API privileges question for mailman3
In mailman3 documentation it says: "Because the REST server has full administrative access, it should never be exposed to the public internet. By default it only listens to connections on localhost."
So I just wanted to confirm there is no way to limit API access? For example I have a group that wants to use API access to mange their mail lists, but from what I can gather, if I give them access to the API they would have access to ALL the mail lists etc.. I would suspect this is even true if I give them their own domain?
Is there anyway to limit access via the API to certain lists etc.....
On 10/14/21 12:41 PM, bob B wrote:
In mailman3 documentation it says: "Because the REST server has full administrative access, it should never be exposed to the public internet. By default it only listens to connections on localhost."
So I just wanted to confirm there is no way to limit API access? For example I have a group that wants to use API access to mange their mail lists, but from what I can gather, if I give them access to the API they would have access to ALL the mail lists etc.. I would suspect this is even true if I give them their own domain?
Is there anyway to limit access via the API to certain lists etc.....
No, there isn't.
If Postorius is not suitable for some reason, you would need to implement an application on the host to provide a user interface to the API with appropriate authentication and controls. There are some ideas but no actual code at <https://gitlab.com/mailman/lemme>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
On 10/14/21 12:41 PM, bob B wrote:
So I just wanted to confirm there is no way to limit API access?
What Mark said.
For example I have a group that wants to use API access to mange their mail lists, but from what I can gather, if I give them access to the API they would have access to ALL the mail lists etc..
You could give them a separate VM or container with their own instance of Mailman. But that means they can't share user information with the main instance.
Steve
Thanks, I thought about a separate instance, but then I have to set them up a separate mail domain, which may ultimately be the answer... but I am sure there will be meeting to discuss :)
bob B writes:
Thanks, I thought about a separate instance, but then I have to set them up a separate mail domain, which may ultimately be the answer... but I am sure there will be meeting to discuss :)
How quickly do you need this, and how secure does it need to be? For example, are the relevant folks all going to be coming from inside the organization's firewall? (I'm thinking "locks are for honest people, the crooks know how to pick them".)
@PeanutGallery Anybody else want it?
I'm interested in working on it (I'd like to see more layered security in Mailman, among other things) but tbh I wouldn't bet on me getting it done in less than 6 months, even with the head start that "lemme" gives. OTOH, if several people express interest and optionally (I mean optionally but it does help ;-) put some money behind it, you might find somebody with more current skills interested in the work. For the longer term, there's Summer of Code (no guarantees it will even exist, and we might not get a nibble from an appropriate student).
Steve
Thanks, we have no time frame in-mind. The group that wants to do this is technically a sub group in my division, so the higher ups may decide to give them that access or not. At this point I will send up my findings and then the managers can discuss how/if they want to implement a solution.
I think ultimately they would just need to add and remove users (once a list is lists for them). So I also assume they could script that with email commands?
bob B writes:
I think ultimately they would just need to add and remove users (once a list is lists for them). So I also assume they could script that with email commands?
Yes, that is certainly possible. If your Postorius is set up to accept password-based logins and not 2FA, they could probably script that via curl or netcat too (although of course we'd recommend Python!)
Steve
participants (3)
-
bob B -
Mark Sapiro -
Stephen J. Turnbull