Date: Mon, 14 Apr 2003 15:59:07 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: questions@freebsd.org Subject: Re: mail to all users on a system (from root) Message-ID: <20030414145907.GA36130@happy-idiot-talk.infracaninophi> In-Reply-To: <200304141013.H3EADIOJ071574@asarian-host.net> References: <20030414091614.GA33194@happy-idiot-talk.infracaninophi> <200304141013.H3EADIOJ071574@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 14, 2003 at 10:13:18AM +0000, Mark wrote:
> ----- Original Message -----
> From: "Matthew Seaman" <m.seaman@infracaninophile.co.uk>
> To: "Mike Meyer" <mwm@mired.org>
> Cc: <questions@freebsd.org>
> Sent: Monday, April 14, 2003 11:17 AM
> Subject: Re: mail to all users on a system (from root)
>
>
> ... set up an alias that includes that list in /etc/mail/aliases:
>
> everybody: :include: /etc/mail/everybody.list
>
> And what will you do if a spam hits that address? Then that spam multiplies
> by an order of magnitude! Would it not be beautiful if you could say
> something thing like,
>
> everybody: :include:root /etc/mail/everybody.list ?
>
> I mean, aliases that can only be invoked by a specific user. Come to think
> of it, for all purposes and intent, "chmod 600 /etc/mail/everybody.list" (as
> user that will use the alias) will probably yield the desired effect.
Uh, buy the time that the mail system gets to read the alias file it's
already running as the mailnull UID. If you're going to have a mail
alias that expands to all users, then it doesn't really matter how you
do it: it's still a risk that it could get spammed. The way you'ld
protect against that is specific to the MTA you're using, but with
sendmail you could use the access DB (/etc/mail/access) to prevent any
external sender sending to the 'everybody' alias.
From:local-domain.com OK
To:everyone@local-domain.com REJECT
[You might need FEATURE(`blacklist_recipients') in your `hostname`.mc
file for that to work...] See the section "Finer control by using tags
for the LHS of the access map" in /usr/share/sendmail/cf/README for
details.
If you want finer grained control that that, you'll have to start
crafting up some custom 'Local_check_mail' rulesets, but that's
definitely for advanced users only.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030414145907.GA36130>