[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hebrew



Quoth Gaven Cohen on Mon, Apr 05, 1999:
> > BTW: does anybody know a way to prevent users sending to the "-out"
> > address directly? 
> 
> I came across this issue recently when sitting up a distribution list for
> an ISP here.  Because of how sendmail works (not being able to specify a
> file of intended recipients on command line) there's no way to fix this
> problem for packages which rely on this method.

It may be possible to do it with Exim mailer daemon (preventing
anyone except Majordomo to send to the -out address).  But I
haven't tried it.

> That's quite a disappointment in Majordomo's case, which while being (one
> of) the most popular list managing software out there, offers ZERO
> security to anyone intelligent enough to search through mailing list
> headers to find the outgoing mail alias.

Agreed.  Both Majordomo and Sendmail are guilty in this case.

> Solution?  Get decent list software...  as Vadik said, Listar has no such
> disadvantage.

Listar doesn't have any -out aliases.  When it wants to mail
something to the list, it just connects to the local mailer
daemon via SMTP (as opposed to Majordomo, which just runs
/usr/sbin/sendmail) and passes the recepient addresses to it by
many RCPT TO lines.

As I don't have a listar aliases file in text, just dbm (created
from the output of a perl script), I can't show you the aliases
for any list which are required for Listar to operate, but here
is the list of aliases for a generic Listar mailing list, taken
from the perl script mentioned above ($list is the name of the
list, $owner is the e-mail address of the owner, $LISTAR is the
location of Listar binary):

$list:                  "|$LISTAR -s $list"
$list-request:          "|$LISTAR -r $list"
$list-repost:           "|$LISTAR -a $list"
$list-admins:           "|$LISTAR -admins $list"
$list-moderators:       "|$LISTAR -moderators $list"
$list-bounce:           "|$LISTAR -bounce $list"
$list-owner:            $owner

The only place where the addresses of the subscribers (and
admins, moderators, etc.) are is some file in the Listar data
directory.  Chmod the directory 700, and nobody can read it.

> freelance sysadmin/programmer          linux, fantasy, female enthusiast

You must change the last word to read "professional".

Vadik.

P.S. Is it not nifty?  Worship the comic.

-- 
The reader this message encounters not failing to understand is
cursed.