|
Sender: |
|
Subject: |
|
From: |
|
Date: |
Thu, 6 Jan 1994 22:35:33 GMT |
Comments: |
|
Organization: |
California Institute of Technology, Pasadena |
Reply-To: |
|
Just a day ago, a user was able to spoof the listserv into distrbuting
his personal message by bouncing the message back to the listserv using
ELM mailer. The following is the setup of the List [log in to unmask]
* Review= Owner Subscription= Open,Confirm Send= Editor
* Notify= Yes Reply-to= List,Ignore
* Validate= Store Only X-Tags= No
* Confidential=No Stats= Normal,Owner Ack= Yes
* Safe= Yes Files= No Mail-via= Dist2
* Errors-To= Owner Default-Options= ShortBSMTP
* Auto-Delete= Yes,Full-Auto
I believe LISTSERV@PSUVM is using 1.7f version.
Somehow Listserv matched the address of the `Editor' from the bounced
message and went ahead with distribution. Is there a way to stop this
from happening in the future?
Perhaps by having a confirmation for editors as well, the same say as
the 'Subcription='? Maybe there is such a feature and I'm not aware of
it. Please advise.
Asim Mughal
[log in to unmask]
List Owner PNS-L
|
|
|