[Exim] Re: Re: Restricting Aliases for Majordomo Lists

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Derrick 'dman' Hudson
Dátum:  
Címzett: exim-users
Tárgy: [Exim] Re: Re: Restricting Aliases for Majordomo Lists
--
On Sun, Jun 16, 2002 at 02:08:21AM -0500, Cory Daehn wrote:

| I sent the headers in a previous message...


Sorry, I must have missed them.

| -----Original Message Full Headers-----

<snipped>
| Received: from majordomo by landau.labnet.com with local (Exim 3.22 #1
| (Red Hat Linux))
|     id 17I1Fc-0006ti-00
|     for <1023882439@???>; Wed, 12 Jun 2002 01:05:00 -0500


I see.

This isn't a real problem. No one can send messages to that address,
except for the 'majordom' user on localhost. Regardless of whether or
not the address is publicized like this you should have that
restriction in place. It is easy enough to do with exim4's acls, I
don't know about exim 3. If you don't have such a restriction in
place, anyone can bypass majordomo and spam all the list members if
they find out that magic address.

There are 2 ways that I know of to prevent that info from being shared
in the first place.

    1)  Send the messages with more than one recipient.  The "for
        <so-and-so>" message is only included if the message has one
        recipient to be as informative as possible for tracking
        problems in situations where that doesn't result in unwanted
        information disclosure.  (I believe this is discussed in RFCs
        821/2821)  The MTA sees that the message is only going to 1
        "person", so it is safe to tell them that the message was
        addressed to them.  You could create a "devnull" address and
        tell majordomo to deliver messages to it too.


    2)  Change the value of $received_header_text to not include that
        information.


Regardless of whether or not you share that address, you should
restrict access to it.

| > Who knows, exim 4 may compile easier. Another pro for moving
| > to exim 4 now is you won't have to re-learn some things later
| > since you'll be starting out with the current stuff.

|
| okay, I'll download & compile it... who knows, maybe it'll work. Only
| problem is, like I said before, I don't like using non-RPM packages (eg
| tarballs) since they seem to break a lot of stuff in RPM-based distros.
| That plus a lot of programmers still haven't adopted the standard file
| hierarchy


I know what you mean and I agree with you.  exim is good in this
aspect.  (though I've never tried 'make install' to see what it does)
Here's how I manage it on my system :
    1)  Install package (this happened ages ago), this sets up the
        necessary infrastructure including /var/spool/exim and
        provides an initscript.


    2)  Remove package and install an "equivs" package to satisfy
        dependencies.  Keep the initscript handy, though.


    3)  build exim


    4)  # cd /usr/local/sbin
        # VER=4.05 ./exim_install.sh copy
        # cd /usr/sbin
        # VER=4.05 /usr/local/sbin/exim_install.sh link


That exim_install.sh is a shell script I wrote to automate the
install (my way). It really is quite simple,
http://dman.ddts.net/~dman/software/exim/exim_install.sh. Adjust the
path for your setup.

| > He who finds a wife finds what is good
| > and receives favor from the Lord.
| >         Proverbs 18:22

|
| No thank you, not interested in wives now or anytime in the
| forseeable future.


Marriage is not for everyone, but is a blessing for those who can
receive it (but not one I have received yet). I Cor 7:7 , Mt. 19:10-12.

-D

--

                          Your mouse has moved.
       You must restart Windows for your changes to take effect.


http://dman.ddts.net/~dman/

--
[ Content of type application/pgp-signature deleted ]
--