Home | FAQ | Manual | Ezmlm Manual Pages | Qmail Manual Pages | Readme | Upgrade | Downgrade

Remote administration setting - ezmlm-idx FAQ

Next: , Previous: Subscription moderation, Up: Ezmlm-idx security


21.7 Remote administration

A remote admin (-r) list adds the ability of the moderator to (un)subscribe any address. The price of this is that an attacker able to read moderator mail can (un)subscribe any address. The moderator handshake message will be delivered to the abused moderator address, which will alert that moderator and reveal the compromise. Another basic assumption is that action-date-cookie-address combinations are only sent to the target address or a moderator and that moderator action "combinations" are never sent to non-moderators.