[Mailman-Users] Spoofed Addresses
Brad Knowles
brad at stop.mail-abuse.org
Sat Oct 30 03:13:21 CEST 2004
At 8:24 PM -0400 2004-10-29, David Relson wrote:
> Part of asking the question was to learn whether mailman has any ability
> to verify addresses. I wasn't aware of anything, which doesn't mean it
> can't be done. Along a similar vein, I'm wondering if there are ways
> for postfix and procmail to validate addresses.
How would it verify the address? By the time that Mailman gets
the message, it's already been accepted by your MTA.
If you need application-level authentication, you could have
everyone encrypt their messages to a PGP key that is registered to
the list, and then have mmreencrypt turn around and re-encrypt that
message to all the recipients. See
<http://sourceforge.net/projects/mmreencrypt/>.
There are no verification or authentication mechanisms inherent
to Mailman, beyond checking what's in the headers (e.g., "From:",
"Sender:", etc...) and what's used as the envelope sender, and seeing
whether that address is allowed to post (i.e., they are a subscriber,
or whatever).
I guess you could set up forced moderation for all users, so that
a human being has to take a manual action for each message in order
to approve it. That's not a very scalable solution, however.
So far as I know, that's about it.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list