LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Automated, but secure send

Ben Parker <[log in to unmask]>

Wed, 30 Oct 2002 12:22:04 -0700

text/plain (74 lines)

On Wed, 30 Oct 2002 10:14:36 -0800, "Brenneman, Jake (MSNBCi)"
<[log in to unmask]> wrote:

>Looking for a way to keep the message automated, but not allow
>external parties to use my editor address - or, at the very least to better
>secure the whole process.

On Thu, 25 Mar 1999 21:13:45 -0800, a customer wrote wrote:

>There's gotta be a way to do secure one-way script-generated email list with
>listserv... I just scrapped a whole big hand-coded system hoping (in part) I
>could do that..

The only semi-secure way to do this that I have been able to determine is
this:

The script-generated mail message sent to LISTSERV must have headers that
look like this (in part):

Date:    Fri, Mar 26 1999 07:15 -0500
Sender:  script_address@host
From:    public_address@host
To:      listname@server_name

message here

=======

the List Header must include at least the following lines:
(this is not a complete header)

.hh on
Owner= you@address
Owner= Quiet:
Owner= script_address@host
Send= Owner  (no confirm)
Sender= none
.hh off

Note that public_address@host does not appear in the List Header (has no
privileges of any kind).

Neither script_address@host nor public_address@host should be subscribed to
the list.  you@address are subscribed to the list but are set to REVIEW
(requires a confirm to post).

This exploits a property of LISTSERV whereby if the Sender: and From:
fields in incoming mail are different, then Sender: takes priority. Sender:
is normally absent from individual mail, although present in mail sent by
automated programs such as LISTSERV.

What happens when the script message "posts" to the list is that the
incoming script mail is allowed to post, because script_address@host is an
Owner and the Sender: field takes priority over From:.  However this
Sender: address is 'stripped off' and not included in the headers in the
final message distributed to the list.  Only the public_address@host
address shows as the From:  and this address has no posting or other
privileges (although it must be a valid address).  Thus the true Sender:
can remain private and known only to you and LISTSERV.

Note carefully that since no 'confirm' is required that this Sender:
address is still vulnerable to a guessing or 'dictionary' attack from
someone determined to invade your list.  This method avoids mail loop
problems since the public_address@host is not an authorized posting From:
address.  Even if the mail loops through it will be rejected.

Your own address as owner is set to REVIEW so you must confirm your own
posts via that address, if you make any.  The .hh on/.hh off are used to
hide all this from public view should anyone happen to see your list header
(I hope you have modified the standard INFO template in listname.MAILTPL so
the List header is NOT exposed to casual inspection) they will not be able
to learn the addresses.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM