Date: Mon, 6 Dec 1999 18:18:53 -0800 From: dannyman <dannyman@dannyland.org> To: chat@freebsd.org Subject: majordomo resend to alias security Message-ID: <19991206181853.U37918@stumpy.dannyland.org>
next in thread | raw e-mail | index | archive | help
hrmmm, i'm mailing this list because i can't find a majordomo list that appears to be active. I want to have a periodic "announcement" mailing list. It is, of course, moderated. Using majordomo and Postfix sems like a rockin' idea. So I set it up ... herein lies my conudrum ... test-l: "|/usr/local/majordomo/wrapper resend -d -l test-l -h cronic.tellme.com test-l-outgoing" test-l-outgoing::include:/usr/local/majordomo/lists/test-l Now ... what in the heck is there to stop anyone from bypassing resend and simply mailing the -outgoing list directly? I tried and tried to find some wisdom here, but to no avail. So, I wondered to myself ... what about security through obscurity? It isn't like my system aliases are open to the public ... but they are ... one must only subscribe to the list, check out Postfix' "Delivered-to:" headers, and WHAM! They have an instant avenue to bypass my moderation and spam my members! NOT cool. I looked through my FreeBSD lists ... I don't see anything that looks like an "outgoing" alias ... how is FreeBSD doing it? Is anyone aware of this problem, and knows the way around it? Maybe I can get Postfix to simply supress Delivered-to: ? C'mon, I know somebody has wrestled with, and possibly overcome this problem ... :) TIA for any advice, -danny -- come.to/dannyman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991206181853.U37918>