Great Circle Associates Majordomo-Users
(June 2006)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Security problem with 94.4
From: Bill Ott <billott @ theotts . org>
Date: Tue, 27 Jun 2006 08:42:54 -0400
To: Daniel Liston <dliston @ sonny . org>
Cc: majordomo-users @ greatcircle . com
In-reply-to: <44A0080B.1060000@sonny.org>
References: <449FD181.9080600@theotts.org> <44A0080B.1060000@sonny.org>
User-agent: Thunderbird 1.5.0.4 (Windows/20060516)

Daniel Liston wrote:
Bill Ott wrote:
I just discovered that even though my list is restricted to list member,
anyone can send mail to the list by appending "-list"to the end of the
list name. I know this is a config problem on my part but have found no
mention of the fix on the net. Any help is appreciated.  You can try it
at phonelist @
theotts .
org  as phonelist-list @
theotts .
org


If sendmail is your MTA, you can use the virtusertable to reject messages sent directly to your -list aliases.

phonelist-list @
theotts .
org	error:nouser User unknown

Virtusertable has to be enabled in the sendmail.cf, and you will need to use makemap to create a hash or db from the raw virtusertable for sendmail to recognize and use it.

It is also better to use some other (unknown, or at least not to popular)
extension to your list delivery aliases, and prevent sendmail from adding
the name of the alias to "Received:" lines by appending a comma "," or
",nobody" to your delivery alias too.  The latter assumes "nobody" to be
and alias to /dev/null.

Dan Liston

Thanks, Dan. It works great. One additional question. I tried "-list@" in virtusertable in the hopes that it would block the hole in all of my lists. It appears that sendmail treated it as the complete name so phonelist-list passed through. Can I use regexp to cover all of the lists?

--
Regards,
Bill Ott

Email: Mailto://billott @
theotts .
org
Website: http://www.theotts.org



Follow-Ups:
References:
Indexed By Date Previous: Re: Security problem with 94.4
From: Daniel Liston <dliston@sonny.org>
Next: Re: Security problem with 94.4
From: Daniel Liston <dliston@sonny.org>
Indexed By Thread Previous: Re: Security problem with 94.4
From: Daniel Liston <dliston@sonny.org>
Next: Re: Security problem with 94.4
From: Daniel Liston <dliston@sonny.org>

Google
 
Search Internet Search www.greatcircle.com