|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ralf Hildebrandt (Ralf.Hildebrandt_at_charite.de)
Date: Tue Oct 01 2002 - 13:46:01 CDT
On Tue, Oct 01, 2002 at 03:37:13PM -0300, Pablo Fern?ndez wrote:
> I'm using Postfix 1.1.11 in two of my servers. I don't know how, an
> external user to my company had the possibility to see my aliases
> list in both servers, discovering an alias called
> 'envio_newsletter_1510' and 'mylist-outbound'. (both includes a file
> with 15000 email addresses.)
>
> The unknown remote user sent SPAM to that alias using
> 'envio_newsletter_1510' in the field 'To:' of the message header,
> leaving discovered that address to each one of these 15000
> recipients.
>
> This caused that each email replied to this alias was forwarded to
> the whole list causing an unstoppable loop..
Excellent. And what did you learn from this?
[ ] I'm not supposed to leave lists unmoderated
[ ] I'm supposed to run large distribution lists through a mailing
list manager
[ ] I'm supposed to protect my lists as described in the FAQ
> Is this a Postfix's bug? I mean, how would an external user be able to see my aliases file?
That is a valid question. Maybe he received a legitimate mail via this
list and had a look at the headers? Do you have a webserver on that box?
-- Ralf Hildebrandt (Im Auftrag des Referat V a) Ralf.Hildebrandtcharite.de Charite Campus Mitte Tel. +49 (0)30-450 570-155 Referat V a - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 The three Rs of Microsoft support: Retry, Reboot, Reinstall.
- To unsubscribe, send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]