Majordomo-Users: Re: Is there a way to only allow postings to a list from list members?

Majordomo-Users
(August 2001)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Is there a way to only allow postings to a list from list members?
From:	Chip Old <fold @ bcpl . net>
Date:	Mon, 20 Aug 2001 17:18:41 -0400 (EDT)
To:	Majordomo-Users <majordomo-users @ GreatCircle . COM>
In-reply-to:	<Pine.LNX.4.33.0108201406400.19521-100000@syslang.syslang.net>

On Mon, 20 Aug 2001, Steven W. Orr wrote:

> I just had a virus injected into a list from some spammer who forged
> headers saying that he was from hahaha@sexyfun.com
>
> Is there a way to do this?

That wasn't a deliberate spammer attack, it was sent by a PC infected by
the Hybris Worm.  A Hybris-infected PC watches the data stream into and
out of the PC, looking for e-mail addresses.  When one is found, Hybris
sends its characteristic "Snowhite..." message to that address with
"hahaha@sexyfun.net" on the "From:" line.  Typically the PC's owner
doesn't even know this is going on.  He isn't guilty of spamming or
deliberately spreading a virus, he's just guilty of being stupid enough to
open an unknown file attachment, infecting his PC.  If Hybris on his PC
detected your list address and sent mail to it, that means the infected PC
probably belongs to one of your list members.

If Majordomo accepted a message from "hahaha@sexyfun.net", then obviously
it's an open list (meaning non-subscribers can post to it).  Use
"restrict_post" in your list.config file to make your list a closed list,
i.e. allow postings to the list only by list members.  Unless some jerk
actually subscribes as "hahaha@sexyfun.net", messages from that address
will be bounced to the listowner for approval.  Obviously you don't want
to approve them.

To preclude the possibility of some idiot actually subscribing as
"hahaha@sexyfun.net", set "subscribe_policy" in your list.config file to
"open+confirm".  This will cause a request for confirmation to be sent to
the address shown on every subscription request.  Since
"hahaha@sexyfun.net" is a bogus address, the confirmation request will
never reach the idiot who tried to subscribe, and "hahaha@sexyfun.net"
will never be subscribed.

Set maxlength in your list.config file small enough to preclude most
attachments.  The default is 40000 characters.  Unless you really want
people to be able to post ultra-long messages, set it down to 20000 or
even 15000.  Messages longer than maxlength will be bounced to the list
owner for approval.  If it's just a very wordy message, you can approve
it.  If it's long because of an infected file attachment, naturally you
won't approve it.

Or you can use "demime" to convert MIME-encoded messages to plain text.
This will strip off attachments.  I don't use demime, but others here can
fill in the details.

-- 
Chip Old (Francis E. Old)             E-Mail:  fold@bcpl.net
Manager, BCPL Network Services        Phone:   410-887-6180
Manager, BCPL.NET Internet Services   FAX:     410-887-2091
Baltimore County Public Library
320 York Road
Towson, MD 21204  USA

References:

Is there a way to only allow postings to a list from list members?
From: "Steven W. Orr" <steveo@syslang.net>

Indexed By Date	Previous:	RE: EASY PROBLEM..i hope From: jwesley@cmaontheweb.com
Indexed By Date	Next:	Re: Is there a way to only allow postings to a list from list members? From: jacks@sage-american.com
Indexed By Thread	Previous:	Is there a way to only allow postings to a list from list members? From: "Steven W. Orr" <steveo@syslang.net>
Indexed By Thread	Next:	Re: Is there a way to only allow postings to a list from list members? From: jacks@sage-american.com