At 4:17 PM -0500 12/6/01, williamsb@afip.osd.mil is rumored to have typed:
The "foreign_submit = yes" line is uncommented in both the rc.init and the rc.custom
Er...huh? Let's look at the way the foreign_submit variable is listed in rc.custom by default: #foreign_submit = yes ##foreign_submit # uncomment this line if you # want to restrict submitting to # people on the accept list That means that the default value in rc.init for foreign_submit is "yes" and THAT means that addresses NOT in the accept file are allowed to post. (Default settings from rc.init are commented with one hash, _changes_ to the default are commented with two hashes. It ain't intuitive, but once you know it, reading rc.custom becomes _really_ easy.) So you've repeted the setting from rc.init, which appears to be exactly the OPPOSITE of what you really want. I would suggest that the first thing you do is set your rc.custom file to look like: #foreign_submit = yes foreign_submit # uncomment this line if you # want to restrict submitting to # people on the accept list That will UNSET the foreign_submit variable (making it go *poof* and vanishing in a cloud of electrons), telling SmartList that you do NOT want anyone else except those addresses in the accept file to post. Truth is, if you _really_ have foreign_submit containing "yes," it's a miracle that _every_ post sent to the list address didn't get distributed. That said, simply using accept isn't very secure, since anyone can munge a header field and make it look like it's coming from your address anyway. If this is a broadcast-only list as it appears to be, where only you or a few trusted people are allowed to post, I'd urge you to make the list moderated and be done with it. Approve the messages you send to the list, and since other messages aren't approved, they _can't_ be distributed. (And if you want additional security, there are other moderation packages out there that allow for more security than is built into SmartList, and remember to remove the Approved: header field in rc.local.s20 before the mail is sent. I hacked a quick one a long time ago that forces the approval in the subject instead of a seperate header field, but there are much better things sitting around out there now.) Charlie