Pete Weiss wrote: > I've noticed that certain lists "role" accounts are being spoofed (by > viruses) in FROM: fields. Thus you may encounter: > > mail from: listname-SUBSCRIBE-REQUEST@listhost > mail to: listname-SUBSCRIBE-REQUEST@listhost > > Because the particular listname was SERVICE=LOCAL and SUBSCRIPTION=OPEN, > the process succeeded. We have an explicit policy forbidding the use of unconfirmed open subscriptions (Subscription= Open). A list which allows unconfirmed open subscriptions is a proxy mail bomb vulnerability waiting to be exploited. We have a script which runs nightly and generates a list of all lists with this configuration. We seldom find any, but when we do, we change the configuration to require confirmation (Subscription= Open,Confirm), notify the list owner of the change, and remind them of the policy. To the best of my knowledge, we have never had to change the same list twice. Reference: http://listserv.nd.edu/policies.html -- Paul Russell Senior Systems Administrator University of Notre Dame