Great Circle Associates Majordomo-Users
(November 2001)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: preventing unauthorized distribution via list-outgoing.
From: Ezra Bick <ebick @ etzion . org . il>
Date: Thu, 22 Nov 2001 13:46:56 +0200 (IST)
To: majordomo-users @ greatcircle . com

We run about 20 majordomo lists reaching 16,000 subscribers.

Lately there has been a virus on some users computers, which 
automatically sends itself in reply to any mail received.

Hence, it was being sent to the list by infected subscribers.

I changed all lists to moderated with approval required, so the virus 
messages were bounced to the moderator (and deleted).

BUT - the virus has taken to sending itself to <list-outgoing>, which 
then resends to the whole list and effectively avoids all restrictions 
found in the list configuration file.

This seems to be a rather large whole, which could be used by spammers as 
well as viruses. By simply adding -outgoing to the name of a list, anyone 
can send anything to any list.

What can be done?

ebick@etzion.org.il



Follow-Ups:
Indexed By Date Previous: RE: Post Resticts
From: "Cencigh, Maurizio {POYD~Kaiseraugst}" <MAURIZIO.CENCIGH@Roche.COM>
Next: Re: preventing unauthorized distribution via list-outgoing.
From: Michael Donohue <webmaster@bard.net>
Indexed By Thread Previous: Re: nonadvertise
From: "Jay O'Brien" <jayobrien@att.net>
Next: Re: preventing unauthorized distribution via list-outgoing.
From: Michael Donohue <webmaster@bard.net>

Google
 
Search Internet Search www.greatcircle.com