[ Phil J. Grabner writes: ]
>
> i am trying to create a moderated list, and, as such have following
> aliases set (amongst others):
>
> test: "|/home/majordomo/wrapper resend -l test test-list"
> test-list: :include:/home/majordomo/lists/test, test-digestify
>
> so now, whenever somebody posts to "test", it gets bounced to me, and i
> can approve/disapprove as desired. but, if somebody posts to "test-list",
> i don't get prompted at all.
>
> is there a way around this, or is this just one of majordomo's security
> holes?
[ This is canned message hide Sun Sep 24 15:32:30 CDT 1995 ]
Here's how you hide your actual mail list alias from list spammers:
1. Pick a non-obvious outgoing list alias name, e.g. "testlist-uzpl"
instead of "testlist-outgoing".
2. Turn off EXPN and VRFY in sendmail.cf (Opnoexpn,novrfy).
3. Use a parameter file for resend parameters:
testlist: "|/.../wrapper resend @/.../testlist.parms"
4. In the parameter file, specify more recipients than just the
outgoing list alias, e.g.:
-l testlist
-h foo.bar.com
testlist-uzpl,nobody
(Don't forget to alias "nobody" to /dev/null.)
5. Don't allow any more file permissions than absolutely necessary on
any of the Mj files and/or don't allow user logons on the Mj server
machine and don't export the file system where the Mj files live.
I.e., is it *really* necessary to have world read permissions on
anything but the subscriber list file itself? I get along fine with
0660 on all the list.* files and 0664 on the list files.
--
Dave Wolfe
Follow-Ups:
References:
|
|
