Last week, we had an interesting experience with our Majordomo lists when a
sensitive email was accidentally directed out to one of the majordomo
aliases.
The list that this alias uses had been literally "locked down" because it
was used only to distribute a single piece information to a very select
group of people.
* Nobody but us could post to this list (using the posters feature)
* The list file was deleted every night
and dynamically regenerated with new email addresses.
* The configuration file wouldn't allow anybody to get
ANY list information, etc.
We tested this configuration and put the program that uses it into
production approximately six months ago. It worked flawlessly ever since.
Then, last Monday, it suddenly failed and a group of customers received
about 40 unwanted emails.
I'm up in arms about what happened here. I've worked with Majordomo for
three years now and I KNOW that the list config file is right. Does anybody
know of a bug in Majordomo or some sort of a hack that can get around the
security features?
I know of two other lists (different companies, different parts of the
United States) who experienced similar situations in about the same time
period.
We'd appreciate any feedback that you may have to offer.
Thanks.
Jennifer Snell
Webmaster/List Manager
Follow-Ups:
|
|
