Brock Rozen wrote:
>
> On Mon, 13 Dec 1999 at 12:11, Oliver Xymoron wrote about "Re: More issues,...":
>
> > > I thought sendmail's expanding owner- addresses *was* the reason for the
> > > comma.
> >
> > I'm not sure what the problem you're pointing to is. Is it that people can
> > do an EXPN remotely?
>
> I think that's exactly what's being discussed here. And I know this goes
> back to mj 1.9x and the security issue with the -outgoing aliases and not
> wanting people to see them, or whatever.
>
> The trailing comma was supposed to help out, but it never did for me
> then.
As I remember it, the comma supresses the -outgoing alias from the
message headers making it "impossible" for someone outside to
email the list by bypassing the list alias and going straight to the
outgoing alias instead since they can't see what the alias is.
When I was setting up majordomo here that's what I did, and it worked
for
me.
George
>
> But given that sendmail allows people to turn off VRFY or EXPN very
> easily, this shouldn't be a Majordomo issue but an MTA/MDA issue. We
> shouldn't have to compensate for those that decide to leave it turned on
> (it's simply their choice) or for those that decide to turn it off -- let
> them decide how they want to do it. Nothing more than a comment in the
> docs should be necessary.
>
> --
> Brock Rozen brozen@torah.org
> Director of Technical Services (410) 602-1350
> Project Genesis http://www.torah.org/
--
George.Lindholm@ubc.ca ITServices, UBC
Programmer/Analyst
phone: 604.822.4375 fax: 604.822.5116
Follow-Ups:
References:
|
|
