Sender: |
|
Subject: |
|
From: |
|
Date: |
Thu, 18 Nov 1993 01:39:27 +0100 |
In-Reply-To: |
Message of Wed,
17 Nov 1993 16:45:36 EST from LISTSERV give-and-take forum
< [log in to unmask]> |
Reply-To: |
|
Parts/Attachments: |
|
|
On Wed, 17 Nov 1993 16:45:36 EST Jim Jones <[log in to unmask]> said:
> PS - If your users are willing to twiddle their mail headers, or spoof
> mail from the routed address, then they can remove themselves. But if
> they are willing to go to all that trouble, they can spoof mail from
> "maint", "postmaster" or the defined list owners and remove themselves
> no matter how you have it setup.
If you do have "Validate= All", this will not work because SIGNOFF
requests will be forwarded to the list owner and subscribers won't know
the list password, so spoofing the list owner will just result in a
message asking to please specify the password. So this scheme will work
for 1.7f, even though it's not very practical.
In 1.8a however users are always able to sign off a list via cookie
validation, so this will no longer work. On the other hand, this can be
easily accomplished by coding a list exit which returns 1 at the
DEL_FILTER point, after sending a suitable message.
Eric
|
|
|