On Mon, 4 Mar 1996, Derrick Green wrote:
If majordomo is being used and the list is not set up as an "open" list,
when somebody tries to subscribe an id other than their own, the subscribe
request is bounced to the list moderator for approval. The moderator
should be able to tell if something fishy is going on there.
A potential problem I see is that in mailers such as Pegasus Mail, users
are allowed to change the mail id that appears in their "from" header. If
the vandal is aware of this, he/she can make it appear that the subscribe
request is coming from the actual subscibee. I don't see any way around
that potential problem.
Anyway, we've left the discussion of procmail.
Well, it's pretty easy to change the From: line with almost any system.
Most majordomo mailing lists add a Sender line to the header: "Sender:
owner-<something>@<somewhere>". As a preventative measure, you could put
in a procmail rule to filter out all messages with such headers that
aren't from a recognized list.
Also, most mailing lists add the "Precedence: bulk" header. That might
be useful, too. We use it here so (ideally) unfiltered mailing list
messages never show up on our alpha pagers...
--
j'ai une ame solitaire
dan mcguirk
mcguirk(_at_)indirect(_dot_)com