On Fri, Oct 03, 2003 at 11:24:30AM -0400, John Heffernan wrote:
> I have been beefing up my security in Majordomo 1.94.5. I am using sendmail
> 8.12.9. The technique of using sendmail virtusertable is working well - too
> well. All messages are being blocked due to unknown user. Here is the
> virtusertable, aliases, bounce email, and Sendmail log entries. When I go
> back to no virtusertable, all is well except I can post to the outgoing list
> directly (I do have restrict post set to the list file itself so only list
> members can post.)
You might want to try a different approach (And one that I've
been using for quite a while).
Rather than trying to randomize the -outgoing address, just block
access to it from the outside.
Here are 2 bits of code to drop into your .mc file that will
block access to -outgoing addresses from anyplace other than
localhost:
#
# block direct access to -outgoing majordomo aliases
#
Koutgoing regex -a@MATCH \-outgoing$
(be sure to separate the left and right side with tabs, not spaces:
SLocal_check_rcpt
# kill attempts to send directly to majordomo's -outgoing aliases
R$* $:$&{client_addr}<>$1
R127.0.0.1<>$* $@ LOCALMAILISOK
R$*<>$* $:$2
R$* $: <> $>Parse0 $>3 $1
R <> $+ < @ $=w . > $: $(outgoing $1 $)
R <> < @ $=w . > : $+ $: $(outgoing $2 $)
R <> $* < @ $* > $* $: NOMATCH
R <> $+ $: $(outgoing $1 $)
R@MATCH $#error $: 550 Do not use -outgoing address
Follow-Ups:
References:
|
|
