The mailing list for listmasters using Sympa

[Aumont <address@concealed>]

Ralf Ebeling wrote:
> 
> Hi,
> 
> I've a list configured as a newsletter -> only editors (moderators)
> are allowed to post to the list...
> 
> I think it's easy to fake a mail coming from one of the editors;
> therefore the mail is send to all subscribers.
> 
> Moderation isn't applicable because the only editor is a robot (a
> PHP-Script) running at a foreign site.
The best way to provide a secure authentication is to use S/MIME signing. This
need you to 
-1- install a scenario dedicated to S/MIME. Something like

   is_editor([list],[sennder]) smime -> do_it
   true() smime,md5,smtp -> reject

-2- create or buy a X509 certificate for email sender (ie your PHP script) and
install it in a way that that script can access to the certificat and private
key

-3- write PHPcode that is able smime sign a message. Look at tools.pl in sympa
sources, it can help you.

Another way much more simple is to add in the message some secret header that
will be used by sympa send scenario and removed by sympa before ditributing
the message using "remove_headers" sympa parameter.

> 
> I read something about md5, but I don't know how to use it...
md5 is the named given to authentication based on one time password generated
using a fingerprint of a message. It is not so defficult to use in a case of a
automatic distribution process. The idea is to send the message to distribute
and generate the confirmation message sharing with Sympa the method to compute
the MD5 confirmation key.
-- 
-----------------------------------------------------------
Serge Aumont        Comité Réseaux des Universités
                     Campus Beaulieu 
                     35042 Rennes Cedex