Crossfire Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CF:1340] Problems with mailing list
Quoting Jan Echternach (jan.echternach@informatik.uni-rostock.de):
> On Thu, Jun 22, 2000 at 02:02:24PM -0500, Bob Tanner wrote:
> > Reply-To can be forged, so this 'silly' software sends email to whatever
> > address you subscribed to the mailing list.
>
> Well, the last time I had to deal with such mailing lists
> (unsubscribing after my From: had changed from user@domain.de to
> user@host.domain.de) I just forged the From: header. This isn't even
> security by obscurity, because it's not obscure - it's obvious that you
> only need to supply a properly forged From: header to bypass such silly
> checks.
>
> There are already solutions used that really solve the problem:
> Sending a confirmation email or requiring a password.
>
This ezmlm uses the From, not the From:, and if you send a message to
rte-crossfire-help you will see how to fix your problem.
--
Bob Tanner <tanner@real-time.com> | Phone : (612)943-8700
http://www.mn-linux.org | Fax : (612)943-8500
Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9