I had this problem in my servers too but, unfortunatelly, i'm not a
programming expert, so i could not make a patch.
Since then, i was looking for a solution for this problem, and what i've
found is that its possible to block message recipients through the
"access" file in sendmail.
what i had to do was put a line like " To:
list-outgoing@mydomain.com REJECT " in sendmail's access file.
With this option i stopped receiving this bullshit notification email,
and my lists kept working.
If u use postfix u gotta add in your "smtpd_recipient_restrictions"
section a line like "check_recipient_access
hash:/etc/postfix/recipient," in your main.cf, and create the
"/etc/postfix/recipient" file with alll the recipients u want to block,
in this case, lists-outgoings@yourdomain.com
This is working for me and i guess it will work for you, although its
not a patch.
Nick
MajorDomo Administrator, MSER:EX wrote:
>We noticed a bad security hole with our majordomo lists. It was brought to
>our attention by the list subscribers who were getting spoofed virus
>rejections. The rejections were going to the listname-outgoing address and
>therefore bypassing the requirement for moderation.
>
>Has anyone else had this problem and how did they patch it?
>
>a template of aliases file config
>
>owner-l_tk_testlist: l_tk_testlist-owner
>l_tk_testlist: "|/home/majordomo/wrapper resend -l l_tk_testlist -h
>listsserver.ca -f l_tk_testlist-owner l_tk_testlist-outgoing"
>l_tk_testlist-owner: me@myaddress
>l_tk_testlist-approval: l_tk_testlist-owner
>owner-l_tk_testlist-approval: l_tk_testlist-owner
>l_tk_testlist-outgoing: :include:/home/majordomo/lists/l_tk_testlist
>owner-l_tk_testlist-outgoing: l_tk_testlist-owner
>
>Thanks,
>Majordomo Support
>mailto:Majordomo.Admin@gems1.gov.bc.ca
>
>
>
--
Nicholas Anderson
Administrador Linux/Unix
Rede Fiocruz
http://www.redefiocruz.fiocruz.br
e-mail: nicholas@fiocruz.br
Tel:(21)2598-4499
References:
-
security hole
From: "MajorDomo Administrator, MSER:EX" <Majordomo.Admin@gems1.gov.bc.ca>
|
|
