cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2276d3b230
openbsd-ports/mail/majordomo/patches/patch-sample_cf
dhartmei e97d74c80a Change default configuration options 
which_access open -> closed
  who_access open -> closed
  max_which_hits 0 -> 1

Those would allow a spammer to harvest all subscriber addresses
if not changed by the list admin. Reported on

http://online.securityfocus.com/archive/1/310113/2003-02-03/2003-02-09/0

Don't restrict the which arguments as the article suggests, though,
because with which_access list and max_which_hits 1, there's no
reason to destroy a useful command.
2003-02-06 19:30:18 +00:00

88 lines
3.3 KiB
Plaintext
Raw Blame History

--- sample.cf.orig Thu Feb 6 20:20:08 2003
+++ sample.cf Thu Feb 6 20:21:45 2003
@@ -27,7 +27,7 @@
# $listdir -- Where are the mailing lists?
#
-$listdir = "$homedir/lists";
+$listdir = "/var/spool/majordomo/lists";
# $digest_work_dir -- the parent directory for digest's queue area
# Each list must have a subdirectory under this directory in order for
@@ -35,18 +35,18 @@
# /usr/local/mail/digest/bblisa
# as its directory.
#
-$digest_work_dir = "/usr/local/mail/digest";
+$digest_work_dir = "/var/spool/majordomo/digests";
# $log -- Where do I write my log?
#
-$log = "$homedir/Log";
+$log = "/var/spool/majordomo/log";
# $sendmail_command -- Pathname to the sendmail program
# usually /usr/lib/sendmail, but some newer BSD systems
# seem to prefer /usr/sbin/sendmail
#
-$sendmail_command = "/usr/lib/sendmail";
-# $sendmail_command = "/usr/sbin/sendmail";
+# $sendmail_command = "/usr/lib/sendmail";
+$sendmail_command = "/usr/sbin/sendmail";
# $mailer -- What program and args do I use to send mail to the list?
# $bounce_mailer -- What is used to send mail anywhere else?
@@ -80,15 +80,15 @@
# high by uncommenting the following lines. THIS ONLY WORKS if your "uptime"
# command (usually found in /usr/bin/uptime or /usr/bsd/uptime)
# returns a string like:
-# 5:23pm up 5:51, 9 users, load average: 0.19, 0.25, 0.33
+# 5:23pm up 5:51, 9 users, load averages: 0.19, 0.25, 0.33
#
-#$max_loadavg = 10; # Choose the maximum allowed load
+$max_loadavg = 10; # Choose the maximum allowed load
#
-#$uptime = `/usr/bin/uptime` if -x '/usr/bin/uptime'; # Get system uptime
+$uptime = `/usr/bin/uptime` if -x '/usr/bin/uptime'; # Get system uptime
#$uptime = `/usr/bsd/uptime` if -x '/usr/bsd/uptime'; # or uptime is over here.
#
#($avg_1_minute, $avg_5_minutes, $avg_15_minutes) =
-# $uptime =~ /average:\s+(\S+),\s+(\S+),\s+(\S+)/;
+# $uptime =~ /averages:\s+(\S+),\s+(\S+),\s+(\S+)/;
#
#exit 75 if ($avg_15_minutes >= $max_loadavg); # E_TEMPFAIL
#
@@ -164,13 +164,18 @@
# number of hits that are allowed using which before an error is returned.
# Arguably this should be a per list settable number.
#
-$max_which_hits = 0;
+# Setting the value to 0 disables the limit. Note that spammmers
+# could try to harvest your subscriber's addresses by sending a
+# broad which command. Compare with which_access and who_access
+# list configuration option.
+#
+$max_which_hits = 1;
# Set the umask for the process. Used to set default file status for
# config file.
#
-umask(007);
-$config_umask = 007;
+umask(037);
+$config_umask = 037;
# don't change this. It checks to make sure that you have a new enough
# version of perl to run majordomo. It is in here because this file is
@@ -188,9 +193,8 @@
# Directory where resend temporarily puts its rewritten output message.
# For the paranoid, this could be changed to a directory that only
# majordomo has r/w permission to.
-# Uses the environment variable TMPDIR, since that's pretty common
#
-$TMPDIR = $ENV{'TMPDIR'} || "/usr/tmp";
+$TMPDIR = "/var/spool/majordomo/tmp";
# Tune how long set_lock tries to obtain a lock before giving up. Each
# attempt waits 1 to 10 seconds before trying again and waittime is
Reference in New Issue View Git Blame Copy Permalink