> I want to make sure that nothing is published to Catalist. There's a > CONFIDENTIAL=YES setting for each list. Is there a global setting that > will override any individual list header? Yes, via RUNMODE: http://www.lsoft.com/manuals/16.0/sitevars.html#cRunmode > I want to make sure that commands like RELEASE don't work, except for > possibly postmasters. > > I want to make sure no other command releases information about the > server, administrators, or configuration. > > Does L-Soft have a best practices document? Certain information (like the LISTSERV version) can't easily be hidden. That said, it looks like your server currently shares more information than it needs to. A short list: * Change your postmaster addresses to be hidden. You need one non-hidden address, but you can hide the rest: http://www.lsoft.com/manuals/16.0/sitevars.html#cPostmaster * Hide error tracebacks to non-postmasters: http://www.lsoft.com/manuals/16.0/sitevars.html#cHidetraceback * Change your JOB_STAT_DEFAULT: http://www.lsoft.com/manuals/16.0/sitevars.html#cJobstatdefault * Hide your subscriber counts: http://www.lsoft.com/manuals/16.0/sitevars.html#cWWWShowSubscriberCount And of course, the obvious list configuration things: make sure your lists are set to 'Validate=Yes,Confirm', 'Review=Owner'. Ben wrote a paper on all this some years ago: http://www.lsoft.com/news/techtipLSV-issue3-2009-us.asp Hope this helps. -- Liam Kelly Senior Consulting Analyst L-Soft international [log in to unmask] L-Soft wishes you a Happy 2013 http://www.lsoft.com/happy2013.html ############################ To unsubscribe from the LSTSRV-L list: write to: mailto:[log in to unmask] or click the following link: http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1