Dave Wolfe wrote:
>
> [ Noah White writes: ]
> >
> > I'm trying to set up a list from which only certain people can post
> > to. I set it up such that in the config file it looks for a file to get
> > a list of authorized addresses. In doing so I noticed that X-Sender
> > gets tacked on to the headers and that anyone with Netscape can forge
> > this address nullifying any protection this gives.
>
> Resend doesn't pay any attention to X-Sender.
>
This is true but it is not resend I am concerned about. The problem
with the
X-Sender is that when a mailing goes out (a digest or a resent post)
X-Sender is
tacked on to this message and contains the email address of the person
posting it.
This means that it displayed the authorized posters email address which
then could
be forged with Netscape to defeat the -I option or the config file
paramter which
specifies that only certain addresses listed in a file can post to the
list.
>
> Note that if you put the Approval header in the body and don't provide a
> subsequent To header (in the body, separated from the real body by a
> blank line) you'll get Apparently-To headers. Stick with restrict_post.
>
Yes I noticed this ugliness which is necessary to accomodate approved,
forwarded messages. On way around it which is a real krudge is to put a
To and Subject
header again after the approved header. restrict_post still contains the
problem
I outlined above.
-Noah
References:
|
|
