At 03:07 PM 5/20/2003 -0400,  Wes Anderson wrote:

>We thought this meant that only the owner could post but of course didn't predict that someone could "forge" this address or the admin address and send an e-mail.
>
>We have since changed the Send parm to Send=Editor,Hold,Confirm.

This is the only safe default setting. We have found a few ways to make a list more secure for automated postings.

On some lists, we do not allow e-mail at all when posting to the list. These lists are limited so that posts must come from scripts which format the messages and submit them locally to the lsv_amin executable. We have a couple that are submitted by a daemon process that checks inbound FTP directories for new files.

We have a new process (in testing) that examines incoming e-mail for a valid RSA encryption signature in a special header. If the signature is valid for the message text given the public key we have on file for that list, then the message goes out (stripped of the header). Otherwise, it goes to /dev/null. This will probably be the most secure method we can come up with for remote users.

Once that signature process is accepted for production use, we'll share how. It uses rsakg.c to produce public and private keys, a very small Perl program to process and sign new messages and another to authenticate and post to the lsv_amin process or dump as appropriate.

-- DCP