Just so you are aware of this problem....
A spammer can post to a majordomo list by sending mail directly to the
list-outgoing alias, and avoiding calling up the majordomo scripts altogether.
All the checks and restrict-post stuff don't do anything in this case, and
the spammer doesn't have to be subscribed to the list.
The informative bit of info in DJ Chuang's email is that the spammer wasn't
a subscriber - this implies that in this instance the spam-attack was via
the list-outgoing alias.
I don't know how to stop it except for changing the aliases to something
less easily guessed, and hoping you don't break anything.
Any ideas, anyone?
At 07:53 PM 10/5/97 -0500, David Gibbs wrote:
>At 03:53 PM 10/1/97 -0500, DJ Chuang wrote:
>>I'm a new user to Majordomo, first time poster. As list owner and
>>recently noticed a spam get posted onto my mailing list. When I tried to
>>unsubscribe that spam sender's address, majordomo said that that user
>>a subscriber. Neither could I address an email to the spammer. How did this
>>spammer post onto my mailing list? What switches/ config do I need to set
>>that only legitimate subscribers are posting to the mailing list?
>Set the RESTRICT-POST config variable to your subscriber list and set your
>subscription policy to "open+confirm". That stops 99% of the spam on my
>Non-subscribers can't post and there's a 2nd (variable) step in the
>subscription policy, so spammers can't subscribe, post, unsubscribe.