MailMan - Make it configurable on a site basis, not server wide ( PCI-DSS Compliance )

Mish130 shared this idea 4 years ago
Open Discussion

Please change the configuration of MAILMAN so that access can be controlled on a site basis rather than server wide basis.

We operate on a shared server where other users need to use MailMan. This means that we cannot pass PCI compliance as the only solution is to alter the configuration server wide (redirect to SSL or disable).

Currently, as I understand it, no shared server where some sites/users need to access MailMan (without SSL) can pass PCI-DSS complaince [world wide issue].

photo
1

Shared servers will rarely pass PCI compliance, it's also only going to be a hack/fake pass if you do manage to while having MailMan work on other accounts/IP's as the vulnerability/weakness still remains. If you need PCI compliance you should be running your applications on a private server.