[TCLUG] mailman & virtual hosting

Thu Oct 31 08:35:51 CST 2002

Mailman is smart enough to figure it out from the URL.  You don't have to do
anything.  Just set the default host name in each of the mailing lists and
you should do alright -- as long as your link the aliases in apache from the
virtual host configuration.

Tom Veldhouse

----- Original Message -----
From: "Amy Tanner" <amy at real-time.com>
To: <tclug-list at mn-linux.org>
Sent: Wednesday, October 30, 2002 4:42 PM
Subject: [TCLUG] mailman & virtual hosting

Has anyone setup mailman to serve mailing lists to multiple virtual
domains?  Here's an example of what I'm trying to do:

Virtual Hosts:

public.domain.com
- contains public mailing lists

private.domain.com
- contains private mailing lists

I setup 2 virtual hosts in httpd.conf and I configured host_name and
web_page_url on each mailing list to match the appropriate virtual host.

Going to http://public.domain.com/mailman/listinfo correctly shows only
the public mailing lists.

Going to http://private.domain.com/mailman/listinfo correctly shows only the
private mailing lists.

However, for either virtual host, you can tag the name of any mailing
list on the end to get to the information about that mailing list.  So,
in other words, it's security by obscurity.  Even though passwords are
required for the private mailing lists, a subscribe could use a weak
password making the mailing lists vulnerable.  I thought the web_page_url
variable would make the mailing lists only work using that virtual
address but that appears to not be the case.

I also tried making a copy of the /var/mailman/cgi-bin files and using
the Deny/Allow directives to protect them on private.domain.com but that
doesn't seem to make any difference since public.domain.com can use its
own cgi-bin files to view the mailing lists under private.domain.com.

I searched the mailman mailing list archives and found a few others with
similar questions, but no answers.  I'm wondering if mailman is just not
meant to do this.  But I would think ISPs would have a need for this
sort of thing.

Any help is appreciated.  Thanks.

--
Amy Tanner
amy at real-time.com