Thanks for your reply. Before this incident if any body even try to post to
the list
they would get a message saying that " You are not the owner of the list and
you are not authorized to post to this list" But now any body can post to
the list and it is all in the Editor's hand to reject them or OK's them.
Yesterday some editor did say OK thinking htat it is his list. Because this
never happened before.


-----Original Message-----
From: Adam Bailey [mailto:[log in to unmask]]
Sent: Monday, January 07, 2002 4:27 PM
To: [log in to unmask]
Subject: Re: How to prevent users to post to the list::


On 1/7/02 4:54 PM, Gnanasekaran, Viji <[log in to unmask]>
wrote:

> Here is our current configurations for one of our lists. Even though only
> owners can post to the list somebody hacked in to  our system and trying
to
> Post messages to the users. Our editor accidentally said Ok to one
unwanted
> message. And all the users got them. Thanks .
>
> * SUBSCRIPTION=BY OWNER
> * SEND=EDITOR,HOLD,CONFIRM

No amount of security will help you if your Editors go approving
unauthorized messages. LISTSERV isn't psychic (yet; I understand that
feature is coming in 1.8e) -- it can't know what your Editors *really*
meant.

Editor,Hold,Confirm is, IMO, the highest reasonable level of security. If
used correctly, there is no reason an unauthorized post will ever get
through.

What do you mean by "hacked"?

--
Adam Bailey    | Chicago, Illinois
[log in to unmask] | Finger/Web for PGP
[log in to unmask] | http://www.lull.org/adam/