On Jun 16, 2000 Marilyn Davis <marilyn@???> wrote:
> On Fri, 16 Jun 2000, Jeffrey Goldberg wrote:
> > (1) Use the private aliase file scheme to protect the out-going aliases.
> > That is far better than security through obscurity. The mechamism is
> > described in a FAQ linked to from the exim FAQ regarding majordomo.
> > This is a wonderful thing you can do with exim.
>
> We don't hide the addresses of the list members. We don't hide
> anything. We don't do anything illegal or promote anything illegal
> and we believe in openness. If a public service isn't open, it's not
> a "public" service. We are only concerned with denial-of-service
> attacks, or attacks that cost me time to fix. Is this still necessary
> for us? I'll read that FAQ again.
Either you or I have misunderstood. Is your list a "members only" list
for posting? If not, then someone could attack your list simply by
flooding it. You did say that you were worried about attacks on it.
If the list is a members only posting list, then that "security" feature
can be evaded by someone mailing directly to the listname-outgoing aliase
if you have used the -outgoing as the suffix for that. (This issue is
discussed in the majordomo FAQ as well.) The document referred to in
the exim FAQ for setting up majordomo provides a nice solution to that
problem.
I am more than surprised that you don't conceal the addresses of your list
members. General privacy concerns suggest that you should. Or have I
misunderstood?
-j
--
Jeffrey Goldberg
Note: I am moving and changing many addresses, please see
http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of convention over truth, authority over justice
