The original question was something like "How can I setup a list so
 that people on the list can't unsubscribe themselves?".  Several people
 suggested "Validate=All" but it turned out that local users weren't
 prevented from issuing commands.  That's were things were left.
 
 Today, someone dropped me a note and suggested something clever.  That
 was to add the addresses routed through some intermediate machine.
 So that, entering <jimj@jhuvm> as <[log in to unmask]> would
 prevent me from being able to remove myself from the list.  Well that
 works, but it can be taken one step further (or I should say, one step
 closer?).  If you route the Bitnet address using your own machine, it
 will still achieve the same result, without sending the mail all the
 way to XYZ.EDU and back.  So, <[log in to unmask]>
 can be used to keep local user "jimj" trapped on the list.  It's also
 interesting to note that you don't even have to code Validate=All,
 since LISTSERV doesn't realise that <jimj@jhuvm> matches that address.
 
 Now, since the last time I opened my mouth, I planted my foot in it,
 I checked this one out.  It works as described on JHUVM, which is
 running LISTSERV 1.7f and LMAIL 1.1d/1.7f.  I don't know if it will
 work for people running XMAILER, or for people just using an SMTP
 server without a separate mailer.
 
 -jj
 
 PS - If your users are willing to twiddle their mail headers, or spoof
 mail from the routed address, then they can remove themselves.  But
 if they are willing to go to all that trouble, they can spoof mail from
 "maint", "postmaster" or the defined list owners and remove themselves
 no matter how you have it setup.