--
On Fri, Jun 14, 2002 at 05:26:46PM -0400, Greg Ward wrote:
| On 14 June 2002, Derrick 'dman' Hudson said:
| > One solution is to use a MLM that doesn't require a separate "alias"
| > to route messages to the recipients (eg mailman).
|
| I've never tried it, but I don't see any reason why Mailman wouldn't
| also be vulnerable to forging the address of senders allowed to post.
I don't see why not either (unless gpg signature verification is
done), but with the alias method majordomo uses, you can bypass
majordomo entirely.
| However, MM would let him make this a moderated list -- which is
| probably a very good idea for a low-traffic newsletter with thousands of
| recipients; you have to give the message a final look before it goes out
| to all those thousands of people. And no big deal if someone forges the
| sender address -- you just don't approve their virus/spam/whatever.
Right. Since mailman doesn't have the alias-bypass hole there isn't a
way for a user, malicious person, or worm to simply bypass whatever
sanity checks you (the admin) put in place.
-D
--
The crucible for silver and the furnace for gold,
but the Lord tests the heart.
Proverbs 17:3
http://dman.ddts.net/~dman/
--
[ Content of type application/pgp-signature deleted ]
--