On Mon, 5 Apr 1999, Jennifer L. Snell wrote:
> The list that this alias uses had been literally "locked down" because it
> was used only to distribute a single piece information to a very select
> group of people.
> * Nobody but us could post to this list (using the posters feature)
> * The list file was deleted every night
> and dynamically regenerated with new email addresses.
> * The configuration file wouldn't allow anybody to get
> ANY list information, etc.
>
> We tested this configuration and put the program that uses it into
> production approximately six months ago. It worked flawlessly ever since.
> Then, last Monday, it suddenly failed and a group of customers received
> about 40 unwanted emails.
>
By 'locked down', do you mean you implemented all the suggestions in the
FAQ section 3.6?, Specifically:
1) add O PrivacyOptions=noexpn to your sendmail.cf
2) Change the name of your list-outgoing alias to something non-guessable.
3) Add a second, dummy address to the main list alias, so the
list-outgoing alias name does not appear in the received: header.
4) bounce any mail addressed to the outgoing alias via the virtualuser
table.
These measures together serve to prevent external entities from
discovering and mailing to the list-outgoing alias directly.
--
Rick Green
Please note my new address: <rtg@mich.com>
--------------------------------------------------------------------
Microsoft has just announced it is renaming Windows NT version 5 to
"Windows 2000."
Is that the ultimate millennium bug or what?
References:
|
|
