>to anyone who tries to spam the server Not to anyone - only to your local users. But this will be changed.
Thomas Von: Scott MacLean <a...@hollsco.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 20.01.2010 04:23 Betreff: [Assp-test] Ack...publicizing email addresses! (v2) I just had an email from a user trying to send an email to 27 recipients, which was blocked (as it should have been). He received this error (addresses redacted): >5.7.1 too many recipients for sen...@email.com in 60 seconds - >please try again not before Jan-19-10 20:58:59 or send a >notification message to any of the follwing addresses: >admina...@email.com|admina...@email.com|admina...@email.com The error being given spews out the contents of the EmailAdmins parameter - a parameter which is supposed to be used to specify the addresses capable of adding/removing to/from various lists. I wasn't aware that the addresses in this parameter were going to be given out publicly in an error message to anyone who tries to spam the server! I had sensitive email addresses in this parameter, that weren't supposed to be public! Being that this parameter can also be set to things like "postmaster" or "@domain.com" I suspect this is not a correct usage of the parameter. Also, there's a spelling mistake - "follwing" should be "following". ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
