On Fri, 16 Jun 2000, Jeffrey Goldberg wrote:
> On Jun 16, 2000 Marilyn Davis <marilyn@???> wrote:
>
> > Thanks Jeffrey and Phillip for the switch to set. So, my alias
> > director looks like:
> >
> > [...]
> >
> > Right?
>
> Right. I do the same for my majordomo lists, as it is possible to
> get syntax errors in there. (Not because majordomo is at fault, but
> because a list admin with the list password can manually subscribe a
> malformed address. I've done it myself.)
>
> > And I HUP the daemon. Or does it matter if I HUP the
> > daemon since the daemon shouldn't ever concern itself with sending
> > to a list?
>
> While you may not need to HUP the daemon, it is probably a good idea to
> have the daemon and the and locally called configurations in sync.
>
> Oh, and if you are concerned about attacks on majordomo lists (as you very
> well may be), let me make a few more recomendations:
>
> (1) Use the private aliase file scheme to protect the out-going aliases.
> That is far better than security through obscurity. The mechamism is
> described in a FAQ linked to from the exim FAQ regarding majordomo.
> This is a wonderful thing you can do with exim.
We don't hide the addresses of the list members. We don't hide
anything. We don't do anything illegal or promote anything illegal
and we believe in openness. If a public service isn't open, it's not
a "public" service. We are only concerned with denial-of-service
attacks, or attacks that cost me time to fix. Is this still necessary
for us? I'll read that FAQ again.
>
> (2) Log all mail to majordomo. Majordomo own logging is very meagre,
> Just add a file delivery into your alias file for majordomo and for
> all of the LIST-request addresses.
Good idea.
Thanks again.
Marilyn
>
> > And thank you, Peter for the newconfirm patch. I'll look into it.
>
> I just took a look at that. It seems to be a vast improvement on the
> standard majordomo system. I haven't (and probably won't unless I get
> another job involving majordomo) tested to see how it works against the
> most recent version of majordomo.
>
> (3) Definitely follow the majordomo-users list. Various security issues
> come up often.
>
> Best of luck (even though if I were a Mexican, I would be voting against
> those you support. So double check any security advice I give you).[1]
>
> Cheers,
>
> -j
>
> Note:
> [1] I hope that any followup to that last bit would take place off list.
> I've already contributed to one vaguely off-topic thread. I
> certainly don't want to spark a very off-topic one.
>
> --
> Jeffrey Goldberg
> Note: I am moving and changing many addresses, please see
> http://www.goldmark.org/jeff/contact.html
> Relativism is the triumph of convention over truth, authority over justice
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>