John Fitzsimons writes: > >List membership is easy to spoof anyway. > > Umm. I was beginning to wonder about that. I am familiar with usenet > spoofing but hadn't thought deeply enough about that situation in > email. :-( > > If I understand you correctly then anyone can post to any unmoderated > emailing list by simply spoofing someone who is authorised to post ?
Yes. There are ways that authentication could be made stronger, but if you allow posting via GMane, you're pretty much done in. > >The only way to control traffic to your list is to moderate it. > > Okay, of course that is quite impractical. I wouldn't go so far as to say "of course" in general. There may be other ways to do it. For example my lists are moderated on a round the clock basis using the device of one moderator in Japan, one in Germany, and one in California. Such convenience is unlikely to be available to you, but perhaps there are trusted members who keep odd hours, etc. Be creative! > > > As well as to suggest a way to fix it please ? > > >Moderate the GMane subscription. > > Okay, that however would pretty much kill the mailing list. If someone > posted while I was asleep then they would have to wait hours for my > "okay". You'd have to get Mark or Barry to comment (and you supply a copy of the GMane test post as it arrived at Mailman, it's in the mbox file), but I suspect that the reason that this works as it does is the "Sender" check. So as long as your users always appear in From, you could disable the Sender check and moderate GMane. You'd still be subject to member spoofing, so you'd have to do spam and virus filtering on the front end (it's worth great effort on your part to doit in the incoming MTA). > It is a pity that nobody in the open source community is interested in > creating an NNTP server that someone, who isn't a unix expert, could > install on a "hosted" web site. :-( It's not about the NNTP server or package installation and configuration. Any GNU/Linux distro makes that easy enough. It's about the hosting services. This is a job for cPanel, not for the newsserver developers or Mailman developers. :-( ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
