The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

the URL of the mailman script

Discussion in 'E-mail Discussions' started by pfmartin, Jun 14, 2002.

  1. pfmartin

    pfmartin Well-Known Member

    Joined:
    Aug 18, 2001
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    I noticed that when I (or a member) of any mailing-list log into the mailman script, the server domain name is visible in the URL.

    For Example:

    http://server1.a1-hosting.com/mailman/admin/group_domain.com

    The problem with this is that resellers that have clients with mailing lists are exposed. That is, their clients see our server name in the mailing list name, links, etc.

    Other than changing our server domain names to something totally generic, is there any way to fix this? This is critical for a successful reseller program to work. We cannot undermine the resellers wishes to have us remain anonymous.

    Thanks!
     
  2. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    Right.....

    I'm assuming you have suexec instilled within the apache configuration on this box? Unless Nick & darkorb or some other genius on the 'net has fathomed a way to run mailman in a shared hosting environment under suexec via multiple domains, you're stuck. Unless you disable suexec.

    See, as everything else on your suexec machine, mailman has to run under a particular user, and one user only, when it executes via a web browser's command. Spreading the ability out to all the domain on the machine would break the suexec security scheme.

    It's a catch22
    Horray!
     
  3. robin93

    robin93 Registered

    Joined:
    Jun 10, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    What are the implications of not running suexec? What would we need to ask our webhosting companies to do if we wanted to ask them to do this, and move the mailman lists into virtual domain controlled space?

    I think a lot of virtual domain users are going to want this kind of functionality, especially considering the movement to get away from things like yahoo lists and gaining more control by having your own domain. This could be a big selling point.

    --
    Robin
     
  4. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    [quote:500aaf96c9][i:500aaf96c9]Originally posted by robin93[/i:500aaf96c9]

    What are the implications of not running suexec? What would we need to ask our webhosting companies to do if we wanted to ask them to do this, and move the mailman lists into virtual domain controlled space?

    I think a lot of virtual domain users are going to want this kind of functionality, especially considering the movement to get away from things like yahoo lists and gaining more control by having your own domain. This could be a big selling point.

    --
    Robin[/quote:500aaf96c9]

    Not using Suexec allows mailman and other services to run as root. This can cause security problems if people take advantage of the &root access& you would be handing out.
     
  5. pfmartin

    pfmartin Well-Known Member

    Joined:
    Aug 18, 2001
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    [quote:53e3d0c42d][i:53e3d0c42d]Originally posted by DaveDark[/i:53e3d0c42d]
    Not using Suexec allows mailman and other services to run as root. This can cause security problems if people take advantage of the &root access& you would be handing out.[/quote:53e3d0c42d]

    So should we assume based on this response that there is no intention of finding a solution for this? In my opinion, it is a critical component to the reseller features of Cpanel. It would be a shame if this was left out there since all our resellers are already complaining about it.

    Thanks
     
  6. newfield

    newfield Active Member

    Joined:
    Mar 2, 2002
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    State of Confusion
    Come on, you guys, this is making a VERY negative impact on the entire cpanel reseller industry! You need to come up with a solution of running mailman in virtual mode, and still have suexec since you determine that it is such a risk without it!!!!

    Listen, you guys have made cpanel a 2nd class interface by exposing our customers to the server owner!!! I for one, will need to seriously consider migrating to some other web panel if this is not remedied!! Or, do you expect us all to get our own servers?
    Please, find a fix.. Work with mailman developers, to find a solution, or give us another mailing list client that iscompatable with suexec.

    a disappointed reseller


    Quote:
    --------------------------------------------------------------------------------
    Originally posted by DaveDark
    Not using Suexec allows mailman and other services to run as root. This can cause security problems if people take advantage of the &root access& you would be handing out.
    --------------------------------------------------------------------------------



    So should we assume based on this response that there is no intention of finding a solution for this? In my opinion, it is a critical component to the reseller features of Cpanel. It would be a shame if this was left out there since all our resellers are already complaining about it.

    Thanks
     
  7. Brad

    Brad Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    231
    Likes Received:
    0
    Trophy Points:
    16
    I would much rather see a solution to this, then IMAP support added to cpanel, this has been a thorn for a while now..
     
  8. ecoutez

    ecoutez Well-Known Member

    Joined:
    May 23, 2002
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    0
    No good deed goes unpunished

    Second class interface? Funny, I always thought you catch more flies with honey.

    Maybe some other control panels can truly hide the identity of the server. If that's the case, I haven't seen them. Between IP address ownership, using shell access to view server files, whois lookup against base IP for registered DNS server(s), you'd be pretty hard pressed to fully hide the ownership of the box.

    Perhaps the suggestion that someone else made of using a more generic domain would be wise. Put up an empty website for that domain that just gives an email address to contact for abuse reports, and I suspect you'll do just fine.

    - Jason
     
  9. smperik

    smperik Registered

    Joined:
    Aug 21, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    so nothing in regards to this??

    This is a flat out shame that CPanel would let this problem slide. ANYTHING? So one is saying that a transparent reseller account is not 100% possible. I almost was believing it could be attained.

    Does CPanel even read these boards?
     
  10. thomas

    thomas Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    [quote:8ca73b7e0d][i:8ca73b7e0d]Originally posted by smperik[/i:8ca73b7e0d]

    so nothing in regards to this??

    This is a flat out shame that CPanel would let this problem slide. ANYTHING? So one is saying that a transparent reseller account is not 100% possible. I almost was believing it could be attained.

    Does CPanel even read these boards?
    [/quote:8ca73b7e0d]

    This was fixed in Build#171
     
Loading...

Share This Page