[unisog] Recommendation for list management sw
fw at deneb.enyo.de
Fri Nov 5 11:43:24 GMT 2004
* Ronaldo Vasconcellos:
> The "attacker" has to be a subscriber.
> That's all. The malicious subscriber gets the victim's password. Nice for
> certain kinds of Social Engineering attacks.
Yeah, you should remove the password entry fields from the web
Fortunately, it's possible to use Mailman 2.1 (as a subscriber)
without bothering about those passwords. This is a big advantage of
the 2.1.x releases. In the 2.0.x releases, it was nearly impossible
for a non-skilled subscriber to unsubscribe without help from the list
administrator. We actually had to route the unsubscribe messages to a
human for processing because there were too many complaints about
official process. 8->
> You should give a try to EZMLM , a mailing list manager based in qmail.
ezmlm (and ezmlm-idx) tends to subscribe all kinds of autoresponders
to its mailing lists. It might have been a fine choice a couple of
years ago (I've run it for a few months, but I soon started hating
qmail, so I switched back to Mailman 2.0 *cough*), but it doesn't seem
to be a good choice for the current demands of Internet mail.
FWIW, I'm using Mailman 2.1 now, and a special Exim configuration for
small mailing lists whose subscription list is managed by hand (and
should not be exposed because of a stupid Mailman glitch).
More information about the unisog