I'm trying to set up a list from which only certain people can post
to. I set it up such that in the config file it looks for a file to get
a list of authorized addresses. In doing so I noticed that X-Sender
gets tacked on to the headers and that anyone with Netscape can forge
this address nullifying any protection this gives.
So I decided to use the approval header as a further protection.
This works but I've come across a broader flaw in that in the Recieved
header shows what the outgoing alias is. Anyone who wishes to post to
the list could bypass the resend alias and go directly to the outgoing
aliases (which as I said it posted in the Recieved header). Thus
bypassing all checks.
Is there any whay to protect from this? Could resned take as its last
arg :include:/subscribers_list? It didn't seem to appear to be able to
but this would seem to fix the problem.
Otherwise it would seem that there is no such thing as a truely
"moderated" list in majorodmo land, or am I missing something?