[ Yan Lau writes: ]
>
> I've read the FAQ on hiding the outgoing alias so that users don't
> get around the resend checks and have not been able to get it to work.
> I know that I should change the outgoing aliases to some obscure
> name and to put the resend command in a file or disable expn and
> vrfy.
Y'all are making this too hard. The mechanism is already there, so
there's no need to break resend by trying to have it expand the list
itself (the limiting factor is the size allowed for command line
arguments; how is a Perl script supposed to portably determine that?)
1) Change the outgoing alias to something obscure.
2) Change the resend alias to have one argument, the pathname of the
file containing the resend arguments prefixed by the character '@',
e.g.:
listname: "|/somewhere/wrapper resend @/somewhere/lists/listname.parms"
3) Create the "listname.parms" file with the resend parameters,
including the outgoing alias followed by ",nobody", e.g.:
-l testlist
-h mail.host.com
testlist-kablooey,nobody
Be sure that "nobody" is an alias for /dev/null, i.e.:
nobody: /dev/null
The ",nobody" is what turns off the Received lines.
I don't think expn and vrfy matter at this point, but I could be wrong.
Turn 'em off anyway. If anyone is allowed to logon to the Mj machine
(even via rsh), you still have a hole via 'ps': sendmail runs with the
outgoing alias on the command line. The only way to plug that is to not
allow logons, but you can minimize the time sendmail hangs around by
adding sendmail flags to the .parms file to have sendmail just queue the
addresses and deliver them during the next queue run, e.g.:
-l testlist
-h mail.host.com
-m-odq
testlist-kablooey,nobody
--
Dave Wolfe *Not a spokesman for Motorola* (512) 891-3246
Motorola MMTG 6501 Wm. Cannon Dr. W. OE112 Austin TX 78735-8598
Follow-Ups:
References:
|
|
