Which Mailing List Manager Do You Recommmend?

bobdinkel writes "While I know it isn't the most glamorous thing, mailing lists are a fact of life. And they gotta be managed by someone. In my organization, that someone is me. For whatever reason (they won't exactly say) the powers that be do not want to use majordomo and sendmail. So I pose this question to you, dear reader: What is the best MLM - MTA combo in the Unix world?" One only needs to shake a stick to see the amount of software available that handles mailing lists. Which ones have suited your needs?

Mailman.

[babbage]

Mailman rocks. Much better than Majordomo, even if it is written in Python. ;)

Mailman, the GNU Mailing List Manager

Mailman is software to help manage electronic mail discussion lists, much like Majordomo or Smartmail. Mailman gives each mailing list a unique web page and allows users to subscribe, unsubscribe, and change their account options over the web. Even the list manager can administer his or her list entirely via the web. Mailman has most of the features that people want in a mailing list management system, including built-in archiving, mail-to-news gateways, spam filters, bounce detection, digest delivery, and so on. See the features page for more detail.

Mailman is free software. It is distributed under the GNU General Public License. The canonical Mailman home page is at a href="http://www.gnu.org/software/mailman/mailman. html">www.gnu.org/software/mailman/mailman.html , with more information available at www.list.org. Mailman is written in the Python programming language, with a little bit of C code for security.

It really is good software -- easy to administer, and easy for users. I wouldn't bother with Majordomo anymore...

Qmail + ezmlm

[eyez]

What I personally use is the qmail + ezmlm combo- this has quite a few benefits over sendmail + xxx. ..

One point is that Qmail's author issued a Cash Reward for the first person to find a security hole in qmail- That was in march 1997 and it still has not been claimed.

compare this to sendmail, where there's a security hole fix in EVERY release.

Qmail is also AWESOME at handling high amounts of email sanely, is absolutely simple to configure, has a large and very supportive user base, and again, it was designed with security in mind.

Apart from that, ezmlm is EASY to configure, and if you get the "qmailadmin" program, you also have an easy web-based configuration interface, if you prefer that. (though, I myself prefer the commandline tools.)

The one thing you'll have to get used to is the 'Maildir' format, which applies to anyone using a shell on the qmail server to check / receive email- mutt has builtin maildir support, there's a patch available for pine.

qmail's home location is http://cr.yp.to/qmail.html and it's supporting community is at http://www.qmail.org

SmartList

[Jamie+Zawinski]

I use SmartList, which comes with Procmail. It's kind of a hassle to initially install (there's no smurfy GUI) but it's basic, poweful, and works without any stupidity getting in the way. User subscriptions and unsubscriptions are handled via the time-honored mechanism of mailing to list-request addresses.

The last time this came up, lots of people recommended MailMan. As a user, I hate Mailman. So as a mailing list admin, I won't inflict it on people. Here's why:

Compare and contrast this sequence of actions:

With sane mailing list software:

• Mail "unsubscribe" to "foo-request".
• Get "please confirm" mail back.
• Reply.
• Done.

With Mailman:

• Mail "unsubscribe" to "foo-request".
• Get "I don't understand that" mail back.
• Find the admin URL in that web page.
• Load the web page.
• Try to log in.
• Realize you don't remember the password it generated for you, because you haven't ever used it even once.
• Find the "mail me my password" button.
• Wait for the password to arrive.
• Go back to the web page.
• Try to log in.
• Waste some more time trying before you realize it doesn't work without cookies.
• Turn cookies back on.
• Log in.
• Find the unsubscribe link.
• Done.

Now which was easier?

So I use Smartlist for all my mailing lists. Though it is a pain in the ass to configure, it does the "reply to this to confirm" trick completely painlessly from the end user's point of view, and not having that is a deal breaker for me.

I understand that Mailman is trying to provide some measure of security by mailing passwords around, but mailed passwords don't work. By which I mean, they provide no more protection than the "reply to this message to be subscribed" mechanism does. So long as you can tell the web page to mail you your password, the only real validation that is going on is that the person issueing the subscribe request is a person capable of reading mail sent to the address they are subscribing.

It's important that mailing list software do this check, to avoid prank subscriptions. But the "reply to this" method is N less steps than the password-I-don't-know-I-have method, while being absolutely equivalent from a security point of view.

So the password thing is merely irritating and a waste of time: it has no benefits.

Re:Mailman Weaknesses

[Outland+Traveller]

Not to be contrary, but the weaknesses you describe are minor.

You can make a list with announce-only properties by configuring it as moderated, and make the person/accounts who sends the announcements the moderator.

Your points #2 and #3 are really the same argument, that it's better to trade the security for convenience. Obviously, that's debatable and many people will see it as a feature rather than a bug. In practice it is not hard to enter a password in order to unsubscribe.