John,
> If one of the members of the mailing list has a virus, and the mailing list
> is configured to only allow posting from members of the list, then the virus
> has full access to send mail to the list and have it be accepted and
> processed.
The problem with the mentioned list address is, that not only subscribers to the list
are able to access it, but anyone. We tested it. But our actual list-configuration
should allow only one person to send mails to the subscribers of the list.
> However, this is not a problem for majordomo. This is a problem for
> the mail systems on both the client machines and the the server that
> has majordomo on it.
We think that it is a problem of Majordomo, because Majordomo creates and
configures the follow-up address in sendmail. It should by default implement the
same access rights and restrictions as for the original address for access of
Majordomo itself.
> If the client had virus protection systems in place, they would not
> get the virus.
Well, the very most of the servers, our subscribers are attached to, use virus filters.
That was one of the problems, because each one, that was fooled by the false
address of the virus mail, sent a "virus detected" notification "back" to the list.
Because there was no default user restriction to that address, these notifications
were sent to all subscribers.
> To be even more filtering, you can put sendmail filters to block executables.
> Or if you are list owner, you can create taboo descriptions which block
> executable attachments.
As I mentioned: the problem is not the filtering of executables, but the rights for
accessing the mail address. Majordomo doesn't configure it properly. If an extern
user would be refused to use this follow-up list address, no one would have to think
about executable and spam filters. If you know a way to configure it this way, I
would be delighted, if you'd could tell me. We were not able to find a satisfying
solution for it by now.
Best regards
Matthias Paetzold
Follow-Ups:
|
|
