Re: create list restrictions

thank you very much it really works I copied as you suggested me the 
scenario from topics_visibility.identified

and I Called it create_list.identified and I modified it accordingly

title.gettext conceal unless user is logged in

!equal([sender],'nobody')      smtp,dkim,smime,md5 -> do_it
true()                         smtp,dkim,md5,smime -> 
reject(reason='create_list_identified')

then I put it in /home/sympa/etc/scenari/

thanks again

Riccardo

On 1/3/11 12:03 PM, Serge Aumont wrote:
>  Le 31/12/10 19:45, Riccardo Veraldi a écrit :
>> Hello,
>> the default scenarios for create list button in the wwsympa  page is 
>> create_list.listmaster and create_list.public_listmaster
>>
>> I would like that create list button could appear only for 
>> authenticated users.
>>
>> Normally it appears for everyone using the public_listmaster scenario 
>> or appears only for listmaster
>>
>> is there a scenario ready to use for my purpouse ?

protect public archives

Hello I am running sympa 6.1.3.
I have many many users subscribed to different mailing lists on 
different virtual hosts.

My problem is that I cannot afford that every user has a X509 
certificate and also
I cannot manage hundreds and hundreds of user passwords.

I would like normal subscribers (they do not need to authenticate to 
sympa they only need to read archives)
to be able to read Web archives, but I need Web archives not to be 
public visible by everyone.

Is there a way or an option to protect a public web archive with a 
global password ??
Even if sympa is a cgi program, can I protect archives with a 
user/password apache .htaccess style ?

thank you

Riccardo

virtual host bug ?

Hello,
sympa 6.1.3 here.

I have a particulare configuration which leads an error.

I have the main robot

lists.domain.it

and a virtual host

lists.sub.domain.it

I have a mailing list

test@...

and I am the privileged owner Riccardo.Veraldi@...

I also have a mailing list on the other wirtual host

test@...

and I am still the privileged owner Riccardo.Veraldi@...

Here is the problem, the list test@... goes in error config

Feb  2 15:28:12 lists sympa[3333]: err List::add_admin_user() Unable to 
execute SQL statement "INSERT INTO admin_table (user_admin, 

List of Lists Visibility

Sympa community,

We've had a couple instances in the past here at Duke, where third 
parties have scraped our publicly visible list of lists 
(https://lists.duke.edu/sympa/lists) and then gone through and used 
automated tools to attempt to subscribe themselves to each list there (a 
lot of which do allow open subscription).  It's easy enough to identify 
the offending address -- this past weekend, there was a Gmail address 
that subscribed itself to 983 lists before it was brought to my 
attention -- but it understandably causes some alarm among list owners.

I was looking at the documentation and the code, and it doesn't appear 
that the do_lists action within wwsympa is protected by any scenario, 
but I wanted to find out if I overlooked something.  I'm also open to 
other ideas and suggestions.

Thanks,
Jeff
Systems Developer, Duke University Office of Information Technology

Re: List of Lists Visibility

On Wed, 2 Feb 2011 15:26:45 -0500, Jeff Abbott <jeff.abbott@...> wrote:
> Sympa community,
> 
> We've had a couple instances in the past here at Duke, where third 
> parties have scraped our publicly visible list of lists 
> (https://lists.duke.edu/sympa/lists) and then gone through and used 
> automated tools to attempt to subscribe themselves to each list there (a 
> lot of which do allow open subscription).  It's easy enough to identify 
> the offending address -- this past weekend, there was a Gmail address 
> that subscribed itself to 983 lists before it was brought to my 
> attention -- but it understandably causes some alarm among list owners.

Interesting, that could be pretty annoying.

I wonder if it would be worth considering a parameter that notified the
administrator if a particular address was subscribed to a certain
percentage of the lists?

That might not work out so well in installations where there are two
lists and everyone is subscribed to all of them, but it could be
configurable? 

micah

Re: List of Lists Visibility

Re: List of Lists Visibility

> We've had a couple instances in the past here at Duke, where third
> parties have scraped our publicly visible list of lists
> (https://lists.duke.edu/sympa/lists) and then gone through and used
> automated tools to attempt to subscribe themselves to each list there (a
> lot of which do allow open subscription).

This may not be the answer you're looking for, but IMHO you should solve 
this problem and various others by simply disallowing any open (ie. no 
auth/confirmation required) subscriptions.  All unauthenticated 
subscribe requests should require subsequent confirmation by the user 
anyway, to avoid spurious subscriptions resulting from spam, viruses, 
errors, malicious activity, etc.  You'll have to either change the 
setting on existing lists with open subscriptions or "override" it by 
linking the subscribe.open scenario file to, say, the subscribe.auth 
file instead, but neither one is very difficult.

That's my 2 centimes.  Or did I misunderstand something?

      adam

Scenari includes not working

Hello,

I have some lists that should have the same scenario rules, so I tryied an
"include" on a custom scenari, for example:

etc/scenari/send.intranetorprivte2:

title.gettext restricted to local domain and subscribers 2

include allowdomain
is_subscriber([listname],[sender]) smtp,dkim,smime,md5    -> do_it
is_editor([listname],[sender])     smtp,dkim,smime,md5    -> do_it
is_owner([listname],[sender])      smtp,dkim,smime,md5    -> do_it
match([sender],/[conf->host]$/)    smtp,dkim,smime,md5    -> do_it
true()                             smtp,dkim,smime,md5    ->
reject(reason='send_local_user_sub')

, and then in etc/scenari/include.allowdomain:

match([sender], /my\.domain\.org$/)     smtp,dkim,smime,md5    -> do_it

the include rule (or rules) are always ignored but they work if I write them
down directly in the send.  scenario file. Even if I put the following rule in
the include it gets silently ignored:

true() -> do_it

Has anybody suffered the same bug? Are includes really working?

TIA,

  Evili

Re: Scenari includes not working

Can non-subscribers post to public lists via the web interface?

Hi,
I'm wondering if I can configure a list so that a non-subscriber can post to
it using a web interface (with a captcha or some other mechanism to make sure
they are human).

I'd like people to be able to post questions to the list and read the answers
in the web archive (and possibly reply to them the same way) without having to
subscribe.

Does Sympa support that?

Thanks
Dan