LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: suggestion to capture sub requests

Trish Forrest <[log in to unmask]>

Sat, 8 Jul 1995 22:20:39 -0400

text/plain (42 lines)

On Fri, 7 Jul 1995, Mike Ramundo wrote:

> I would like to add my name to an earlier request for a way to capture
> raw subscription requests.  A daily digest of requests, each complete
> with all headers, could be sent to the postmast/listserv-maintainer.

  I deleted it, but I think the earlier request asked for all the
headers as well including 'received', etc.  If LISTSERV was an
entire software package that included a MTA, then perhaps this
might be possible, but Listerv gets its info from the MTA running
on whatever system it happens to be on..on unix machines it is
sendmail (and even at the highest logging level, you don't get
all the headers).  It doesn't mean finding the person is impossible,
but Listserv alone can't do it...it takes cooporation from each
postmast to check his or her SYSLOG or RSCS logs to match times, etc...
and come up with site names...and even then you might get a site, but
not a userid (unless everyone runs something similar to identd these
days).  And even if you get a userid, it doesn't mean that it is *the*
userid...I've been around the track on that one several times... and
even if we *knew* with certainty who it was, in the end it is up to
the site where the person is to "do something legal"....and that is
no sure thing because all the person needs to say is...I think someone
got my passwd.  And from my experience with our local police and RCMP...
they don't move unless you got a sure thing.

  Someone mentioned that this could have occurred with a cgi script
running on some www server...but it can also occur in many other
ways...any person can install TIA on their home pc and use it to
fake their userid at their local ISP or University...and most places
who have NOVEL subnets for students in their labs and feel comfortable
because they have the filter software that prevents them from sending
to the Internet, but permits them to tn3270 locally forgets about
a simple telnet to port 25 on their internet connected machine where
the person can fake mail to the internet....there are so many ways....
and they take less time than running crack if one of your users mailed
out your passwd file.  Even with an improperly set up httpd, all a
user has to have is your passwd file in their home dir. 'Nough said.

  My thoughts for whatever they are worth.

Cheers!  --Trish

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM