|
Sender: |
|
Date: |
Sat, 3 Apr 2004 16:20:03 -0500 |
Reply-To: |
|
Content-Transfer-Encoding: |
7bit |
Subject: |
|
From: |
|
Content-Type: |
text/plain; charset=us-ascii; format=flowed |
In-Reply-To: |
|
Organization: |
University of Notre Dame |
MIME-Version: |
1.0 |
Pete Weiss wrote:
> I've noticed that certain lists "role" accounts are being spoofed (by
> viruses) in FROM: fields. Thus you may encounter:
>
> mail from: listname-SUBSCRIBE-REQUEST@listhost
> mail to: listname-SUBSCRIBE-REQUEST@listhost
>
> Because the particular listname was SERVICE=LOCAL and SUBSCRIPTION=OPEN,
> the process succeeded.
We have an explicit policy forbidding the use of unconfirmed open subscriptions
(Subscription= Open). A list which allows unconfirmed open subscriptions is a
proxy mail bomb vulnerability waiting to be exploited.
We have a script which runs nightly and generates a list of all lists with this
configuration. We seldom find any, but when we do, we change the configuration
to require confirmation (Subscription= Open,Confirm), notify the list owner of
the change, and remind them of the policy. To the best of my knowledge, we have
never had to change the same list twice.
Reference: http://listserv.nd.edu/policies.html
--
Paul Russell
Senior Systems Administrator
University of Notre Dame
|
|
|