From owner-freebsd-chat  Mon Dec  6 18:18:49 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from stumpy.dannyland.org (stumpy.dannyland.org [209.157.133.194])
	by hub.freebsd.org (Postfix) with ESMTP id 8172214C22
	for <chat@freebsd.org>; Mon,  6 Dec 1999 18:18:48 -0800 (PST)
	(envelope-from dannyman@stumpy.dannyland.org)
Received: by stumpy.dannyland.org (Postfix, from userid 1000)
	id 9F0733DDB; Mon,  6 Dec 1999 18:18:53 -0800 (PST)
Date: Mon, 6 Dec 1999 18:18:53 -0800
From: dannyman <dannyman@dannyland.org>
To: chat@freebsd.org
Subject: majordomo resend to alias security
Message-ID: <19991206181853.U37918@stumpy.dannyland.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95i
X-Loop: djhoward@uiuc.edu
X-URL: http://www.dannyland.org/~dannyman/
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

hrmmm, i'm mailing this list because i can't find a majordomo list that
appears to be active.

I want to have a periodic "announcement" mailing list.  It is, of course,
moderated.  Using majordomo and Postfix sems like a rockin' idea.  So I set it
up ... herein lies my conudrum ...

test-l: "|/usr/local/majordomo/wrapper resend -d -l test-l -h cronic.tellme.com test-l-outgoing"
test-l-outgoing::include:/usr/local/majordomo/lists/test-l

Now ... what in the heck is there to stop anyone from bypassing resend
and simply mailing the -outgoing list directly?  I tried and tried to
find some wisdom here, but to no avail.

So, I wondered to myself ... what about security through obscurity?  It
isn't like my system aliases are open to the public ... but they are ...
one must only subscribe to the list, check out Postfix' "Delivered-to:"
headers, and WHAM!  They have an instant avenue to bypass my moderation
and spam my members!

NOT cool.

I looked through my FreeBSD lists ... I don't see anything that looks
like an "outgoing" alias ... how is FreeBSD doing it?  Is anyone aware
of this problem, and knows the way around it?  Maybe I can get Postfix
to simply supress Delivered-to: ?

C'mon, I know somebody has wrestled with, and possibly overcome this
problem ... :)

TIA for any advice,
-danny

-- 
come.to/dannyman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message