public, then click the
button at the bottom which says "Submit Your Changes".
Now, for automating this for ~830 lists, you'll probably want to do
that using a "withlist" script and a bit of Python code.