Re: [suse-security] Curious response

[Keith Roberts <keith@xxxxxxxxxxxxxxxxxxxxxxxx>]

> As far as I remember, the thing is: ezmlm doesn't (necessarily)
> check the FROM address in the header of an e-mail sent to the list
> in order to verify if you are subscribed or not. The thing that
> matters is the envelope address header, which is not included when
> ezmlm forwards a message to all list members. So, you could have a
> fake address in the FROM field as long as the envelope address is
> set to the address used for subscription.

Would it be possible to configure ezmlm to check the real
FROM address in the email header to verify that a person is
subscribed to this list.

This may allow us to use FAKE addresses when sending mail to
the list, but still allowing ezmlm to check for validity of
subscriber's real email address???

I have a new email address that I would like to use to post
messages to this list from, and drop the email account
(topz5.worldonline.co.uk) that gets all the spam messages.

Any replies from suse-security mailing list manager (real
person) would be appreciated.


Kind Regards - Keith Roberts





-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here