Date: Sun, 11 Feb 2001 05:57:16 -0800 From: Peter Wemm <peter@netplex.com.au> To: "Drew Derbyshire" <software@kew.com> Cc: chat@FreeBSD.ORG Subject: Re: FreeBSD Postfix and Majordomo security (was FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE) Message-ID: <200102111357.f1BDvGU36876@mobile.wemm.org> In-Reply-To: <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Drew Derbyshire" wrote: > (Headers rigged to move follow ups to -chat ...) > > Since the FreeBSD site runs postfix, the fix to block external postings to > the announce list is a Postfix FAQ, using a regular expression filter. Ha! We've already been there and have gone way beyond that, is you are referring to the -outgoing aliases. We do not use them, so your "fix" is not relevant. (We did use it for a while in january last year, but we solved it completely since then) The problem was that majordomo was trusting the 'envelope from' address and checking it off from a list of approved addresses. (argh!) Regarding spam, the thought just occurred to me that we can catch a lot of it by checking that the list name appears in a To: or CC: line somewhere. eg: If mail to -current does not have '.*current@freebsd.org' in the To: or CC: line (most spam has got fakeuser@hotmail.com or something), then bounce it. I suspect that would catch almost all of the spam that currently slips through the content filters. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102111357.f1BDvGU36876>