Great Circle Associates Majordomo-Users
(March 2004)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: security hole
From: Nicholas Anderson <nicholas @ fiocruz . br>
Date: Mon, 29 Mar 2004 09:50:58 -0300
To: "MajorDomo Administrator, MSER:EX" <Majordomo . Admin @ gems1 . gov . bc . ca>
Cc: Majordomo-Users <Majordomo-Users @ GreatCircle . COM>
In-reply-to: <>
References: <>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

I had this problem in my servers too but, unfortunatelly, i'm  not a 
programming expert, so i could not make a patch.
Since then, i was looking for a solution for this problem, and what i've 
found is that its possible to block message recipients through the 
"access" file in sendmail.
what i had to do was put a line like   " To:   REJECT "  in sendmail's access file.
With this option i stopped receiving this bullshit notification email, 
and my lists kept working.

If u use postfix u gotta add in your  "smtpd_recipient_restrictions"  
section a line like    "check_recipient_access 
hash:/etc/postfix/recipient,"  in your, and create the 
"/etc/postfix/recipient" file with alll the recipients u want to block, 
in this case,

This is working for me and i guess it will work for you, although its 
not a patch.


MajorDomo Administrator, MSER:EX wrote:

>We noticed a bad security hole with our majordomo lists.  It was brought to
>our attention by the list subscribers who were getting spoofed virus
>rejections.  The rejections were going to the listname-outgoing address and
>therefore bypassing the requirement for moderation.
>Has anyone else had this problem and how did they patch it?
>a template of aliases file config
>owner-l_tk_testlist: l_tk_testlist-owner
>l_tk_testlist: "|/home/majordomo/wrapper resend -l l_tk_testlist -h
> -f l_tk_testlist-owner l_tk_testlist-outgoing"
>l_tk_testlist-owner: me@myaddress
>l_tk_testlist-approval: l_tk_testlist-owner
>owner-l_tk_testlist-approval: l_tk_testlist-owner
>l_tk_testlist-outgoing: :include:/home/majordomo/lists/l_tk_testlist
>owner-l_tk_testlist-outgoing: l_tk_testlist-owner
>Majordomo Support   


Nicholas Anderson
Administrador Linux/Unix
Rede Fiocruz

  • security hole
    From: "MajorDomo Administrator, MSER:EX" <>
Indexed By Date Previous: Re: Archiving
From: Daniel Liston <>
Next: turning off help replies
From: Ezra Bick <>
Indexed By Thread Previous: Re: security hole (not) - bounces - law
From: Alvin Oga <>
Next: Security hole

Search Internet Search