[ Gregory Losik writes: ]
>
> However, when one sends mail to "test@..." approval process works as
> designed. But when user sends mail to "test-list", it gets posted without
> any approval. I though of renaming "test-list" to "test-SECRET" but then
> one can telnet to port 25 and get the name without problems again.
[ This is canned message hide Sun Sep 24 15:32:30 CDT 1995 ]
Here's how you hide your actual mail list alias from list spammers:
1. Pick a non-obvious outgoing list alias name, e.g. "testlist-uzpl"
instead of "testlist-outgoing".
2. Turn off EXPN and VRFY in sendmail.cf (Opnoexpn,novrfy).
3. Use a parameter file for resend parameters:
testlist: "|/.../wrapper resend @/.../testlist.parms"
4. In the parameter file, specify more recipients than just the
outgoing list alias, e.g.:
-l testlist
-h foo.bar.com
testlist-uzpl,nobody
(Don't forget to alias "nobody" to /dev/null.)
5. Don't allow any more file permissions than absolutely necessary on
any of the Mj files and/or don't allow user logons on the Mj server
machine and don't export the file system where the Mj files live.
I.e., is it *really* necessary to have world read permissions on
anything but the subscriber list file itself? I get along fine with
0660 on all the list.* files and 0664 on the list files.
--
Dave Wolfe
References:
|
|
