[Mailman-Users] Mailman "host_name" security issue?

Jens Benecke jens at spamfreemail.de
Sat Aug 6 14:46:14 CEST 2005


I haven't found this at Google so maybe nobody has thought about it yet.

I use Postfix with postfix-to-mailman.py and no alias setup. I also use
several domains. Some of them are in the mailman transport table and only
used for mailing lists. (whatever at lists.domain.foo)

If you have some domains used by lists, and some used for normal email, what
happens if you have

        a mailinglist called    abc at lists.domain.com
        an user account called  abc at domain.com

and the list admin changes "host_name" from lists.domain.com to domain.com?

I would suspect all mail to whatever at domain.com to bounce, and mail to
abc at domain.com to be delivered to the list, instead of the user.

Am I correct? If not, is this a security issue at all?

Jens Benecke (jens at spamfreemail.de)
http://www.hitchhikers.de - Europaweite kostenlose Mitfahrzentrale
http://www.spamfreemail.de - 100% saubere Postfächer - garantiert!
http://www.rb-hosting.de - PHP ab 9? - SSH ab 19? - günstiger Traffic
Please DO NOT CC: me, I read the lists and newsgroups I post in!

More information about the Mailman-Users mailing list