Great Circle Associates Majordomo-Users
(November 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Preventing spam via *-outgoing alias?
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>
Date: 13 Nov 1996 13:44:23 -0600
To: Chris Shenton <cshenton @ it . hq . nasa . gov>
Cc: majordomo-users @ GreatCircle . COM
In-reply-to: Chris Shenton's message of Wed, 13 Nov 1996 11:31:20 -0500
References: <199611131631.QAA18215@wirehead.it.hq.nasa.gov>

>>>>> "CS" == Chris Shenton <cshenton@it.hq.nasa.gov> writes:

CS> Why isn't there a wrapper function which checks the sender,
CS> Received-by: headers, etc, to ensure that the originator is not some
CS> off-site toad, and if legitimate, then does the ":include:" thing
CS> itself?

Because it would still have to pass the authenticated mail off to sendmail,
which needs an alias somewhere that points it at the address list, i.e. an
outgoing alias.

CS> Has anyone done something like this?

It would do no good.

CS> Do alternative list manager programs also suffer from this same design
CS> flaw?

Some do, others talk SMTP directly and thus bypass the need to have the
mailer see an address list in a file somewhere.  Fortunately it is not
necessary to run Majordomo his way, viz:

fvwm-announce: "|/usr/local/lists/majordomo/wrapper resend
                -l fvwm-announce -h hpc.uh.edu nobody"

See, no outgoing alias.  EXPN and VRFY are allowed, with no security risk
to the list.  You cannot bypass the moderation, period, even if you are on
my site and can read the aliases file.

This is possible because I have written software called TLB (already
mentioned here by Evan) which acts as an intermediary between Majordomo and
your MTA.  You can retrieve a copy from ftp.hpc.uh.edu:/pub/tlb.  The
current version is 0.09a.  You must have Majordomo 1.94 to use it.  The
documentation could use some work (I'm no tech writer) but it is in use at
several sites and will eliminate the problem you describe.

Note that it is not the only way to solve the problem; sometimes it can be
solved by using an alternate sendmail config file which is used only within
Majordomo.  I think there is a FAQ entry on this, but I'm not sure.

 - J<


Follow-Ups:
References:
Indexed By Date Previous: member count for 1.93
From: "Dennis Black" <Dennis.Black@UAlberta.CA>
Next: Re: member count for 1.93
From: chris <chris@sparkie.osl.state.or.us>
Indexed By Thread Previous: Re:Preventing spam via *-outgoing alias?
From: "Kendall P Bullen" <kendall@his.com>
Next: Re: Preventing spam via *-outgoing alias?
From: Al Thompson <alt@aen.org>

Google
 
Search Internet Search www.greatcircle.com