>Has IPSwitch said anything about releasing patch or update for this NUL
address sender problem? Having an "only moderator can post" list that
accepts and posts messages from anyone sending from a NUL address is a MAJOR
SECURITY HOLE! Also can a NUL sender also post to "only subscribers can
post" lists? (I would assume so if a NUL sender can post on "moderator
only" lists.)
If you're using IMail 5.x you can set a password for the moderator,
regardless of the sender. I'm not sure about the exact details since I'm
still using 4.07, but I know it's there!
Anyway, the NUL sender is not that important in this case, since one
could simply fake the e-mail address of the moderator and be able to post to
the list! The password is the only way to prevent all that.
HTH,
Rubens
- Re: [IMail Forum] Blocking GeoList Attacks - Security Hole Rubens Altimari
- Re: [IMail Forum] Blocking GeoList Attacks - Security... ## Dusty Carden
- Re: [IMail Forum] Blocking GeoList Attacks - Security... Jack Davis
- Re: [IMail Forum] Blocking GeoList Attacks - Secu... ## Dusty Carden
- Re: [IMail Forum] Blocking GeoList Attacks - Security... David Gregg
- Re: [IMail Forum] Blocking GeoList Attacks - Security... Rubens Altimari
- Re: [IMail Forum] Blocking GeoList Attacks - Secu... ## Dusty Carden
- Re: [IMail Forum] Blocking GeoList Attacks - Security... John A. Junod
- Re: [IMail Forum] Blocking GeoList Attacks - Secu... ## Dusty Carden
- Re: [IMail Forum] Blocking GeoList Attacks - Security... Rubens Altimari
- Re: [IMail Forum] Blocking GeoList Attacks - Security... Rubens Altimari
