LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: an isssue..

Glenn Alperin <[log in to unmask]>

Sun, 8 Mar 1998 23:54:58 -0500

TEXT/PLAIN (32 lines)

>here is an issues that I recently ran into.  We at the Seminary use 1.8c.
>I have run into a security issue regading POP3 mail programs that let you
>specify username and domain.  To me, it seems that anyone can get to
>anylist  if they use moderator/owner/system admin username and if they
>know the list name.  To me this seems like a pretty big security issue even if
>there is no way around it.  Any ideas out there?

One way around this is to set up all of your lists to confirm all commands
sent to listserv.  Add the following line to your list header to
accomplish this:

* Validate= Yes

This means that all commands sent to listserv must be confirmed by the
person who supposedly sent the command to listserv.  If an OK command is
never sent, the command will expire, and no harm will have been done.

>Brian
>
>______________________________________
>Brian T. Mc Namara
>[log in to unmask]
>
>Asst. Manager Computer Operations
>Listserv Administrator
>
>Jewish Theological Seminary of America
>212.678.8901

Glenn Alperin
[log in to unmask]

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM