Subject: | |
From: | |
Reply To: | |
Date: | Sat, 3 Apr 2004 16:20:03 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Pete Weiss wrote:
> I've noticed that certain lists "role" accounts are being spoofed (by
> viruses) in FROM: fields. Thus you may encounter:
>
> mail from: listname-SUBSCRIBE-REQUEST@listhost
> mail to: listname-SUBSCRIBE-REQUEST@listhost
>
> Because the particular listname was SERVICE=LOCAL and SUBSCRIPTION=OPEN,
> the process succeeded.
We have an explicit policy forbidding the use of unconfirmed open subscriptions
(Subscription= Open). A list which allows unconfirmed open subscriptions is a
proxy mail bomb vulnerability waiting to be exploited.
We have a script which runs nightly and generates a list of all lists with this
configuration. We seldom find any, but when we do, we change the configuration
to require confirmation (Subscription= Open,Confirm), notify the list owner of
the change, and remind them of the policy. To the best of my knowledge, we have
never had to change the same list twice.
Reference: http://listserv.nd.edu/policies.html
--
Paul Russell
Senior Systems Administrator
University of Notre Dame
|
|
|