Great Circle Associates Majordomo-Users
(April 1999)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Security Failure
From: Rick Green <rtg @ mich . com>
Date: Mon, 5 Apr 1999 21:27:20 -0400 (EDT)
To: "Jennifer L. Snell" <jennifer_snell @ email . msn . com>
Cc: Majordomo-Users @ GreatCircle . COM
In-reply-to: <199904051640.LAA09452@fw.cpicorp.com>

On Mon, 5 Apr 1999, Jennifer L. Snell wrote:

> The list that this alias uses had been literally "locked down" because it
> was used only to distribute a single piece information to a very select
> group of people.
>     * Nobody but us could post to this list (using the posters feature)
>     * The list file was deleted every night
>         and dynamically regenerated with new email addresses.
>     * The configuration file wouldn't allow anybody to get
>         ANY list information, etc.
> 
> We tested this configuration and put the program that uses it into
> production approximately six months ago.  It worked flawlessly ever since.
> Then, last Monday, it suddenly failed and a group of customers received
> about 40 unwanted emails.
> 
By 'locked down', do you mean you implemented all the suggestions in the
FAQ section 3.6?, Specifically:
1) add O PrivacyOptions=noexpn to your sendmail.cf
2) Change the name of your list-outgoing alias to something non-guessable.
3) Add a second, dummy address to the main list alias, so the
list-outgoing alias name does not appear in the received: header.
4) bounce any mail addressed to the outgoing alias via the virtualuser
table.
  These measures together serve to prevent external entities from
discovering and mailing to the list-outgoing alias directly.

-- 
Rick Green
Please note my new address: <rtg@mich.com>
--------------------------------------------------------------------
Microsoft has just announced it is renaming Windows NT version 5 to
"Windows 2000."
Is that the ultimate millennium bug or what?



References:
Indexed By Date Previous: Re: Security Failure
From: Bryan Fullerton <bryanf@samurai.com>
Next: restrict_post - just making sure...
From: Vicki Brown <vlb@cfcl.com>
Indexed By Thread Previous: Re: Security Failure
From: Bryan Fullerton <bryanf@samurai.com>
Next: restrict_post - just making sure...
From: Vicki Brown <vlb@cfcl.com>

Google
 
Search Internet Search www.greatcircle.com