At 15:07 05/20/2003 Tuesday, Wes Anderson wrote: >We have since changed the Send parm to Send=Editor,Hold,Confirm. Good thinking! >Note also that the list is re-generated through a bulk-load process. >Subscribers cannot subscribe or change their settings, so it seems that the >Validate parm is not as critical as would be the case if subscribers were >allowed to manage their accounts. [They are unable to manage NOPOST as an everyday subscriber.] >The current configuration looks like this: > >Subscription= By_owner >Ack= Yes >Confidential= Yes >Validate= No >Reply-to= [log in to unmask] >Review= Owners >Editor= xxxxxx @pharmacists.ca >Send= Editor,Hold,Confirm >Errors-To= Owner >Owner= xxxxxx @pharmacists.ca >Default-Options= NOPOST >Notebook= Yes,e:\sites\listserv-cpha.inf.ca,Monthly,Owner >Change-Log= Yes > >Also, we are trying to determine who the spammer is and how they managed to >send this e-mail. Does anyone have any experience in this area? The >manager of our Listserv says there was a virus that generated the e-mail but >it's still not clear how a virus could find the admin account to post to >this list. Any ideas? It did NOT need to affect/infect the admin account -- just some poor person somewhere on the Internet who's system spoofed your admin account xxxxxx @pharmacists.ca I have several more recommendations: ADD a keyword MODERATORS= ALL,[log in to unmask],[log in to unmask] Update your EDITOR= to add the secondary moderator Make sure that that [log in to unmask] and [log in to unmask] are subscribed and that the following commands have been issued: SET listname REV FOR [log in to unmask] PW=???? SET listname REV FOR [log in to unmask] PW=???? You might consider updating your templates so that the auto-acks to NOPOST responses are suppressed. This is very nice so that you are not bothered by bounces of spoofed (and non-existent) posters who's mail is rejected by the list and then bounces back to the ERRORS-TO address. We use this precise config on a particular daily announce-only list and are NOT bothered by spoofed email being distributed to valued customers. /Pete