I'm using Postfix 1.1.11 in two of my servers. I don't know how, an external user to my company had the possibility to see my aliases list in both servers, discovering an alias called 'envio_newsletter_1510' and 'mylist-outbound'. (both includes a file with 15000 email addresses.)

The unknown remote user sent SPAM to that alias using 'envio_newsletter_1510' in the field 'To:' of the message header, leaving discovered that address to each one of these 15000 recipients.

This caused that each email replied to this alias was forwarded to the whole list causing an unstoppable loop..

Is this a Postfix's bug? I mean, how would an external user be able to see my aliases file?

Greetings,

Pablo.

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]