procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Preventing malicious subscriptions to mailing lists

1997-04-07 05:34:00
from [Stephane Bortzmeyer] [Permanent Link] 

Several mail addresses have been recently the subject of an attack by 
forged subscriptions to huge mailing lists (all these mail addresses are 
announced on anti-racist and/or anti-fascist Web servers, so the purpose 
is probably political).

I suggest the following procmail recipe to avoid any subscription. The 
only drawback is that it prevents any subscription, even legitimate, to 
mailing lists.

I have two questions about that recipe:

1) Do you think it is the appropriate technical response?

2) If I set EXITCODE to 77, the mail messages from the mailing list will 
bounce, leading to unsubscription (which is the aim). But sendmail 8.8.5, 
in its error message, expands the alias, which I don't want. In the mean 
time, I use an EXITCODE of 0 and swallows silently the message. Does 
anyone know how to tell sendmail *never* to reveal the alias?


Aliases file (\ for clarity only):

webmaster: "| /usr/local/bin/procmail \
        /usr/local/mail/procmailrcs/nolist -m \
            ADDRESS=webmaster(_at_)me(_dot_)org \
            REALDESTINATION=author1,author2,author3"

"nolist" script:



# procmail script to deny mail to an address if it doesn't appear in the
# headers. Purpose: to be sure some addresses will not be flooded by 
messages
# from mailing lists. Reason: subscribing an address to many mailing lists
# has been used by crackers to harass people. Side effect: no subscription
# to any mailing list will be possible.

# How does it work? It looks in the headers to see if the address appears.
# If not, it is for a mailing list. We bounce, hoping to be unsubscribed
# soon.

# Modus operandi:
# procmail ThisFile -m ADDRESS=YourAddress REALDESTINATION=Recipients

# Author: Stephane Bortzmeyer <bortzmeyer(_at_)globenet(_dot_)org>


VERBOSE=no

# Warning: the regular expression below *needs* procmail 3.11 or more.
# You can change it to '* $ ^TO$ADDRESS' but it will not be as sharp.
:0
* $ ^TO_$ADDRESS\>
! $REALDESTINATION

:0
{

        # See sendmail source, src/sysexits.h, for a list of exit codes.
        # Warning: sendmail will reply with a message containing the 
expansion
        # of the alias :-( Set EXITCODE to 0 to avoid this (but in that 
case,
        # messages will continue to arrive).

        #EXITCODE=77
        EXITCODE=0

        :0
        /dev/null

}
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: procmail bug report, era eriksson
Next by Date:  thwarting email spam with usenet origins, Jason R. Mastaler
Previous by Thread:  unsubscribe procmail, Rob Perelman
Next by Thread:  Re: Preventing malicious subscriptions to mailing lists, era eriksson
Indexes:  [Date] [Thread] [Top] [All Lists]