Home | FAQ | Manual | Ezmlm Manual Pages | Qmail Manual Pages | Readme | Upgrade | Downgrade

Lists without remote admin/subscription moderation - ezmlm-idx FAQ

Next: , Previous: ezmlm cookies, Up: Ezmlm-idx security


21.4 Lists without remote admin/subscription moderation

Maliciously (un)subscribing an address with ezmlm-0.53 requires that the attacker is able to read mail sent to the subscription address.

With the ezmlm-idx add-on, a non-moderated list works exactly the same way. Ezmlm-idx introduces the moderator for moderated and remote admin lists. For any moderator functions, an attacker needs to be able to read mail sent to a moderator's address. If s/he can do this, the attacker can affect anything the moderator is allowed to do (since falsifying SENDER is trivial). To minimize risks, give moderators only the power they need, do not use more moderators than necessary, and use moderators whose mail is hard to intercept (on the same machine/same internal/secure network or by encryption via e.g. ssh).