Hi Eric,
Eric Rountree wrote:
>
> I'm hoping that Majordomo will provide a solution to a problem we encountered a
> couple of weekends ago. I run a Solaris 2.6 box (Enterprise 3500) that acts as
> the main UNIX server for our undergraduate labs. I maintain student accounts and
> mailing lists on this box. Currently the lists are just text files with aliases
> pointing to them (/etc/mail/aliases with NIS). The "problem" was a mail storm
> that occurred after a student inadvertently "replied to all" in response to an
> announcement about a programming contest. Several people took it upon themselves
> to chastise him for his mistake (replying to all, of course), and it took off
> from there. All students received over fifty junk messages, which became
> progressively more rude as the weekend went on. Two students decided that it
> would be fun to subscribe the list to a porn newsletter. Sigh.
>
> I know that I can set up a list so that only certain addresses can post to it.
> That is exactly what I want. Unfortunately, there seems to be a hole in this
> security. The documentation instructs me to set up the following aliases if I
> want to use the resend processing:
>
> test: "|/usr/test/majordomo-1.94.3/wrapper resend -l test test-list"
> test-list: :include:/usr/test/majordomo-1.94.3/lists/test
>
> It looks to me like the test-list alias is insecure. Anyone who knows enough to
> do a "ypcat -k aliases" (and all our students have UNIX shell access if they
> want it) can find out the name of this alias. If you send directly to test-list,
> you essentially bypass the resend processing and send your message directly to
> the list.
>
First, majordomo can't help you with NIS queries or anybody reading files at
the OS level. Majordomo and sendmail can help you hide test-list from external
discovery where users are not local to the file system. Procmail and formail
may be able to help protect the test-list address from being used directly, but
a good email hacker could still get past that barrier.
> Is there a way around this?
>
> Okay, I'm almost done. Sorry this is so long. This leads me to my second
> question: Is there a way to hide the To: address in the message headers. I
> really don't want students on the list to know the name of the list. I probably
> sound really paranoid, but some of these people are incredibly immature, and I
> want to take whatever steps I can to hide these list addresses from them.
You "want" the To: address to be the list@host.domain.tld.
You want replies to come back to the list, (reply_to = $LIST) in list.config
You do not want the Received: lines to display the list-outgoing: alias.
You want the list moderated. (moderate = yes and restrict_post = list.post) in list.config
In list.post include any/all addresses allowed to post to the list. (one per line)
You want sender = owner-list, subscribe_policy = closed, who_access = closed, which_access = closed, moderator = owner-list, unsubscribe_policy = closed+confirm, administrivia = yes in list.config
AND, you want to change the default admin_passwd and approve_passwd in list.config
You also have to secure your configuration at the filesystem level.
Dan Liston
References:
|
|
