Peter <list...@gmx.de> wrote:
The methods mentioned both have a "backdoor", so it is better to keep
them moderated, right?
I wonder, why it is not possible to use the brilliant authentication
backend courier comes with. Isn´t it possible to construct something
like:
"if user is authenticated on this server and uses account
news...@domain.org let him post to the newsletter."
Not easily, since "posting to a couriermlm mailing list", from the Courier
server's point of view, is being done in the "local message delivery" stage, not
in the earlier "SMTP authentication and message reception" stage. As far as I
know, no authentication information is passed from the "SMTP auth and msg
reception" stage to the "local delivery" stage.
If you want a top secure posting authorization mechanism, you could call a
script of yours in the dot-courier file, and make the script use `mimegpg`[1] to
verify if the message has a proper GPG/PGP signature, and only then call
`couriermlm` to actually post the message.
[1] http://www.courier-mta.org/mimegpg.html
16 messages in net.sourceforge.lists.courier-users[courier-users] RE: Newsletter with c...
