MajorDomo Administrator, MSER:EX wrote:
> We noticed a bad security hole with our majordomo lists. It was brought to
> our attention by the list subscribers who were getting spoofed virus
> rejections. The rejections were going to the listname-outgoing address and
> therefore bypassing the requirement for moderation.
>
> Has anyone else had this problem and how did they patch it?
>
> a template of aliases file config
>
> owner-l_tk_testlist: l_tk_testlist-owner
> l_tk_testlist: "|/home/majordomo/wrapper resend -l l_tk_testlist -h
> listsserver.ca -f l_tk_testlist-owner l_tk_testlist-outgoing"
> l_tk_testlist-owner: me@myaddress
> l_tk_testlist-approval: l_tk_testlist-owner
> owner-l_tk_testlist-approval: l_tk_testlist-owner
> l_tk_testlist-outgoing: :include:/home/majordomo/lists/l_tk_testlist
> owner-l_tk_testlist-outgoing: l_tk_testlist-owner
>
> Thanks,
> Majordomo Support
> mailto:Majordomo.Admin@gems1.gov.bc.ca
>
Yes, many people have observed it.
And they've put the answer in the FAQ and the list archives.
Try those two locations and see if you can find it.
References:
-
security hole
From: "MajorDomo Administrator, MSER:EX" <Majordomo.Admin@gems1.gov.bc.ca>
|
|
