[Mailman-Users] List Security
Dan Richter
daniel.richter at wimba.com
Wed Oct 23 19:00:06 CEST 2002
>Mailman doesn't use secret aliased.
That's good.
>Mailman v2.0 authenticates on From: or envelope (you pick).
>
>Mailman v2.1 authenticates on From: and envelope.
Pardon me for being a pain here, but isn't it ridiculously easy to forge a
From:, and also rather easy to forge an envelope?
Now I'll be humble and admit that I don't even know what an envelope is. So
my question about the envelope really boils down to: if I have root access
on a machine other than the one Mailman is running on, can I fool Mailman's
envelope recognition?
========== Dan Richter ============== mailto:Dan at wimba.com ===========
He [Bob Dole] fought in Italy, where he suffered
a serious head injury. Then he went into politics.
- a poorly worded radio announcement in 1961
More information about the Mailman-Users
mailing list