>>>>> "JH" == "J Hopkinson" <J.F.L.Hopkinson@dl.ac.uk> writes:
JH> ie. almost the exact contents of the lines in the alias file, not the
JH> contents of any file refered to there. Is my system unusual ?
You're unusual in that you're using bulk_mailer. If you had an :include:
statement, you'd (probably) get the entire list. So in your case someone
cannot get the entire address list but they can bypass all of the content
checks and moderation you may have in place by sending mail straight to
your outgoing list (assuming that they could find its name, which you have
made quite difficult by using a secret name and hiding the resend options
in a file using the special resend `@' option).
JH> As others have noted you can also disable the vrfy and expn commands in
With the setup you use, you can leave SMTP VRFY and EXPN enabled and still
be secure in the sanctity of your address list and your content checks.
There is another way to prevent spammers from sending to your outgoing
alias even if they know it's name. You can change the "mailer" variable in
majordomo.cf to instruct Sendmail to use an alternate alias file (-oA
file), and have that file contain the outgoing alias.
Jason L. Tibbitts III - firstname.lastname@example.org - 713/743-8684 - 221SR1
System Manager: University of Houston High Performance Computing Center
1994 PC800 "Kuroneko" DoD# 1723