On Wed, Oct 23, 2002 at 08:45:46AM +0200, Dan Richter wrote:
> I was using Majordomo, but I got scared off when I realized that anyone
> could bypass the list posting restrictions by posting to the correct alias.
> (The normal list alias processes, then redirects to a second alias which
> blindly transmits.) The "blind forward" alias shows up in the headers, so I
> can't even hide it from people. Please reassure me that Mailman does not
> have this vulnerability!
It's quite easy to block inbound mail to majordomo's list exploder
address. If you're using Postfix, just add something like the
following to a recipient access map:
/^(.*)-outgoing@(.*)$/!/^owner-.*/ 550 Use recipient address ${1}@${2} instead.
I don't believe Mailman suffers from the same kind insecurity, though.
--
Jon Parise ([EMAIL PROTECTED]) :: http://www.csh.rit.edu/~jon/
------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
