Sat, 3 Apr 2004 16:20:03 -0500
|
Pete Weiss wrote:
> I've noticed that certain lists "role" accounts are being spoofed (by
> viruses) in FROM: fields. Thus you may encounter:
>
> mail from: listname-SUBSCRIBE-REQUEST@listhost
> mail to: listname-SUBSCRIBE-REQUEST@listhost
>
> Because the particular listname was SERVICE=LOCAL and SUBSCRIPTION=OPEN,
> the process succeeded.
We have an explicit policy forbidding the use of unconfirmed open subscriptions
(Subscription= Open). A list which allows unconfirmed open subscriptions is a
proxy mail bomb vulnerability waiting to be exploited.
We have a script which runs nightly and generates a list of all lists with this
configuration. We seldom find any, but when we do, we change the configuration
to require confirmation (Subscription= Open,Confirm), notify the list owner of
the change, and remind them of the policy. To the best of my knowledge, we have
never had to change the same list twice.
Reference: http://listserv.nd.edu/policies.html
--
Paul Russell
Senior Systems Administrator
University of Notre Dame
|
|
|