[Mailman-Users] List Security

Jon Parise jon at csh.rit.edu
Wed Oct 23 17:42:11 CEST 2002

On Wed, Oct 23, 2002 at 08:45:46AM +0200, Dan Richter wrote:

> I was using Majordomo, but I got scared off when I realized that anyone 
> could bypass the list posting restrictions by posting to the correct alias. 
> (The normal list alias processes, then redirects to a second alias which 
> blindly transmits.) The "blind forward" alias shows up in the headers, so I 
> can't even hide it from people. Please reassure me that Mailman does not 
> have this vulnerability!
It's quite easy to block inbound mail to majordomo's list exploder
address.  If you're using Postfix, just add something like the
following to a recipient access map:

/^(.*)-outgoing@(.*)$/!/^owner-.*/      550 Use recipient address ${1}@${2} instead.

I don't believe Mailman suffers from the same kind insecurity, though.

Jon Parise (jon at csh.rit.edu)  ::  http://www.csh.rit.edu/~jon/

More information about the Mailman-Users mailing list