Enhancement (security issue): add setting to disallow anonymous subscription
I believe there is a need to disallow public subscription (/anonymous_subscribe
) to a list: useful, even crucial to list communities not having the habit to discussing publicly by default.
Currently, postorius/lists/<list.name.fqdn> allows to subscribe to any list you know the name of — and even more so to lists that are publicly advertised, but one might know or guess an unadvertised list's name… and still subscribe, even is they are not allowed to. Knowing that the Subscription policy default is Confirm, that means it is easy to subscribe to lists intended to be confidential.
And anyway, the subscription requests validation procedure does not seem sufficient for all (confidential) list environments, because identities can easily be faked by email accounts (say a dot more or less to a legitimate address, which would never be added by manual subscription but easily overlooked in a subscription request).
See also similar (but not identical, distinguish Sign Up action & Subscribe action) mailman#1088
-
Add a setting in Core to disable subscriptions to a particular list via -join address. This could be done on a per-list basis or server wide. The setting should allow subscriptions via API/CLI, it is upto the admin using the API to subscribe. -
Add a setting in Postorius/Hyperkitty to error out on anonymous subscription form or completely remove it on the list page when this setting is disabled in Core.