ezmlm: Thread: Subject in reply


[<<] [<] Page 1 of 1 [>] [>>]
Subject: Subject in reply
From: "Frederik Lindberg" ####@####.####
Date: 24 Dec 1996 16:51:40 -0000
Message-Id: <19961224164541.19879.qmail@id.wustl.edu>

Could replies from ezmlm return a subject? Either "Re:
subject_of_the_msg_user_sent" or something else. When I send mail to
djb-ezmlm-get.1 I get the msg with a null subject. The subject could be "Re:
djb-ezmlm-get.1", but it's probably easier to build one from the subject in the
request.

Also, I would perfer not to get my original message and the instructions.
Sending to djb-ezmlm-get.1, I clearly know what I want. OTOH, I know from qmail
that almost nothing is the way it is by accident, but that it is there as a
consequence of well thought-out design.


-
Sincerely, Fred

Frederik Lindberg
Infectious Diseases, 8051, Washington University School of Med
660 S Euclid Ave, ST. LOUIS, MO 63110


Subject: Re: Subject in reply
From: David Dyer-Bennet ####@####.####
Date: 26 Dec 1996 18:25:19 -0000
Message-Id: <19961226181914.17184.qmail@gw.ddb.com>

Frederik Lindberg ####@####.#### writes on 24 December 1996 at 10:41:33 -0600
 > Could replies from ezmlm return a subject? Either "Re:
 > subject_of_the_msg_user_sent" or something else. When I send mail to
 > djb-ezmlm-get.1 I get the msg with a null subject. The subject could be "Re:
 > djb-ezmlm-get.1", but it's probably easier to build one from the subject in the
 > request.

Agree, some subject is desirable.

 > Also, I would perfer not to get my original message and the instructions.
 > Sending to djb-ezmlm-get.1, I clearly know what I want. OTOH, I know from qmail
 > that almost nothing is the way it is by accident, but that it is there as a
 > consequence of well thought-out design.

Returning the full requests helps users track the problem if somebody
is forging subscription requests from them, which is a common attack
these days sigh.

Subject: Re: Subject in reply
From: "Frederik Lindberg" ####@####.####
Date: 26 Dec 1996 19:08:15 -0000
Message-Id: <19961226190226.1535.qmail@id.wustl.edu>

On 26 Dec 1996 18:19:14 -0000, David Dyer-Bennet wrote:

>Returning the full requests helps users track the problem if somebody
>is forging subscription requests from them, which is a common attack
>these days sigh.

But ezmlm seems to reply to the subscribed address with a 'code-containing'
from address, to which you have to reply in order to get onto the list. An
attacker that can defeat this can already intercept your mail.


-
Sincerely, Fred

Frederik Lindberg
Infectious Diseases, 8051, Washington University School of Med
660 S Euclid Ave, ST. LOUIS, MO 63110


Subject: Re: Subject in reply
From: David Dyer-Bennet ####@####.####
Date: 26 Dec 1996 19:41:04 -0000
Message-Id: <19961226193458.17391.qmail@gw.ddb.com>

Frederik Lindberg ####@####.#### writes on 26 December 1996 at 13:01:51 -0600
 > On 26 Dec 1996 18:19:14 -0000, David Dyer-Bennet wrote:
 > 
 > >Returning the full requests helps users track the problem if somebody
 > >is forging subscription requests from them, which is a common attack
 > >these days sigh.
 > 
 > But ezmlm seems to reply to the subscribed address with a 'code-containing'
 > from address, to which you have to reply in order to get onto the list. An
 > attacker that can defeat this can already intercept your mail.

That feature will defeat most such attacks.  However, I'd like to know
that an attack was being made, and track down the perpetrator.  As I
understand ezmlm, that confirmation message will come to *me*, and I
want it to contain as much information from the original message as
possible.

[<<] [<] Page 1 of 1 [>] [>>]


Powered by ezmlm-browse 0.21.