On Fri, 7 Jul 1995, Mike Ramundo wrote: > I would like to add my name to an earlier request for a way to capture > raw subscription requests. A daily digest of requests, each complete > with all headers, could be sent to the postmast/listserv-maintainer. I deleted it, but I think the earlier request asked for all the headers as well including 'received', etc. If LISTSERV was an entire software package that included a MTA, then perhaps this might be possible, but Listerv gets its info from the MTA running on whatever system it happens to be on..on unix machines it is sendmail (and even at the highest logging level, you don't get all the headers). It doesn't mean finding the person is impossible, but Listserv alone can't do it...it takes cooporation from each postmast to check his or her SYSLOG or RSCS logs to match times, etc... and come up with site names...and even then you might get a site, but not a userid (unless everyone runs something similar to identd these days). And even if you get a userid, it doesn't mean that it is *the* userid...I've been around the track on that one several times... and even if we *knew* with certainty who it was, in the end it is up to the site where the person is to "do something legal"....and that is no sure thing because all the person needs to say is...I think someone got my passwd. And from my experience with our local police and RCMP... they don't move unless you got a sure thing. Someone mentioned that this could have occurred with a cgi script running on some www server...but it can also occur in many other ways...any person can install TIA on their home pc and use it to fake their userid at their local ISP or University...and most places who have NOVEL subnets for students in their labs and feel comfortable because they have the filter software that prevents them from sending to the Internet, but permits them to tn3270 locally forgets about a simple telnet to port 25 on their internet connected machine where the person can fake mail to the internet....there are so many ways.... and they take less time than running crack if one of your users mailed out your passwd file. Even with an improperly set up httpd, all a user has to have is your passwd file in their home dir. 'Nough said. My thoughts for whatever they are worth. Cheers! --Trish