Virus on the list [Was: Re: Thanks :)]
Laurence
ljng at hbbs.org
Sat Oct 30 00:14:39 CEST 2004
David Relson wrote:
>
> The mail server is running postfix, procmail, and mailman. Either
> mailman is vulnerable to spoofed addresses or it's configured wrong.
AIUI (and I could very well be wrong!) MailMan doesn't do any other
verification other than checking that the sender's address is in the member
list. Not sure what else it could do... opening an SMTP connection back to
the domain is pointless as it almost certainly exists as it's on the member
list. Checking that the domain matches the server that's sending it will
break anyone that's relaying...
> If anybody has suggestions on hardening the delivery environment to
> avoid this happening again, feel free to contact me.
I'm not running the same version of MailMan as you, but my (older) version
has an "anonymous_list (privacy): Hide the sender of a message, replacing it
with the list address (Removes From, Sender and Reply-To fields)" setting.
Not sure that's particularly pleasant though.
I noticed in the past that some crafty people had worked out where MailMan
stores the .mbox files that it generates the archives from (email addresses
in these aren't obfuscated in any way) and were downloading these directly
from my server - I assume to scan for valid addresses. The .mbox files
weren't linked to on any public pages, but the default permissions made them
accessible. IIRC chmoding them o-r stopped them being world accessible.
I'm running the free Linux virus checker from www.bitdefender.com on my
server - that was what filtered this virus. Maybe the input to the list
could be filtered via a copy of that?
> Needless to say, I am rather embarrassed that it was _my_ address that
> was spoofed and deeply regret that this happened.
*shrug* It happens.
Laurence
More information about the Bogofilter
mailing list