[Mailman-Users] List Security

Dan Richter daniel.richter at wimba.com
Wed Oct 23 19:00:06 CEST 2002

>Mailman doesn't use secret aliased.

That's good.

>Mailman v2.0 authenticates on From: or envelope (you pick).
>Mailman v2.1 authenticates on From: and envelope.

Pardon me for being a pain here, but isn't it ridiculously easy to forge a 
From:, and also rather easy to forge an envelope?

Now I'll be humble and admit that I don't even know what an envelope is. So 
my question about the envelope really boils down to: if I have root access 
on a machine other than the one Mailman is running on, can I fool Mailman's 
envelope recognition?

========== Dan Richter ============== mailto:Dan at wimba.com ===========
        He [Bob Dole] fought in Italy, where he suffered
        a serious head injury. Then he went into politics.
                - a poorly worded radio announcement in 1961

More information about the Mailman-Users mailing list