Great Circle Associates Majordomo-Users
(March 2004) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: security hole (not)
From: ddewey @ cyberthugs . com (David L. Dewey)
Date: Tue, 30 Mar 2004 15:20:54 -0500
To: Majordomo-Users @ greatcircle . com
In-reply-to: <4067B97C.6040406@sonny.org>
References: <78C662A57529A14FAD49FC8819F5E2D40F6CE106@swan.bcsc.gov.bc.ca> <4067B97C.6040406@sonny.org>
User-agent: Mutt/1.5.4i 
Quoting Daniel Liston (dliston@sonny.org):

> There is a way to block or prevent an address from reaching the
> /etc/aliases file at the MTA (sendmail) level with virtusertable
> magic.
> 
> 1.  Make sure sendmail "trusts" majordomo.
> 2.  Use an alias other than -outgoing or -list for your :include:
> 3.  Use arguments to wrapper in an "@file" or via the <list>.config
> 4.  Block access to your distribution alias via virtusertable

FYI, I've recently found that blocking acessing to the
distribution alias can result in blacklisting by itself. For
example, when I implemented this using Postfix, with a
'reject' for mail sent to that alias, Verizon blocked all
mail from my server.  Apparently when receiving incoming
mail, Verizon tests back to make sure the 'from' address is
valid before accepting it.  The mta block on the
distribution alias was enough to ensure that all mail from
my majordomo server was rejected.  Eliminating the block got
mail flowing again immediately.

dave
Follow-Ups:
References:
Indexed By Date Previous: Re: Wholesale blacklisting by AHBL
From: John Sechrest <sechrest@peak.org>
Next: Re: security hole (not)
From: "Roger B.A. Klorese" <rogerk@queernet.org>
Indexed By Thread Previous: Re: security hole (not)
From: Daniel Liston <dliston@sonny.org>
Next: Re: security hole (not)
From: "Roger B.A. Klorese" <rogerk@queernet.org>
Google
 
Search Internet Search www.greatcircle.com