The mailing list for listmasters using Sympa

[Olivier Salaun - CRU <address@concealed>]

Hi Marco,

I don't fully understand your description of how Smartlist authenticates 
users, but here is how Sympa deals with this :

Default 'subscribe' authorization scenario is 'subscribe.open' that does 
no authentication of user, trusting the From: SMTP header field. But 
Sympa can be cautious... First of all when subscribing from the web 
interface, the user needs to authenticate with the password (s)he 
received by mail. When subscribing by email, the 'subscribe.auth' 
requires to confirm his/her request via email.

If you have a look at some authorization scenarios, you'll note the 
'smime' authentication methods that make it possible to authenticate via 
S/Mime signed commands/messages. Sympa can also distribute S/Mime 
encrypted messages, but this is no more authentication...

You should read the "authorization scenarios" chapter of Sympa reference 
manual :
http://www.sympa.org/doc/html/

Marco Gaiarin wrote:

> [...]
> I've still a problem with it, and is a real low-level, where smartlist
> seems unbeatable...
>
> In smartlist there's an algorithm that ``calculate'' the real sender,
> and is very effective, thanks to a very complicated procmail recipe.
> In smartlist is common to have, in closed list, the from set to a
> ``foreign'' (not subscribed) addess, the sender a ``known'' (subscribed)
> addess, and the message pass.
> Really, this is the smartlist method to ``approve'' a message: the list
> owner simply bounces the message back to the list.
>
> I've setup also 2 closed list in sympa, but it sufficies to alter the
> from to let the message pass. I send all the (home) mail from the
> domain bbs.lilliput.linux.it , i've simply put in the from: the address
> subscribed (marcogaio (at) libero.it) and the message pass.
> I've done the same test from this (work) domain, sv.lnf.it.
>
>
> This is known?! Is a bug or a feature?! There's some obscure feature of
> sympa to enable strict sender check?!
> If not, could be implemented the ``real sender identification''
> algorithm in sympa?! I think is not so hard to convert a procmail
> recipe in an equivalent perl regexp...
>  
--
Olivier Salaun
Comite Reseau des Universites