Service= area1,area2,...

This keyword is not available in LISTSERV Lite.

Defines the 'service area' outside of which subscription requests must not be accepted.  The default value is "Service= *" (e.g., allow any host).

There are several different usages for the Service= keyword.

If the list is not peered (i.e., Peers= is not set):

When a SUBSCRIBE command is received, it is evaluated against the Service= value to ensure that the requestor is acceptable; if not, the subscription request is denied.  If it is desirable to restrict subscription requests to only certain domains and/or subdomains, defining those domains and/or subdomains in Service= will prevent subscription requests from outside your defined service area from being accepted.  For instance, say that STATEUNI.EDU wants to limit subscription requests for a campus-wide notice list to only users within its own domain:

Service= STATEUNI.EDU,*.STATEUNI.EDU

In this example, subscription requests are acceptable only from users with addresses like *@stateuni.edu, or *@student.stateuni.edu, etc.  Users from all other domains are told that they are not authorized to subscribe to the list.

Breaking this down, the first definition (STATEUNI.EDU) allows all users @stateuni.edu (that is, who have addresses in the base domain); the second definition (*.STATEUNI.EDU) allows users from any subdomain defined within the stateuni.edu domain.  Both definitions are necessary in order to include all possible users within the stateuni.edu domain.

If the list is peered (i.e., Peers= is set):

(This is uncommon in modern times, but there are still a few peered lists running -- LSTSRV-L is one.)

When a SUBSCRIBE command is received, the "Peers=" keyword is checked first to see if there is a nearer peer list in the network. If this is the case, the command is forwarded to this nearer peer server. If not, the service area is checked to ensure that the recipient is acceptable; if it is not, the subscription request is denied. When the command is forwarded to a peer, the destination peer server might still deny access to the list if the subscriber is outside its own service area, if any.

It is important to note that the service area check is made only after the "best placement" check. This allows several servers in the same country to share an identical service area, for example "Service= Germany", and still have users subscribed to the best possible server.

For lists (whether peered or not peered) running the web archive interface:

It is possible to define "Service=" in terms of IP address blocks in order to limit access to list archive notebooks via the web archive interface. This is implemented as follows:

      1. Notebook= ...,Service
      2. "Service=" can contain entries of the form:

[^]IP(a.b.c.d[/e])

      1. For any other keyword (call it "xxx") in "Service=" which contains neither period, wildcard nor parentheses, if a site configuration variable called IP_xxx is defined, it is processed using the syntax in #2, except that the IP() is implicit, i.e., the syntax would be (for unix; no quotes for Windows as usual):

IP_MYNETWORK="192.36.125.0/24 ^192.36.125.199"

The corresponding setting in "Service=" would then be something like

Service= example.com,*.example.com,MYNETWORK

("IP_" must not be specified in "Service=".  LISTSERV understands that when you specify "Service= MYNETWORK", you mean for it to look at the value set in the IP_MYNETWORK site configuration variable.)

If both #2 and #3 are present, they are combined. Likewise, you can have multiple occurrences of #2 or #3 and they will just be combined.

Access will be granted to the web archives if the IP address matches at least one of the entries that do not begin with a ^ (you can also use a minus sign if you prefer) AND the IP address does not match any of the negative entries. Otherwise you get a normal login request without any further comment.

Note carefully that LISTSERV does not do a reverse lookup on the IP addresses you code into the Service= keyword! When coding IPs into Service= you must also code in FQDN values for allowed hostnames. Thus if you have a list that should be restricted to the 192.36.0.0/16 subnet, which belongs to a domain called FOO.COM, you really have to code something like

* Service= FOO.COM,*.FOO.COM,IP(192.36.0.0/16)

in order for everyone in the FOO.COM domain who needs access to be able to have it.

Note:  The hosts allowed or disallowed by the IP() entries apply only to web interface access.  IP() entries are not intended as, nor do they work as ACLs to allow or prevent email access to LISTSERV.  If you wish to restrict email subscriptions to only specific domains, e.g., for lists that are open only to people in your corporate or organizational domain(s), you must define those domains in Service= as explained above.

See also: Peers=