[Mailman-Users] Security
Ian A B Eiloart
iane at sussex.ac.uk
Wed Aug 11 16:28:44 CEST 2004
--On Wednesday, August 11, 2004 1:23 pm +0200 Brad Knowles
<brad.knowles at skynet.be> wrote:
> At 2:58 AM -0700 2004-08-11, zzizzle at zzizzle.com wrote:
>
>> Is anyone aware of the safety/vulnerability of these lists? Are
>> these appropriate to use for kids?
>
> It depends on how much security you want/need. Even if you run a closed
> list, anyone can spoof the sender address of a subscribed user, and get
> their messages through. There is no way of adding cryptographic
> authentication features that could help ensure that only the real
> subscribed users can post to the list.
Actually, that's not entirely true. You could set up a mail domain, and a
mail server, and insist that all posts to your lists come from that server.
Then you'd need to set up authenticated SMTP on the server, and require
that posts were authenticated.
I guess you'd still need to ensure the kids used good passwords and didn't
share them.
Then you could even tie down the incoming mail to certain IP addresses.
That might be suitable for a school environment. It might even be suitable
if you think all your subscribers have broadband with fixed IP addresses at
home.
--
Ian Eiloart
Servers Team
Sussex University ITS
More information about the Mailman-Users
mailing list