At 2:40 PM +0200 2004-08-27, Jacob Friis Larsen wrote:
How can we secure our list server?
Just add all the necessary addresses to the list of addresses that are allowed to post to the list. Moderate all other senders.
Wouldn't it be too easy for someone to change their sender address and get their spam out to our customers?
That would be a very real risk. One thing you could do is make the Mailman server sit behind a firewall, and accept incoming connections only from your local network. This would mean that someone would have to be able to get access to one of your internal machines in order to send out stuff as your process, in addition to spoofing the address.
You could even go so far as to set it up so that it only listens to the 127.0.0.1 IP address, which means that all traffic would have to be generated locally on the machine itself, and it wouldn't accept traffic from any other system, even if it was on the same network.
Regretfully, when it comes to security, what Mailman provides is relatively minimal. It will validate the sending address, but it can't prevent anyone from spoofing it, etc....
With luck, we might be able to address this in Mailman3, and make it capable of using strong cryptographic checks for things like this. But that day is not here yet, and it may be a very long time in coming.
-- Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info. ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
