On Mon, 4 Mar 1996, Jonathon Blake wrote:
Since autoresponders are the norm now, is their anyway
to ensure that one's autoresponder isn't being used
to mailbomb another person? << A form of mail bombing
attack that occured to me when I read a subscribe
message to my mailing list, and then a request for a
file that is delivered by my autoresponder. >>
If majordomo is being used and the list is not set up as an "open" list,
when somebody tries to subscribe an id other than their own, the subscribe
request is bounced to the list moderator for approval. The moderator
should be able to tell if something fishy is going on there.
A potential problem I see is that in mailers such as Pegasus Mail, users
are allowed to change the mail id that appears in their "from" header. If
the vandal is aware of this, he/she can make it appear that the subscribe
request is coming from the actual subscibee. I don't see any way around
that potential problem.
Anyway, we've left the discussion of procmail.