On Wed, 30 Oct 2002 10:14:36 -0800, "Brenneman, Jake (MSNBCi)" <[log in to unmask]> wrote: >Looking for a way to keep the message automated, but not allow >external parties to use my editor address - or, at the very least to better >secure the whole process. On Thu, 25 Mar 1999 21:13:45 -0800, a customer wrote wrote: >There's gotta be a way to do secure one-way script-generated email list with >listserv... I just scrapped a whole big hand-coded system hoping (in part) I >could do that.. The only semi-secure way to do this that I have been able to determine is this: The script-generated mail message sent to LISTSERV must have headers that look like this (in part): Date: Fri, Mar 26 1999 07:15 -0500 Sender: script_address@host From: public_address@host To: listname@server_name message here ======= the List Header must include at least the following lines: (this is not a complete header) .hh on Owner= you@address Owner= Quiet: Owner= script_address@host Send= Owner (no confirm) Sender= none .hh off Note that public_address@host does not appear in the List Header (has no privileges of any kind). Neither script_address@host nor public_address@host should be subscribed to the list. you@address are subscribed to the list but are set to REVIEW (requires a confirm to post). This exploits a property of LISTSERV whereby if the Sender: and From: fields in incoming mail are different, then Sender: takes priority. Sender: is normally absent from individual mail, although present in mail sent by automated programs such as LISTSERV. What happens when the script message "posts" to the list is that the incoming script mail is allowed to post, because script_address@host is an Owner and the Sender: field takes priority over From:. However this Sender: address is 'stripped off' and not included in the headers in the final message distributed to the list. Only the public_address@host address shows as the From: and this address has no posting or other privileges (although it must be a valid address). Thus the true Sender: can remain private and known only to you and LISTSERV. Note carefully that since no 'confirm' is required that this Sender: address is still vulnerable to a guessing or 'dictionary' attack from someone determined to invade your list. This method avoids mail loop problems since the public_address@host is not an authorized posting From: address. Even if the mail loops through it will be rejected. Your own address as owner is set to REVIEW so you must confirm your own posts via that address, if you make any. The .hh on/.hh off are used to hide all this from public view should anyone happen to see your list header (I hope you have modified the standard INFO template in listname.MAILTPL so the List header is NOT exposed to casual inspection) they will not be able to learn the addresses.