LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-12-2008, 05:52 AM   #1
ajithender
Member
 
Registered: Jul 2007
Posts: 41

Rep: Reputation: 15
Unhappy Mailman security issue, No privacy to the Organizations


Hello Mailman,linux community friends

We are using the Mailman in our office, for our internal purpose only. Which is meant for privacy to the office members.

where as one day i found that mailman archieve it is showing the entire mails to the outside people. If they are downloading all the archieves and seeing them will break our privacy this came to my existance after 2 years of time. I dont know how may are doing this. And we are very much afraid of this.

for example same iam showing the link here of mailman community emails

(whether this is hack or feature or dont know wht to say, but this way it is showing our organizations mails to all the public)

http://mail.python.org/pipermail/mailman-developers/

http://mail.python.org/mailman/listinfo - this is the list of the members

By seeing the above link what i understood is All the groups and members are known to others, then how can achieve the privacy using this mailman. This is usefull for open community by seeing the mails interchanging the knowledge only the mailman.

For offices like us can we achieve the privacy. Even the attachments in the mails are also visible to others and sometimes the mails are consisting the Passwords also, So how to configure this mailman for not showing the archieve and only use as the mail server, used only for reading and composing the mails like all other email services (Yahoo,google etc.,).


So kindly provide the solution.

we can get full benifit of mailman.

with regards
A.Jithender Reddy

Last edited by ajithender; 07-21-2008 at 07:34 AM.
 
Old 07-12-2008, 06:14 AM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Do you mean that you have created a mailman list? Or that you have installed it to your local server?

Is it the software from here: http://www.list.org/
 
Old 07-12-2008, 10:37 AM   #3
ajithender
Member
 
Registered: Jul 2007
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by XavierP View Post
Do you mean that you have created a mailman list? Or that you have installed it to your local server?

Is it the software from here: http://www.list.org/
And we are using this as our internal mailserver application only.

I dont want to give the original url here because i.e not fixed means if i provide all the mails are visible to others.

i.e as example iam giving the python.org urls (above).

So, kindly provide the solution.

(MailMan - i think this is for electronic mail discussion and e-newsletter lists but we are using this for internal mail server only. So, how to deny access to other public for viewing the mail discussion archieves {observe the above post urls} )
Example:

http://mail.python.org/pipermail/mailman-users/

The Mailman-Users Archives

You can get more information about this list.


Archive View by: Downloadable version
April 2024: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 511 bytes ]
June 2013: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 879 bytes ]
March 2011: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 1 KB ]
July 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 100 KB ]
June 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 191 KB ]
May 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 162 KB ]
April 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 171 KB ]
March 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 177 KB ]
February 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 202 KB ]
January 2008: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 200 KB ]
December 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 173 KB ]
November 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 131 KB ]
October 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 116 KB ]
September 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 154 KB ]
August 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 165 KB ]
July 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 110 KB ]
June 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 158 KB ]
May 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 161 KB ]
April 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 213 KB ]
March 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 210 KB ]
February 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 114 KB ]
January 2007: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 165 KB ]
December 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 212 KB ]
November 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 230 KB ]
October 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 234 KB ]
September 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 291 KB ]
August 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 196 KB ]
July 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 172 KB ]
June 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 259 KB ]
May 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 265 KB ]
April 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 192 KB ]
March 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 258 KB ]
February 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 272 KB ]
January 2006: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 227 KB ]
December 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 194 KB ]
November 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 183 KB ]
October 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 253 KB ]
September 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 206 KB ]
August 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 144 KB ]
July 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 217 KB ]
June 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 186 KB ]
May 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 217 KB ]
April 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 214 KB ]
March 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 302 KB ]
February 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 325 KB ]
January 2005: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 261 KB ]
December 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 201 KB ]
November 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 224 KB ]
October 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 258 KB ]
September 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 265 KB ]
August 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 250 KB ]
July 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 246 KB ]
June 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 263 KB ]
May 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 248 KB ]
April 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 271 KB ]
March 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 219 KB ]
February 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 320 KB ]
January 2004: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 264 KB ]
December 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 235 KB ]
November 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 226 KB ]
October 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 261 KB ]
September 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 228 KB ]
August 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 295 KB ]
July 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 360 KB ]
June 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 257 KB ]
May 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 338 KB ]
April 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 339 KB ]
March 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 327 KB ]
February 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 423 KB ]
January 2003: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 440 KB ]
December 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 200 KB ]
November 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 287 KB ]
October 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 337 KB ]
September 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 315 KB ]
August 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 268 KB ]
July 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 220 KB ]
June 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 189 KB ]
May 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 294 KB ]
April 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 299 KB ]
March 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 264 KB ]
February 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 281 KB ]
January 2002: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 281 KB ]
December 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 249 KB ]
November 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 298 KB ]
October 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 329 KB ]
September 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 157 KB ]
August 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 243 KB ]
July 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 257 KB ]
June 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 314 KB ]
May 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 271 KB ]
April 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 210 KB ]
March 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 218 KB ]
February 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 224 KB ]
January 2001: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 180 KB ]
December 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 187 KB ]
November 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 279 KB ]
October 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 206 KB ]
September 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 234 KB ]
August 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 190 KB ]
July 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 164 KB ]
June 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 200 KB ]
May 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 122 KB ]
April 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 130 KB ]
March 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 133 KB ]
February 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 131 KB ]
January 2000: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 105 KB ]
December 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 139 KB ]
November 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 122 KB ]
October 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 73 KB ]
September 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 96 KB ]
August 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 84 KB ]
July 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 102 KB ]
June 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 84 KB ]
May 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 67 KB ]
April 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 85 KB ]
March 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 139 KB ]
February 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 88 KB ]
January 1999: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 58 KB ]
December 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 17 KB ]
November 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 19 KB ]
October 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 23 KB ]
September 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 6 KB ]
August 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 14 KB ]
July 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 11 KB ]
June 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 4 KB ]
May 1998: [ Thread ] [ Subject ] [ Author ] [ Date ] [ Gzip'd Text 2 KB ]

