Rino Lam wrote:
>
> today. Somebody tried to post a message to the address
> majordomo-<listname>-outgoing@mydomain directly, instead of the
> traditional default list address <listname>@mydomain. The setting
>
I have just encountered the same problem while testing/reconfiguring a
list.
test: "|/usr/test/majordomo-1.94.3/wrapper resend -l test
test-list"
test-list: :include:/usr/test/majordomo-1.94.3/lists/test
owner-test: you,
test-owner: you
test-request: "|/usr/test/majordomo-1.94.3/wrapper majordomo -l
test"
This example, taken from the 'newlist' file shows a properly configured
set of aliases, however the alias "test-list" seems to be a fairly
obvious opportunity for spam exploitation. It bypasses resend and our
dear <list>.config settings. The only solution I can think of off the
top of my head is to make the ":include:" alias something cryptic, so
that potential spammers would have trouble guessing it:
test: "|/usr/test/majordomo-1.94.3/wrapper resend -l test
test-zzoutgo898"
test-zzoutgo898: :include:/usr/test/majordomo-1.94.3/lists/test
Are we missing something obvious here?
--
Leon Rothenberg
Mission Critical Systems,
Computer Task Group
Follow-Ups:
|
|
