|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Matthias Andree (ma_at_dt.e-technik.uni-dortmund.de)
Date: Tue Oct 01 2002 - 16:31:50 CDT
On Tue, 01 Oct 2002, Pablo Fernández wrote:
> I'm using Postfix 1.1.11 in two of my servers. I don't know how, an external user to my company had the possibility to see my aliases list in both servers, discovering an alias called 'envio_newsletter_1510' and 'mylist-outbound'. (both includes a file with 15000 email addresses.)
>
> The unknown remote user sent SPAM to that alias using 'envio_newsletter_1510' in the field 'To:' of the message header, leaving discovered that address to each one of these 15000 recipients.
>
> Is this a Postfix's bug? I mean, how would an external user be able to see my aliases file?
It's probably not Postfix.
Check ALL services on the computer. Misconfigured web or ftp servers,
weak passwords for user accounts and world-readable aliases file, these
are common pitfalls.
-- Matthias Andree - To unsubscribe, send mail to majordomopostfix.org with content (not subject): unsubscribe postfix-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]