the URL of the mailman script

[pfmartin]

I noticed that when I (or a member) of any mailing-list log into the mailman script, the server domain name is visible in the URL.

For Example:

http://server1.a1-hosting.com/mailman/admin/group_domain.com

The problem with this is that resellers that have clients with mailing lists are exposed. That is, their clients see our server name in the mailing list name, links, etc.

Other than changing our server domain names to something totally generic, is there any way to fix this? This is critical for a successful reseller program to work. We cannot undermine the resellers wishes to have us remain anonymous.

Thanks!

[feanor]

Right.....

I'm assuming you have suexec instilled within the apache configuration on this box? Unless Nick & darkorb or some other genius on the 'net has fathomed a way to run mailman in a shared hosting environment under suexec via multiple domains, you're stuck. Unless you disable suexec.

See, as everything else on your suexec machine, mailman has to run under a particular user, and one user only, when it executes via a web browser's command. Spreading the ability out to all the domain on the machine would break the suexec security scheme.

It's a catch22
Horray!

[robin93]

What are the implications of not running suexec? What would we need to ask our webhosting companies to do if we wanted to ask them to do this, and move the mailman lists into virtual domain controlled space?

I think a lot of virtual domain users are going to want this kind of functionality, especially considering the movement to get away from things like yahoo lists and gaining more control by having your own domain. This could be a big selling point.

--
Robin

[daveformerlyof]

[quote:500aaf96c9][i:500aaf96c9]Originally posted by robin93[/i:500aaf96c9]

What are the implications of not running suexec? What would we need to ask our webhosting companies to do if we wanted to ask them to do this, and move the mailman lists into virtual domain controlled space?

I think a lot of virtual domain users are going to want this kind of functionality, especially considering the movement to get away from things like yahoo lists and gaining more control by having your own domain. This could be a big selling point.

--
Robin[/quote:500aaf96c9]

Not using Suexec allows mailman and other services to run as root. This can cause security problems if people take advantage of the &root access& you would be handing out.

[pfmartin]

[quote:53e3d0c42d][i:53e3d0c42d]Originally posted by DaveDark[/i:53e3d0c42d]
Not using Suexec allows mailman and other services to run as root. This can cause security problems if people take advantage of the &root access& you would be handing out.[/quote:53e3d0c42d]

So should we assume based on this response that there is no intention of finding a solution for this? In my opinion, it is a critical component to the reseller features of Cpanel. It would be a shame if this was left out there since all our resellers are already complaining about it.

Thanks

[newfield]

Come on, you guys, this is making a VERY negative impact on the entire cpanel reseller industry! You need to come up with a solution of running mailman in virtual mode, and still have suexec since you determine that it is such a risk without it!!!!

Listen, you guys have made cpanel a 2nd class interface by exposing our customers to the server owner!!! I for one, will need to seriously consider migrating to some other web panel if this is not remedied!! Or, do you expect us all to get our own servers?
Please, find a fix.. Work with mailman developers, to find a solution, or give us another mailing list client that iscompatable with suexec.

a disappointed reseller


Quote:
--------------------------------------------------------------------------------
Originally posted by DaveDark
Not using Suexec allows mailman and other services to run as root. This can cause security problems if people take advantage of the &root access& you would be handing out.
--------------------------------------------------------------------------------



So should we assume based on this response that there is no intention of finding a solution for this? In my opinion, it is a critical component to the reseller features of Cpanel. It would be a shame if this was left out there since all our resellers are already complaining about it.

Thanks

[Brad]

I would much rather see a solution to this, then IMAP support added to cpanel, this has been a thorn for a while now..

[ecoutez]

Second class interface? Funny, I always thought you catch more flies with honey.

Maybe some other control panels can truly hide the identity of the server. If that's the case, I haven't seen them. Between IP address ownership, using shell access to view server files, whois lookup against base IP for registered DNS server(s), you'd be pretty hard pressed to fully hide the ownership of the box.

Perhaps the suggestion that someone else made of using a more generic domain would be wise. Put up an empty website for that domain that just gives an email address to contact for abuse reports, and I suspect you'll do just fine.

- Jason

[smperik]

so nothing in regards to this??

This is a flat out shame that CPanel would let this problem slide. ANYTHING? So one is saying that a transparent reseller account is not 100% possible. I almost was believing it could be attained.

Does CPanel even read these boards?

[thomas]

[quote:8ca73b7e0d][i:8ca73b7e0d]Originally posted by smperik[/i:8ca73b7e0d]

so nothing in regards to this??

This is a flat out shame that CPanel would let this problem slide. ANYTHING? So one is saying that a transparent reseller account is not 100% possible. I almost was believing it could be attained.

Does CPanel even read these boards?
[/quote:8ca73b7e0d]

This was fixed in Build#171