Next: Denial of service, Previous: Digest generation and archive retrieval, Up: Ezmlm-idx security
ezmlm-manage(1) functions can be made more convenient, at the expense of security. There have been many requests for these options, so they have been added, although we recommend against using them:
The ezmlm-manage(1) -S switch eliminates the subscriber handshake from subscribe requests. Thus, it is no longer necessary for the subscriber to confirm the subscription. This is not secure, but may be convenient for some moderated lists. Use only with extreme caution. The ezmlm-manage(1) -U switch similarly eliminates subscriber confirmation from unsubscribe requests. Again, this is insecure and useful only under special circumstances. If the list has any moderators (remote or modsub), requests to (un)subscribe an address other than sender are still routed to a moderator. This is similar to how some other lists work. Naturally, this is insecure because it relies on SENDER. Unsubscribe requests are always non-moderated, since, IOHO, it seems un-ethical to force a subscriber to remain on a list. Where an unsubscribe confirm request is sent out it is (also) sent to the target, except when the request was initiated by a moderator on a list with remote administration (DIR/remote exists).
The (un)subscription target is always informed about completed (un)subscribe request, whether initiated by that address, another address, or by a moderator. Thus, attempts of a user or moderator to subscribe an address will be brought to the attention of the user receiving mail at that address.