On 10/14/21 12:41 PM, bob B wrote:
In mailman3 documentation it says: "Because the REST server has full administrative access, it should never be exposed to the public internet. By default it only listens to connections on localhost."
So I just wanted to confirm there is no way to limit API access? For example I have a group that wants to use API access to mange their mail lists, but from what I can gather, if I give them access to the API they would have access to ALL the mail lists etc.. I would suspect this is even true if I give them their own domain?
Is there anyway to limit access via the API to certain lists etc.....
No, there isn't.
If Postorius is not suitable for some reason, you would need to implement an application on the host to provide a user interface to the API with appropriate authentication and controls. There are some ideas but no actual code at <https://gitlab.com/mailman/lemme>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan