View Issue Details

IDProjectCategoryView StatusLast Update
0000056websitewebsitepublic2003-12-06 05:10
Reporterlance@uklinux.net 
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformOtherOSotherOS Version
Product Versionunspecified 
Target VersionFixed in Version 
Summary0000056: mailman archives readable
Descriptionmailman private archives are visible in web browser .

http://www.caosity.org/pipermail/caos.mbox/caos.mbox

I came across this whilst doing a google search, this apparently is used
(abused) by email spam harvesters.

I intend to set .mbox as a non renderable file type in apache config if that is
agreed .....
TagsNo tags attached.

Activities

herrold

herrold

2003-12-05 17:58

reporter   ~0000216

Last edited: 1970-01-01 00:00

concur
lance@uklinux.net

lance@uklinux.net

2003-12-06 00:10

reporter   ~0000217

Last edited: 1970-01-01 00:00

Done :-

<Directory /var/mailman/archives>
        Options +FollowSymlinks
                                                                               
                                                                           
<FilesMatch "\.mbox">
        Order allow,deny
        Deny from all
</FilesMatch>
                                                                               
                                            </Directory>

That should be proposed as a patch to mailman ....

Issue History

Date Modified Username Field Change
2003-12-06 00:10 lance@uklinux.net Status NEW => RESOLVED
2003-12-06 00:10 lance@uklinux.net Resolution => FIXED