At 5:07 PM -0400 4/23/97, Tom Limoncelli wrote:
>Yes, if you want to override the moderator on a moderated mailing list
>don't email to LIST @
SITE, but mail to LIST-outgoing @
>To defeat this, the admin should replace "LIST-outgoing" with
>"LIST-secretword" and make sure that people can't find out what
>"secretword" is. For example:
> 1. Configure Sendmail to not display it in the Received: headers.
> 2. Make sure your /etc/aliases file can't be accessed by
> untrustworthy users. (this may mean running your
> mailing lists on a machine that only lets you in)
> 3. Disable EXPN and VRFY (this should be done anyway).
Good summary. Two more points:
1) This is a Majordomo-specific issue; therefore, it doesn't belong on the
List-Managers mailing list (which is for list management issues that are
NOT specific to a particular piece of software). Itshould have been posted
to the Majordomo-Users mailing list instead.
2) This very issue is discussed in the Majordomo Frequently Asked Questions
file (<http://www.greatcircle.com/majordomo/FAQ>, question 3.6).
Brent Chapman Internet/intranet training and consulting,
COM specializing in network design and security.
Great Circle Associates,Inc. Visit us at http://www.greatcircle.com/