LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Subscription by Owner, Redux

Ben Parker <[log in to unmask]>

Tue, 7 Aug 2001 21:52:06 -0600

text/plain (54 lines)

On Tue, 7 Aug 2001 23:04:28 -0400, Tom Rawson <[log in to unmask]> wrote:

>> ADD CETEFL-L [log in to unmask] Irene Lavingxxx
>
>> // JOB PW=XXXXXXXX
>> ADD CETEFL-L [log in to unmask] Irene Lavingxxx
>> // EOJ
>
>Are these two different ways of doing the same thing, 

Yes.

>or is the latter part intended to expand on the former?  

Yes as well but the ADD command remains the same in both cases.

(For a really long digression, read Chap 3 of the Developers Guide Manual.  It
explains about command JOB 'wrappers' and the defualt 'wrapper' that LISTSERV
internally adds before processing any and all commands.)

>If I simply send the ADD command without the JOB syntax, what happens?  

The subscriber will be added to the list unless the address is syntactically
invalid (it doesn't appear to be), or the identical address is already
subscribed to the list, or if the command never reaches LISTSERV for some
reason, or the work comes to an end before the message gets to LISTSERV or ...

>Does Listserv assume it is OK
>because it came from the owner's email address (in which case a spoofed
>From: line would fool it)?  

Depends on the setting for Validate=.

Validate= No, the only checking is the From: address must be a List Owner of the
list in question.  Spoofing is possible.

Validate= Yes  Then no.  The Personal Password previously registered to the List
Owner address must be included with the command or execution will be aborted.
Spoofing possible only if your Personal Password is also compromised.

Validate= Yes, Confirm  No.  The Personal Password must be included as above.
If it is not then LISTERV will send a request for OK/Confirmation to the List
Owner's address.  This is our recommended setting because if you forget to
include the password, you can still complete the command with the OK.
Conversely if its a spoofing attempt, unless they also know or guess your
Personal Password, you will receive the OK/Confirm at a time when you know you
did not send a command.  This alerts you to something not right and you can take
further action.  Spoofing possible only if your Personal Password is also
compromised.

You can read about validate= in Appendix B and you can figure out the rest of
the variations.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM