Majordomo-Users: Re: Security hole?

Majordomo-Users
(April 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Security hole?
From:	James Cook <jcook @ netcom . com>
Date:	Wed, 20 Apr 1994 10:26:16 -0700 (PDT)
To:	Paul Crossman <pcrossma @ avid . com>
Cc:	"Jonathan B. Horen" <horen @ applicom . co . il>, majordomo-users @ GreatCircle . COM
In-reply-to:	<199404201556.AA1778620650@avid.avid.com>


On Wed, 20 Apr 1994, Paul Crossman wrote:

> >and they're "in", at least, as far as posting email is concerned,
> >via SMTP (Simple Mail-Transport Protocol).  They can't delete or
> >edit anything, but they *can* post mail to anybody, anywhere,
> >using any name they wish.
> >
> >So, using this command Joe Joker can enter, and then set
> >MAIL FROM: your_name
> >RCPT TO: your_list_alias
> >DATA: .....
> 
> Another free consult for the list...
> 
> You can get around this by installing tcp_wrappers and wrapping sendmail.  Mail
> will not go out instantly, but outside users can't play with your sendmail port
> either.
> 

If it is that easy to post to a private list, then is it also 
easy/possible for these non members to READ the list traffic/messages? 

James

Follow-Ups:

Re: Security hole?
From: "Michael J. Corrigan" <corrigan@ucsd.edu>

References:

Re: Security hole?
From: Paul Crossman <pcrossma@avid.com>

Indexed By Date	Previous:	Re: Security hole? From: James Cook <jcook@netcom.com>
Indexed By Date	Next:	Re: Security hole? From: "Michael J. Corrigan" <corrigan@ucsd.edu>
Indexed By Thread	Previous:	Re: Security hole? From: David Barr <barr@pop.psu.edu>
Indexed By Thread	Next:	Re: Security hole? From: "Michael J. Corrigan" <corrigan@ucsd.edu>