0000056: mailman archives readable

ID	Project	Category	View Status	Date Submitted	Last Update

0000056	website	website	public	2003-12-05 03:35	2003-12-06 05:10

Reporter	lance@uklinux.net
Priority	low	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Platform	Other	OS	other	OS Version
Product Version	unspecified
Target Version		Fixed in Version

Summary	0000056: mailman archives readable
Description	mailman private archives are visible in web browser . http://www.caosity.org/pipermail/caos.mbox/caos.mbox I came across this whilst doing a google search, this apparently is used (abused) by email spam harvesters. I intend to set .mbox as a non renderable file type in apache config if that is agreed .....
Tags	No tags attached.

herrold 2003-12-05 17:58 reporter ~0000216 Last edited: 1970-01-01 00:00	concur

lance@uklinux.net 2003-12-06 00:10 reporter ~0000217 Last edited: 1970-01-01 00:00	Done :- <Directory /var/mailman/archives> Options +FollowSymlinks <FilesMatch "\.mbox"> Order allow,deny Deny from all </FilesMatch> </Directory> That should be proposed as a patch to mailman ....

Date Modified	Username	Field	Change
2003-12-06 00:10	lance@uklinux.net	Status	NEW => RESOLVED
2003-12-06 00:10	lance@uklinux.net	Resolution	=> FIXED