Re: [Mailman-Users] Announce-only lists?
> Because faking the 'From' header is easy. You could write a program that reads standard input, removes the From address and the Received lines, then forwards the mail to the list addresses using the list From address. Hook the program up to a secret e-mail address. It should be just as secure as an approval password. By the way, this interests me, too. I'm not worried about spam; I'm worried about jerks sending e-mail to the announce list just because they can (to show how smart they are, etc.). There are a lot of people like that, you know. == Dan Richter == mailto:[EMAIL PROTECTED] === People say I am ruthless. I am not ruthless. And if I find the man who is calling me ruthless, I shall destroy him. - Robert Kenedy, campaigning for Senate in 1964 -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] List Security
Mailman doesn't use secret aliased. That's good. Mailman v2.0 authenticates on From: or envelope (you pick). Mailman v2.1 authenticates on From: and envelope. Pardon me for being a pain here, but isn't it ridiculously easy to forge a From:, and also rather easy to forge an envelope? Now I'll be humble and admit that I don't even know what an envelope is. So my question about the envelope really boils down to: if I have root access on a machine other than the one Mailman is running on, can I fool Mailman's envelope recognition? == Dan Richter == mailto:Dan@;wimba.com === He [Bob Dole] fought in Italy, where he suffered a serious head injury. Then he went into politics. - a poorly worded radio announcement in 1961 -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
[Mailman-Users] List Security
I was using Majordomo, but I got scared off when I realized that anyone could bypass the list posting restrictions by posting to the correct alias. (The normal list alias processes, then redirects to a second alias which blindly transmits.) The "blind forward" alias shows up in the headers, so I can't even hide it from people. Please reassure me that Mailman does not have this vulnerability! ====== Dan Richter == mailto:Dan@;wimba.com === Customers who consider our waitresses uncivil ought to see the manager. - Sign in a restaurant in New York -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
