LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: unlisted lists

Francoise Becker <[log in to unmask]>

Tue, 18 Nov 1997 10:41:10 -0500

text/plain (51 lines)

On 18 Nov 97 at 10:10, Jim Bradley wrote:

> I have two open, confidential=no lists here (COASTNET and
> COASTALP) that do not show up in the output of a list
> command if that command does not originate on URIACC.
> They are in the output of a 'list global coast' command
> sent from the same source. Can anyone explain?

The following exerpt from the 1.8c release notes
(ftp://ftp.lsoft.com/documents/v18c-own.relnotes)
should explain.

Francoise

---------------------------------------------

LISTS command now restricted to local users
-------------------------------------------

Another popular  method for collecting information  about available lists
was to  send a LISTS  commands to individual LISTSERV  (and non-LISTSERV)
sites. While this required more programming work for the spammer, it also
gave better  results as  the LISTS  command would  also list  local lists
("Confidential= Service"),  which outnumber  public lists 3:1.  The LISTS
command has  been changed in version  1.8c to only return  information to
local users, ie  users whose hostname matches one of  the patterns in the
LOCAL configuration  variable. Typically, if  the server is running  on a
machine  called  LISTSERV.XYZ.EDU,  the  LOCAL variable  will  have  been
defined as *.XYZ.EDU. This allows any  user in the XYZ.EDU domain to send
a LISTS command to the server, while preventing spammers from getting any
useful information. To clarify:

- This change has no impact on local users, who can still access the same
  information as before. It may  be necessary for the LISTSERV maintainer
  to review the setting of the  LOCAL configuration variable to make sure
  that all local domains are properly identified.

- This change  prevents non-local users from  obtaining information about
  local  ("Confidential= Service")  lists.  This  change will  completely
  protect local lists from spam (both  direct and indirect) as there will
  be no way for the spammers to get information about them.

- "Confidential= Yes" lists remain completely hidden as before.

- Non-local users must now use the LIST GLOBAL command or the CataList to
  search for public lists of interest.

The LIST GLOBAL  command was also changed  so that you can  no longer ask
for a list of all the lists  hosted on a particular server, as this would
defeat the purpose of the LISTS command change.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM