At 1:21 PM -0500 3/25/97, Tabor J. Wells wrote:
>On Tue, 25 Mar 1997, Dave Wolfe wrote:
>
>> [ Tabor J. Wells writes: ]
>> >
>> > A couple of months ago some loser wrote a utilties for Windows called
>> > Avalanche which forges mailing list subscriptions [...] In each of
>> > these subscription bombs, all ~130 subscription requests come in the
>> > same message. So what I'm wondering is if anyone has patched Majordomo
>> > to silently drop (or better yet forward the mail to a specified
>> > address) any mail which attempts to subscribe to more than x number of
>> > lists in the same message?
>>
>> Future versions (and evolution of Avalanche) notwithstanding, this looks
>> to me like a prime candidate for filtering. Mj 1.9x just processes
>> requests sequentially, so it'd have to add a lot of code to preprocess
>> the message itself or it'd be too late for the first N subscribe
>> requests by the time it figured out some limit had been exceeded. But
>> it wouldn't be too difficult for a deliver script to figure out that a
>> message was suspicious and reroute it for wetware scrutiny.
>
>I agree strongly. :) Do you have any suggestions on what I can do in the
>meantime? Hmm. Actually I have an idea which I should have thought of some
>time ago. At least one of the lists in the Avalanche config files no
>longer exists at Shore.Net. I'll just add that to the global taboo body
>setting in majordomo.cf which will bounce it as appropriate. :)
Unfortunately, all the taboo stuff (including global_taboo_body) only
applies to list postings (stuff processed by "resend"), not command
messages send to Majordomo itself. I suppose that you could set up your
aliases to use "resend" as an input filter for Majordomo, but that would be
pretty twisted...
-Brent
--
Brent Chapman Internet/intranet training and consulting,
Brent@GreatCircle.COM specializing in network design and security.
Great Circle Associates,Inc. Visit us at http://www.greatcircle.com/
Follow-Ups:
References:
|
|
