At 5:07 PM -0400 4/23/97, Tom Limoncelli wrote:
>Yes, if you want to override the moderator on a moderated mailing list
>don't email to LIST@SITE, but mail to LIST-outgoing@SITE
>
>To defeat this, the admin should replace "LIST-outgoing" with
>"LIST-secretword" and make sure that people can't find out what
>"secretword" is. For example:
>
> 1. Configure Sendmail to not display it in the Received: headers.
> 2. Make sure your /etc/aliases file can't be accessed by
> untrustworthy users. (this may mean running your
> mailing lists on a machine that only lets you in)
> 3. Disable EXPN and VRFY (this should be done anyway).
>
>--tal
Good summary. Two more points:
1) This is a Majordomo-specific issue; therefore, it doesn't belong on the
List-Managers mailing list (which is for list management issues that are
NOT specific to a particular piece of software). Itshould have been posted
to the Majordomo-Users mailing list instead.
2) This very issue is discussed in the Majordomo Frequently Asked Questions
file (<http://www.greatcircle.com/majordomo/FAQ>, question 3.6).
-Brent
--
Brent Chapman Internet/intranet training and consulting,
Brent@GreatCircle.COM specializing in network design and security.
Great Circle Associates,Inc. Visit us at http://www.greatcircle.com/
References:
|
|
