Question for the masses.  Does anyone know how to alleviate the problem
where on a moderated list the owner does not have to approve their own
messsages to a list.  We have a list that somehow got compromised and it
appears that the only thing the violator did was to ghost himself as the
owner of the list and send mail to the list.  Below is how the header of
the list is set, any help with this is appreciated, because if this is the
case of truely how they got in, all of our lists are at jeopardy of this
attack.  We have also wondered how to disguise the appoved by- tag in the
extended headers so would be hacks couldn't see the approval userid.  Any
suggestions?

>* SEND= EDITOR, HOLD
>* SUBSCRIPTION= CLOSED
>* CONFIDENTIAL= YES
>* REPLY-TO= SENDER,RESPECT
>* DEFAULT-OPTIONS= REPRO,NOACK
>* VALIDATE= YES,CONFIRM
>* REVIEW= OWNERS,POSTMASTER
>* LOOPCHECK= NOSPAM
>* EDITOR= [log in to unmask]
>* OWNER= [log in to unmask]
>* ERRORS-TO= OWNERS,POSTMASTER


Kevin McKenzie
Clemson University