Re: [Mailman-Users] Challenge/Response

2007-02-11 Thread Robert Morse
Thanks for everyone's thoughts and suggestions. I have recommended setting each list on emergency moderation. They have about a dozen lists for various tasks. So, I suggested each list be assigned a moderator/administrator (Currently one person manages all lists). Since the fear is the person will

Re: [Mailman-Users] Challenge/Response

2007-02-10 Thread Karl Zander
On Sat, 10 Feb 2007 12:18:26 -0800 Mark Sapiro <[EMAIL PROTECTED]> wrote: > Karl Zander wrote: >> >> Fundamentally, its not a technology problem. > > > Agreed, but as others have suggested, technology can >help. Yes. I didn't mean to imply it could not. We are using technology to help us

Re: [Mailman-Users] Challenge/Response

2007-02-10 Thread Mark Sapiro
Karl Zander wrote: > > Fundamentally, its not a technology problem. Agreed, but as others have suggested, technology can help. For example, if the 'bad guy' has a fixed IP, you can set header_filter_rules to discard messages that have that IP in a Received: header. Of course, that may just force

Re: [Mailman-Users] Challenge/Response

2007-02-10 Thread Karl Zander
On Fri, 09 Feb 2007 15:54:59 -0800 Bob Morse <[EMAIL PROTECTED]> wrote: > Thank you all for your insights in the >Challenge/Response question. I am > convinced this is not the way to go. In fact, I used >some of the same > arguments to the client when he brought it up. > > The problem remains,

Re: [Mailman-Users] Challenge/Response

2007-02-10 Thread vancleef
> > The problem remains, however: How do I prevent spoofing? In this case they > have a real fear due to a board member who is soon to be ejected from the > board and have organizational membership taken away. They feel he is capable > (both emotionally and technically) of major disturbances on on

Re: [Mailman-Users] Challenge/Response

2007-02-10 Thread Stephen J. Turnbull
Bob Morse writes: > The problem remains, however: How do I prevent spoofing? In this case they > have a real fear due to a board member who is soon to be ejected from the > board and have organizational membership taken away. They feel he is capable > (both emotionally and technically) of majo

Re: [Mailman-Users] Challenge/Response

2007-02-09 Thread Brad Knowles
At 3:54 PM -0800 2/9/07, Bob Morse wrote: > The problem remains, however: How do I prevent spoofing? If the problem is that sensitive, then your only option that I can see is to use human moderation. For each message that comes in, you have a human look at it to see if it's legitimate or not,

Re: [Mailman-Users] Challenge/Response

2007-02-09 Thread Bob Morse
Thank you all for your insights in the Challenge/Response question. I am convinced this is not the way to go. In fact, I used some of the same arguments to the client when he brought it up. The problem remains, however: How do I prevent spoofing? In this case they have a real fear due to a board m

Re: [Mailman-Users] Challenge/response

2007-02-09 Thread Jay Chandler
Bob Morse wrote: > I have a client who is concerned about his list subscriber addresses being > spoofed. In other words someone who knows the addresses of people on the > list can set up a mail server and spoof the subscriber so he can post nasty > things to the list. He would like to set up a chal

Re: [Mailman-Users] Challenge/response

2007-02-08 Thread vancleef
> > I have a client who is concerned about his list subscriber addresses being > spoofed. In other words someone who knows the addresses of people on the > list can set up a mail server and spoof the subscriber so he can post nasty > things to the list. He would like to set up a challenge/response

Re: [Mailman-Users] Challenge/response

2007-02-08 Thread Stephen J. Turnbull
Brad Knowles writes: > Challenge/response is one of the most vile inventions that has ever > been applied to the concept of Internet e-mail. *chuckle* I wouldn't go so far, since the spam that evoked it is far worse, but I'm steadfastly opposed to challenge-response. If you absolutely *must*

Re: [Mailman-Users] Challenge/response

2007-02-08 Thread Paul Tomblin
Quoting Brad Knowles ([EMAIL PROTECTED]): > At 1:40 PM -0800 2/8/07, Bob Morse wrote: > > He would like to set up a challenge/response mechanism > > so that when [EMAIL PROTECTED] posts to the list, [EMAIL PROTECTED] gets > > sent a > > copy of the message and must confirm th

Re: [Mailman-Users] Challenge/response

2007-02-08 Thread Brad Knowles
At 1:40 PM -0800 2/8/07, Bob Morse wrote: > He would like to set up a challenge/response mechanism > so that when [EMAIL PROTECTED] posts to the list, [EMAIL PROTECTED] gets > sent a > copy of the message and must confirm that he/she was the sender before it > gets posted.

Re: [Mailman-Users] Challenge/response

2007-02-08 Thread Mark Sapiro
Bob Morse wrote: > >BTW, searching the archives at mail-arcihve.com gets a 404 error. I see that too, but that is a www.mail-archive.com issue. We can't do anything about it. See for info on searching

Re: [Mailman-Users] Challenge/response

2007-02-08 Thread Patrick Bogen
On 2/8/07, Bob Morse <[EMAIL PROTECTED]> wrote: > I have a client who is concerned about his list subscriber addresses being > spoofed. In other words someone who knows the addresses of people on the > list can set up a mail server and spoof the subscriber so he can post nasty > things to the list.

[Mailman-Users] Challenge/response

2007-02-08 Thread Bob Morse
I have a client who is concerned about his list subscriber addresses being spoofed. In other words someone who knows the addresses of people on the list can set up a mail server and spoof the subscriber so he can post nasty things to the list. He would like to set up a challenge/response mechanism