Majordomo-Users: Re: IMPORTANT Question.

Majordomo-Users
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IMPORTANT Question.
From:	Grey Cloak <grycloak @ greycloak . access . one . net>
Organization:	Rainbow Holt
Date:	Mon, 3 Nov 1997 02:57:39 -0500 (EST)
To:	Mark Rauterkus <mrauterkus @ sportsurf . net>
Cc:	majordomo-users @ GreatCircle . COM
In-reply-to:	<199711030413.VAA27328@sportsurf.net>
Posted-date:	Mon, 3 Nov 1997 02:57:39 -0500
Reply-to:	Grey Cloak <grycloak @ greycloak . access . one . net>

On Mon, 3 Nov 1997, Mark Rauterkus wrote:

> >Can I safly removed listname-owner address or do I need to hack majordomo?
> >
> >A personage just discovered I had majordomo@ that lead to him grabbing
> >list and sending spam addressed to owner-listname. What is this address
> >use for in md?
> 
> Hi Grey Cloak,
> 
> I'm not sure if you can remove the listname-owner or not. But I am sure 
> that you can do other things. You write so little it is hard to 
> understand. But, to be sure, you don't need to "hack majordomo" -- 
> Rather, perhaps what you need to do is correctly set-up majordomo. 
> 
> As posted earlier today, there was a set of owner-listname and 
> listname-owner and such. Watch for summary post soon. In the end, all the 
> listname-owner things all point back to the system administrator. Sending 
> mail to owner-listname shouldn't send mail to a list. 
> 
> Perhaps you were trying to conceal "majordomo", yes? 
> Perhaps you didn't change the passwords?

Wasn't too sure about the owner purpose. So far nothing got through. I set
both list I running to close when I first set them up. Glad I did. 

This personage just attempted to zubscribed to the list that I run for
admistration communication. Only 4 people on it. So it failed. :)

I do have the address and did email the lamer ISP. 

The other list is a little larger, but also close. So far no activity
for unknow zubscribe attempt.

What happen is the following:

When I got home, there was an error message from majordomo. Showing an 
obvious spam. I assuming that the lamer tool the host part from a post
and added majordomo.

I put com, net, org, edu, and co in the no advertise so The large list
should not show up in the future.

I also recheck the aliases file, discovered that I would get the spam if
sent to owner*

I only going to work on -list and -outgoing. I have them set as in doc.
but it allows a direct spam. These the ony hole I see right now.

Is there a perl script that will:

A: check any incoming mail to -list, -outgoing against a zubscriber
list

B: Reject email not in list. (I on all lists)

C: mail the email if from someone on the list?

I would like to get it so that a spammer cannot bypass the security in
majordomo. an mail direct to -list or -outgoing.

Grey Cloak                            http://www.geocities.com/Area51/7614
----------------------------------------------------------------------------
To get:					 Send blank email to:
Informational Docs list__________________docslist@greycloak.access.one.net
Wizard FAQ (My Path)____________________wizardfaq@greycloak.access.one.net
----------------------------------------------------------------------------

References:

Re: IMPORTANT Question.
From: Mark Rauterkus <mrauterkus@sportsurf.net>

Indexed By Date	Previous:	Yet another patch attempt... needed some moderation From: David Gibbs <david@midrange.com>
Indexed By Date	Next:	Oh yeah... From: "Kevin Traas" <ktraas@uniserve.com>
Indexed By Thread	Previous:	Re: IMPORTANT Question. From: Mark Rauterkus <mrauterkus@sportsurf.net>
Indexed By Thread	Next:	Summary: Nagging thing with -outgoing in digest name changes? From: Mark Rauterkus <mrauterkus@sportsurf.net>