The archive retrieval functions added by ezmlm-idx are digests (protected by a "code") and other functions. Anyone who knows the digest code (through reading mail logs, reading DIR/manager of the list, or reading any scripts used to send digest triggering messages) can trigger a digest. Protect these locations accordingly! For default lists with digests triggered from DIR/editor via ezmlm-tstdig(1) and ezmlm-get(1), you do not need the digest code and can thus disable the possibility to trigger digest by mail. For other functions, the output is sent to SENDER and can be restricted to subscribers (the -s switch). ezmlm-get(1) functions (apart from digest) can be entirely disabled with the i-C switch, or restricted to moderators with the -P switch or by removing DIR/public. Other sections of this document discuss several other options. All switches are documented in the man pages.
The moderator support functions added by the ezmlm-idx package (extended help and subscriber list) are sent only to a moderator address, i.e. an attacker again needs to be able to read moderator mail to read the output. The help info (DIR/text/mod-help) should not contain secrets. The ‘-list’ function is normally disabled, but can be enabled with the ezmlm-manage -l switch to aid the remote administrator(s).