MajorDomo Administrator, MSER:EX wrote:
> We noticed a bad security hole with our majordomo lists. It was brought to
> our attention by the list subscribers who were getting spoofed virus
> rejections. The rejections were going to the listname-outgoing address and
> therefore bypassing the requirement for moderation.
> Has anyone else had this problem and how did they patch it?
> a template of aliases file config
> owner-l_tk_testlist: l_tk_testlist-owner
> l_tk_testlist: "|/home/majordomo/wrapper resend -l l_tk_testlist -h
> listsserver.ca -f l_tk_testlist-owner l_tk_testlist-outgoing"
> l_tk_testlist-owner: me@myaddress
> l_tk_testlist-approval: l_tk_testlist-owner
> owner-l_tk_testlist-approval: l_tk_testlist-owner
> l_tk_testlist-outgoing: :include:/home/majordomo/lists/l_tk_testlist
> owner-l_tk_testlist-outgoing: l_tk_testlist-owner
> Majordomo Support
Yes, many people have observed it.
And they've put the answer in the FAQ and the list archives.
Try those two locations and see if you can find it.
From: "MajorDomo Administrator, MSER:EX" <Majordomo.Admin@gems1.gov.bc.ca>