Thank you, Roger, for your reply and suggestions.
I went back 6 months in the archive, scanning subjects for password or related terms, but was unsuccessful. I wasn't able to find a search engine for the archives, either. FAQ 4.11 seems like it might be related, but would still have to be changed, since the whole "From:" header was forged successfully.
Unfortunately, we use GroupWise here, which makes it impossible to change headers, only message bodies. Any solution I implement has to look into the body for the authorization, not the headers.
I've finally decided to implement this recipe in rc.local.r00, at the end:
# 29-Apr-2002-EKZ: Added recipe to filter out all submissions to list # NOT from ccp2.jhuccp.org. Done because of Klez worm forging From: addresses
:0 * !^Received:.*ccp2.jhuccp.org /dev/null
I think that this will filter out all message that don't have "ccp2.jhuccp.org" in one of the Received: headers.
Thanks again for your help.
-Kevin Zembower
Roger Burton West roger@firedrake.org 04/29/02 10:37AM >>>
On Mon, Apr 29, 2002 at 10:30:39AM -0400, KEVIN ZEMBOWER wrote:
1.) Is this a possible scenario with SmartList? I can't think of any reason why this wouldn't work.
It's entirely possible. Email addresses are trivial to spoof.
2.) Is there any protection to avoid this? I can't think of any
setting
to make the system reject messages from the moderator which DON'T
come
from a particular mail system. Is there any other way? Moderator must approve his own posts?
Or other password-protection; there have been several discussions about this on the list before. Basically, it's fairly easy to put in a filter which requires a particular header to appear in a message, and which strips out that header before the message goes to the list.
Roger _______________________________________________ Smartlist mailing list Smartlist@lists.RWTH-Aachen.DE http://MailMan.RWTH-Aachen.DE/mailman/listinfo/smartlist