This seems pretty weak security. I'm very surprised Brent Chapman
would leave such a wide-open hole to be able to get around the
'restrict_post' specifications. Is this going to be fixed in next
version? BTW, when might the next version come out???
I cannot turn off EXPN here since that would cause us to lose
potential forgery alerts for ALL email.
Is this actually the only way to secure a list from being posted to
by unauthorized people?
Thanks!
On Thu, 04 Dec 1997 21:29:29 +0100 Mats Dufberg <Mats.Dufberg@abc.se>
wrote:
> On Thu, 4 Dec 1997 14:27:36 -0500, Martin McGreal wrote:
>
> >Maybe I'm just set up improperly, but what's the purpose in having
> >a moderated list if someone can simply send to the alias that
> >indicates the *actual* list of recipients?
>
> Well, you CAN prevent that. If you rename the alias to the actual
> list
> test-outgoing: :include:/path/test
> to someting non-obvious, e.g.
> test-wioc: :include:/path/test
> and turn off EXPN in the SMTP server, it is hard to get around
> for outsider.
>
>
>
>
>
>
>
> ------------------------------------------------------
> Mats Dufberg mats.dufberg@abc.se
>
>
>
----------------------
Teresa Downey <Teresa.Downey@SLAC.Stanford.Edu>
SCS Networking, Stanford Linear Accelerator Center
Phone: 650-926-2903 ----- Fax: 650-926-3329
Follow-Ups:
References:
|
|
