Majordomo-Users: Re: majordomo, sendmail 8.12, and aliases issues

Majordomo-Users
(March 2005)

Indexed By Thread: [Previous] [Next]

Subject:	Re: majordomo, sendmail 8.12, and aliases issues
From:	Chip Old <fold @ bcpl . net>
Date:	Mon, 14 Mar 2005 21:14:54 -0500 (EST)
To:	MAJORDOMO-USERS <majordomo-users @ greatcircle . com>
In-reply-to:	<Pine.LNX.4.44.0503142049050.9992-100000@lexiconn.serverhost.net>
References:	<Pine.LNX.4.44.0503142049050.9992-100000@lexiconn.serverhost.net>

On Mon, 14 Mar 2005 20:52 -0500, Rob Mangiafico wrote to 'MAJORDOMO-USERS':

> This has the ramification of allowing anyone from the outside world to
> post directly to the list-outgoing alias at the hostname though. So, we
> are back to security by obscurity, or reverting to the "-Am" method of
> forcing local delivery by majordomo to get around this issue. This would
> allow us to have a "@hostname" entry for the virtusertable to prevent the
> outside world from posting directly to the outgoing alias.

No need for that.  There is a standard solution that works with sendmail 
on most platforms. In virtusertable, add an entry like this for each of 
your lists:

listname-out@yourdomain.com	error:nouser User unknown

Of course substitute the actual list name for "listname" and your actual 
domain name for "yourdomain.com".  This causes sendmail to reject messages 
sent to the listname-out address, but doesn't prevent the alias from 
working.

Earlier you posted this snippet of a typical set of list aliases:

listname: "|/usr/local/majordomo/wrapper resend -l
     listname listname-out"
listname-out: :include:/usr/local/majordomo/lists/listname

If you want to obscure listname-out even more, change it to this:

listname: "|/usr/local/majordomo/wrapper resend -l
     listname listname-out, nobody"
listname-out: :include:/usr/local/majordomo/lists/listname

Adding another username to the right-hand side of the alias prevents 
listname-out from appearing in outgoing message headers.

And if that still isn't enough, make it difficult to guess the 
listname-out address by changing it to something completely different, 
like this:

listname: "|/usr/local/majordomo/wrapper resend -l
     listname qkbtpszyoup, nobody"
qkbtpszyoup: :include:/usr/local/majordomo/lists/listname

If you do something like that, be sure to alter the virtusertable entries 
accordingly, e.g:

qkbtpszyoup@yourdomain.com	error:nouser User unknown

-- 
Chip Old (Francis E. Old)             E-Mail:  fold@bcpl.net
BCPL Network Administrator            Phone:   410-887-6180
BCPL.NET Internet Services Manager    FAX:     410-887-2091
320 York Road
Towson, MD 21204-5179  USA

References:

Re: majordomo, sendmail 8.12, and aliases issues
From: Rob Mangiafico <rmang@lexiconn.com>

Indexed By Date	Previous:	Re: majordomo, sendmail 8.12, and aliases issues From: Rob Mangiafico <rmang@lexiconn.com>
Indexed By Date	Next:	Subject is appended (RE: RE: RE) From: "Goran Tornqvist" <goran@goran.aleborg.se>
Indexed By Thread	Previous:	Re: majordomo, sendmail 8.12, and aliases issues From: Rob Mangiafico <rmang@lexiconn.com>
Indexed By Thread	Next:	sendmail bounces. Please help. I am so close I can taste it! From: ebay2@readynote.com