Great Circle Associates List-Managers
(September 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Turning off EXPN (and VRFY) for Majordomo security concern
From: John R Levine <johnl @ iecc . com>
Date: Mon, 30 Sep 1996 12:42:39 -0400 (EDT)
To: Brock Rozen <brozen @ webdreams . com>
Cc: majordomo-users @ greatcircle . com, majordomo-workers @ greatcircle . com, list-managers @ greatcircle . com
In-reply-to: <324FE33D . 44C1 @ webdreams . com>

> Does anybody know how I can turn EXPN (and VRFY) off on sendmail so that
> I don't run into security problems with majordomo? (Using EXPN on
> listname-outgoing to get the subscription list)

It's a compile time parameter, easy enough if you have source.

If not, you can achieve a small amount of security through obscurity by
calling the outgoing list listname-qwkjwdfkjddksdf rather than
listname-outgoing.  The headers will just show "To: listname @
 yourhost" in
most cases, so there's no straightforward way to guess the list's true
name. 

Regards,
John Levine, johnl @
 iecc .
 com, Trumansburg NY
Primary Perpetrator of "The Internet for Dummies"
and Information Superhighwayman wanna-be



References:
Indexed By Date Previous: sick of SPAM comic ...
From: Jennifer Joy <jjoy @ risc . sps . mot . com>
Next: Re:spam list exists -- stop the spam alerts!!
From: Charles McKenzie <charlesm @ cs . wisc . edu>
Indexed By Thread Previous: Re: Turning off EXPN (and VRFY) for Majordomo security concern
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>
Next: Re: Turning off EXPN (and VRFY) for Majordomo security concern
From: Dave Wolfe <dwolfe @ risc . sps . mot . com>

Google
 
Search Internet Search www.greatcircle.com