From owner-freebsd-chat Sun Feb 11 5:57:21 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mobile.wemm.org (c1315225-a.plstn1.sfba.home.com [65.0.135.147]) by hub.freebsd.org (Postfix) with ESMTP id 4B87537B401 for ; Sun, 11 Feb 2001 05:57:19 -0800 (PST) Received: from netplex.com.au (localhost [127.0.0.1]) by mobile.wemm.org (8.11.1/8.11.1) with ESMTP id f1BDvGU36876; Sun, 11 Feb 2001 05:57:16 -0800 (PST) (envelope-from peter@netplex.com.au) Message-Id: <200102111357.f1BDvGU36876@mobile.wemm.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: "Drew Derbyshire" Cc: chat@FreeBSD.ORG Subject: Re: FreeBSD Postfix and Majordomo security (was FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE) In-Reply-To: <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com> Date: Sun, 11 Feb 2001 05:57:16 -0800 From: Peter Wemm Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Drew Derbyshire" wrote: > (Headers rigged to move follow ups to -chat ...) > > Since the FreeBSD site runs postfix, the fix to block external postings to > the announce list is a Postfix FAQ, using a regular expression filter. Ha! We've already been there and have gone way beyond that, is you are referring to the -outgoing aliases. We do not use them, so your "fix" is not relevant. (We did use it for a while in january last year, but we solved it completely since then) The problem was that majordomo was trusting the 'envelope from' address and checking it off from a list of approved addresses. (argh!) Regarding spam, the thought just occurred to me that we can catch a lot of it by checking that the list name appears in a To: or CC: line somewhere. eg: If mail to -current does not have '.*current@freebsd.org' in the To: or CC: line (most spam has got fakeuser@hotmail.com or something), then bounce it. I suspect that would catch almost all of the spam that currently slips through the content filters. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message