-----BEGIN PGP SIGNED MESSAGE-----
On Apr 12, 2:41am, James Lick wrote:
> These are three real actual examples of what is being griped about. I'd
> be extremely happy if I could configure sendmail in some way such that if
> it receives a network messages, it is marked as "dirty" until it is
> evaluated as coming from a site we relay from, or it is evaluated as going
> to a site we relay to, or it goes through a local address expansion at
> which point it is marked clean.
There's another way to fix the list-managers part of this problem.
Once you're subscribed, require that unsubscribe requests come in
cryptographically signed (maybe only if the original request was
cryptographically signed). For those "insecure" subscriptions, give
the user a password that they can change (and hopefully remember), but
that have to be used any time they want to change their subscription
status on the list (i.e., they could probably change from digest mode
to reflector mode without requiring the password, but setting "NOMAIL"
would require the password).
As for the relay problem, I think the key is to be able to set a
database that defines domains that you choose to relay to and/or from
(or choose not to relay to and/or from, as the case may be), and then
build into check_compat() the necessary robust code to enforce those
Combine these, and I think you deal with the majority of the spam
and velveeta generated today. Then you get to have fun with junkmail
and people who forge bogus headers so that they don't ever have to
worry about dealing with any of their bounces or the expensive job of
cleaning up their mailing list.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Brad Knowles MIME/PGP: BKnowles@aol.net
Mail Systems Administrator <http://www.his.com/~brad/>
for America Online, Inc. Ph: (703) 453-4148
PGP keys available from firstname.lastname@example.org