[ Nina Sweeney writes: ]
> How do I tell Majordomo not to post messages from people who
> are not subscribers to a list?
In your list.config file:
# restrict_post [restrict_post] (undef) <resend>
# If defined only address listed in one of the files (colon or space
# separated) can post to the mailing list. This is less useful than it
# seems it should be since there is no way to create these files if
# you do not have access to the machine running resend. This mechanism
# will be replaced in a future version of majordomo/resend.
restrict_post =
In other words, set restrict_post = /path/to/the/list/file. The
biggest problem with this is that resend ignores Reply-To headers
while majordomo uses them. That means that if a user uses a Reply-To
header (that's different from his sending address) then resend doesn't
recognize him as a subscriber even though he receives list mailings.
Fixing resend is trivial (see below), but it presents a security problem
because then a malicious user who knows a legitimate subscriber address
can simply insert that address in a Reply-To header when mailing to
the list. Of course he won't receive any replies (even worse, the poor
subscriber whose address he used *will*), but resend allows him to crash
the (restricted) list masquerading as someone else (although he could
probably do this anyway by spoofing the mail headers, but that's a
little more difficult than simply telling his mailer to add a Reply-To
header).
Note that this is simply *a* patch, certainly not the optimal patch for
resend to recognize the Reply-To header:
> Date: Wed, 29 Mar 1995 17:30:03 -0800
> From: John Relph <uunet!presto.ig.com!relph>
> Subject: Reply-To as From?
>
> I created a mailing list and specified that only people subscribed to
> the list can send to it (restrict-post = listfile). One thing I
> noticed is that many subscribers have a different actual e-mail
> address ("From") than the one they have specified as their
> subscription address, and that these users tended to specify their
> subscription address as their "Reply-To" address.
>
> So I thought to myself, why not check the user's "Reply-To" address
> against the list (in addition to checking their "From" address)? Yes,
> I realize there might be a small price to pay in insecurity, but what
> the hell...
>
> On that note, here are the changes to "resend" (1.93). Oh, there are
> also some headers I additionally chose to ignore.
>
> -- John
>
> ---- cut here ----
> *** resend.ORIG Wed Mar 29 17:22:46 1995
> --- resend Wed Mar 29 17:21:52 1995
> ***************
> *** 191,198 ****
> || /^sender:/i
> || /^return-receipt-to:/i
> || /^errors-to:/i
> || /^return-path:/i
> - || (/^reply-to:/i && defined($opt_r)) # skip only if "-r" set
> || (/^precedence:/i && defined($opt_p)) # skip only if "-p" set
> || (/^received:/i && defined($opt_R)) # skip only if "-R" set
> || (/^\s/ && ! $kept_last) # skip if skipped last
> --- 191,201 ----
> || /^sender:/i
> || /^return-receipt-to:/i
> || /^errors-to:/i
> + || /^flags:/i
> + || /^resent-/i
> + || /^priority/i
> + || /^x-pmrqc:/i
> || /^return-path:/i
> || (/^precedence:/i && defined($opt_p)) # skip only if "-p" set
> || (/^received:/i && defined($opt_R)) # skip only if "-R" set
> || (/^\s/ && ! $kept_last) # skip if skipped last
> ***************
> *** 227,232 ****
> --- 230,242 ----
> s/^subject:\s*/Subject: $foo /i if !/$foo_pat/;
> }
>
> + if ( /^reply-to:\s*(.+)/i ) {
> + $reply_to = $1;
> + if (defined($opt_r)) { # skip only if "-r" set
> + $kept_last = 0;
> + }
> + }
> +
> if ( /^from:\s*(.+)/i )
> {
> $from = $1;
> ***************
> *** 333,338 ****
> --- 343,357 ----
> $infile = 1;
> last;
> }
> + elsif ( defined($reply_to) && open (LISTFD, "<${file}") != 0 ) {
> + @output = grep (&addr_match($reply_to, $_), <LISTFD>);
> + close (LISTFD);
> +
> + if ( $#output != -1 ) {
> + $infile = 1;
> + last;
> + }
> + }
> } else {
> die("resend:a Can't open $file: $!");
> }
--
Dave Wolfe *Not a spokesman for Motorola* (512) 891-3246
Motorola MMTG 6501 Wm. Cannon Dr. W. OE112 Austin TX 78735-8598
Follow-Ups:
References:
|
|
