The mailing list for listmasters using Sympa

[Olivier Salaun <address@concealed>]

Hi,

Tech wrote:
> 
> I am wondering if someone can explain if it is possible to have sympa
> only accept a outgoing message from the web interface only . not allowing
> and mailed in messages .so that the user has to log in to send a message out
> to the other subscribers?
> Reason we have had a few malicious folks use the mail in method to pass
> things through that should not go through.

You can set a 'send' scenario for the list that requires 'md5' authentication 
:
Example :
        is_subscriber([listname],[sender])   smtp -> request_auth
        is_subscriber([listname],[sender])   smime,md5    -> do_it
        true()                               smtp,md5,smime -> reject

This means that only suscribers are allowed to post ; they should :
        * either authenticate ans send from the web
        * send and email that will require a (md5) confirmation

This way you will prevent From: SMTP header fields forging.

If you want to force people to use the web interface, you just need
to delete first rule (is_subscriber([listname],[sender])   smtp -> 
request_auth).
This way the scenario will never be evaluated with 'md5' authentication 
method.

> Also has anyone fond a opensourse virus detection program that does work
> with sympa

We just implemented support for Clam antivirus 
(http://clamav.elektrapro.com/) 
this morning ; it should be available in CVS tomorrow.

--
Olivier Salaün
Comité Réseau des Universités