Thank you, Roger, for your reply and suggestions. I went back 6 months in the archive, scanning subjects for password or related terms, but was unsuccessful. I wasn't able to find a search engine for the archives, either. FAQ 4.11 seems like it might be related, but would still have to be changed, since the whole "From:" header was forged successfully. Unfortunately, we use GroupWise here, which makes it impossible to change headers, only message bodies. Any solution I implement has to look into the body for the authorization, not the headers. I've finally decided to implement this recipe in rc.local.r00, at the end: # 29-Apr-2002-EKZ: Added recipe to filter out all submissions to list # NOT from ccp2.jhuccp.org. Done because of Klez worm forging From: addresses :0 * !^Received:.*ccp2\.jhuccp\.org /dev/null I think that this will filter out all message that don't have "ccp2.jhuccp.org" in one of the Received: headers. Thanks again for your help. -Kevin Zembower

Roger Burton West <roger@firedrake.org> 04/29/02 10:37AM >>> On Mon, Apr 29, 2002 at 10:30:39AM -0400, KEVIN ZEMBOWER wrote:

1.) Is this a possible scenario with SmartList? I can't think of any reason why this wouldn't work.

It's entirely possible. Email addresses are trivial to spoof.

2.) Is there any protection to avoid this? I can't think of any setting to make the system reject messages from the moderator which DON'T come from a particular mail system. Is there any other way? Moderator must approve his own posts?

Or other password-protection; there have been several discussions about this on the list before. Basically, it's fairly easy to put in a filter which requires a particular header to appear in a message, and which strips out that header before the message goes to the list. Roger _______________________________________________ Smartlist mailing list Smartlist@lists.RWTH-Aachen.DE http://MailMan.RWTH-Aachen.DE/mailman/listinfo/smartlist