Like this entire mails are visible to others. So how i should prevent others to view the lists. Actually the lists are created for our members grouping but not to provide e-newsletter or subscribe feature. I think you understand this.

"Want to achieve the privacy using the mailman. you can say we dont want list e-newsletter feature of mailman. Only the basic requireemtn of ours is composing the mails, reading the mails, i.e for communication between the members. Most of them are confidential "

thanks

Last edited by ajithender; 07-12-2008 at 10:41 AM.
 
Old 07-12-2008, 01:17 PM   #4
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Haven't used it myself, but you may find this useful: http://wiki.list.org/display/DOC/Home
 
Old 07-12-2008, 11:16 PM   #5
ajithender
Member
 
Registered: Jul 2007
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
If you set archive_private to "private" on the lists "Archiving
Options" page in the admin web interface, the archive will only be
available to list members who log in with their list pasword. The
archive links will be of the form
<http://mail.python.org/mailman/private/mailman-developers/>, and the
'pipermail' links won't work.
more information please

Last edited by ajithender; 07-21-2008 at 07:29 AM.
 
Old 07-13-2008, 01:44 AM   #6
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
If you don't want people external to your organization seeing your lists, then configure your web server such that only hosts on your LAN can have access. If I am understanding you correctly, this is a web server configuration issue, not a mailman issue.

Do you want to allow or deny external people the ability to send mail to the list?
 
Old 07-13-2008, 10:50 AM   #7
ajithender
Member
 
Registered: Jul 2007
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Mr. C. View Post
If you don't want people external to your organization seeing your lists, then configure your web server such that only hosts on your LAN can have access. If I am understanding you correctly, this is a web server configuration issue, not a mailman issue.

Do you want to allow or deny external people the ability to send mail to the list?
No, we use internet to access the mailserver of ours, even we also provide some people who are authorized to use their mails with our domain. So this is not the issue with the webserver. Rather you can say the issue now is we dont want the feature of subscriptions in mailman simply.

:-)

So first, second threads post having the url check it once. Now all our mails are showing on the internet this way (suddenly i saw one day by browsing one attachment which came from one of my colleague who is using this mailman of ours and it is pointing to this subscribe list)

I surprise and i escalated this issue to my authorities. Now they are checking on that.

In the mean while i want to get the help of you people in solving that
 
Old 07-13-2008, 12:17 PM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by linuxswan
If you set archive_private to "private" on the lists "Archiving
Options" page in the admin web interface, the archive will only be
available to list members who log in with their list pasword. The
archive links will be of the form
<http://mail.python.org/mailman/private/mailman-developers/>, and the
'pipermail' links won't work.
What about this wasn't clear?
 
Old 07-21-2008, 07:28 AM   #9
teluguswan
Member
 
Registered: Oct 2005
Posts: 116

Rep: Reputation: 15
If you set archive_private to "private" on the lists "Archiving
Options" page in the admin web interface, the archive will only be
available to list members who log in with their list pasword. The
archive links will be of the form
<http://mail.python.org/mailman/private/mailman-developers/>, and the
'pipermail' links won't work.

This will help you insolving your problem.

Private archieve means only to the members not all the public who are accessing the mailman pages only the list only. look into this and tell me
 
  


Reply

Tags
hack, mailman, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Core Security: GNU Privacy Guard flaw allows phishing-like attacks LXer Syndicated Linux News 0 03-09-2007 10:01 PM
Web browsing security/privacy strategies mattydee Linux - Security 7 12-20-2006 08:22 PM
Security / privacy risk with sharing DSL line? robbbert Linux - Networking 7 05-12-2006 02:06 AM
mailman security vulnerability? aquaboot Ubuntu 0 01-16-2006 07:40 PM
Valid Security Tool or Instrusion of Privacy? firefly2442 General 11 08-19-2004 12:02 AM


All times are GMT -5. The time now is 07:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration