Pete Weiss wrote:

> I've noticed that certain lists "role" accounts are being spoofed (by
> viruses) in FROM: fields.  Thus you may encounter:
>
> mail from: listname-SUBSCRIBE-REQUEST@listhost
> mail     to: listname-SUBSCRIBE-REQUEST@listhost
>
> Because the particular listname was SERVICE=LOCAL and SUBSCRIPTION=OPEN,
> the process succeeded.

We have an explicit policy forbidding the use of unconfirmed open subscriptions
(Subscription= Open). A list which allows unconfirmed open subscriptions is a
proxy mail bomb vulnerability waiting to be exploited.

We have a script which runs nightly and generates a list of all lists with this
configuration. We seldom find any, but when we do, we change the configuration
to require confirmation (Subscription= Open,Confirm), notify the list owner of
the change, and remind them of the policy. To the best of my knowledge, we have
never had to change the same list twice.

Reference: http://listserv.nd.edu/policies.html

--
Paul Russell
Senior Systems Administrator
University of Notre Dame