[Exim] Re: Re: Restricting Aliases for Majordomo Lists

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Derrick 'dman' Hudson
Data:  
Para: exim-users
Asunto: [Exim] Re: Re: Restricting Aliases for Majordomo Lists
--
On Fri, Jun 14, 2002 at 05:26:46PM -0400, Greg Ward wrote:
| On 14 June 2002, Derrick 'dman' Hudson said:
| > One solution is to use a MLM that doesn't require a separate "alias"
| > to route messages to the recipients (eg mailman).

|
| I've never tried it, but I don't see any reason why Mailman wouldn't
| also be vulnerable to forging the address of senders allowed to post.


I don't see why not either (unless gpg signature verification is
done), but with the alias method majordomo uses, you can bypass
majordomo entirely.

| However, MM would let him make this a moderated list -- which is
| probably a very good idea for a low-traffic newsletter with thousands of
| recipients; you have to give the message a final look before it goes out
| to all those thousands of people. And no big deal if someone forges the
| sender address -- you just don't approve their virus/spam/whatever.


Right. Since mailman doesn't have the alias-bypass hole there isn't a
way for a user, malicious person, or worm to simply bypass whatever
sanity checks you (the admin) put in place.

-D

--

The crucible for silver and the furnace for gold,
but the Lord tests the heart.
        Proverbs 17:3


http://dman.ddts.net/~dman/

--
[ Content of type application/pgp-signature deleted ]
--