[Mailman-Users] Make sure that only our newsletter can be delivered to a mailing-list that is not moderated
Brad Knowles
brad at stop.mail-abuse.org
Fri Aug 27 15:01:25 CEST 2004
At 2:40 PM +0200 2004-08-27, Jacob Friis Larsen wrote:
>>> How can we secure our list server?
>>
>> Just add all the necessary addresses to the list of addresses that
>> are allowed to post to the list. Moderate all other senders.
>
> Wouldn't it be too easy for someone to change their sender address and
> get their spam out to our customers?
That would be a very real risk. One thing you could do is make
the Mailman server sit behind a firewall, and accept incoming
connections only from your local network. This would mean that
someone would have to be able to get access to one of your internal
machines in order to send out stuff as your process, in addition to
spoofing the address.
You could even go so far as to set it up so that it only listens
to the 127.0.0.1 IP address, which means that all traffic would have
to be generated locally on the machine itself, and it wouldn't accept
traffic from any other system, even if it was on the same network.
Regretfully, when it comes to security, what Mailman provides is
relatively minimal. It will validate the sending address, but it
can't prevent anyone from spoofing it, etc....
With luck, we might be able to address this in Mailman3, and make
it capable of using strong cryptographic checks for things like this.
But that day is not here yet, and it may be a very long time in
coming.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list