Great Circle Associates Majordomo-Users
(May 1998) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Spam that can bypass MajorDomo?
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>
Date: 15 May 1998 17:55:46 -0500
To: majordomo-users @ GreatCircle . COM
In-reply-to: Thomas Gramstad's message of "Fri, 15 May 1998 23:43:36 +0200"
References: <199805131839.OAA19177@krusty.mint-tech.com> <199805131839.OAA19177@krusty.mint-tech.com> <3.0.5.32.19980514093015.009f2a20@stingray.ivision.co.uk> <MM.895268616.26717.solva@ifi.uio.no> 
>>>>> "TG" == Thomas Gramstad <thomasg@ifi.uio.no> writes:

TG> The impression I got from the original posting was that the spammer had
TG> discovered that by forging the From:-field to show the list-owner's
TG> name and address, the spammer was able to bypass the checks, posting
TG> spam in the list-owner's name.

Of course, this works only for restrict_post-style semimoderation, not for
true moderation.  To bypass the latter, you really must have the password.

TG> That would of course be technically possible.

Trivial, actually.  There isn't any easy away around it, short of
cryptographically signing all message and having the list server verify the
signature (possible, and essentially awaiting a good Perl cryptographic
module) or requiring confirmation of all messages by the poster (which is
possible with Majordomo2 alpha).

The outgoing alias is still the most problematic hole, but it's only there
if you don't do something about it.  None of my lists have outgoing
aliases, and I have EXPN and VRFY enabled.

 - J<
References:
Indexed By Date Previous: Re: Spam that can bypass MajorDomo?
From: Thomas Gramstad <thomasg@ifi.uio.no>
Next: Re: regex in "restrict_post =<file>"
From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Indexed By Thread Previous: Re: Spam that can bypass MajorDomo?
From: Thomas Gramstad <thomasg@ifi.uio.no>
Next: Regex Question
From: "Tee Emm" <tm@hotmail.com>
Google
 
Search Internet Search www.greatcircle.com