Strange email?
James Wilkinson
james at westexe.demon.co.uk
Tue Mar 1 17:37:39 UTC 2005
Gene Heskett wrote:
> I've not setup mailman to do anything, didn't even know it was
> installed, (everything else apparently is using sendmail) but having
> it suddenly decide to mail me my passwords would appear to be one
> hell of a security breach.
David Hoffman has given you a very good answer. But I'd like to clarify
this:
mailman is not a Mail Transfer Agent (MTA). Mailman is mailing list
software: it's actually the mailing list software that runs this list.
It uses sendmail like everything else (unless you're one of those
weirdos who runs Postfix or Exim, of course [1]).
It has a separate administrator password to the system on which it runs.
And that's what it's e-mailing you: in just the same way as, by default,
you'll get a monthly reminder of your Fedora List membership details.
[2] I imagine that it's just been set to the same password as your root
password or personal password.
The Unix root password should not be stored anywhere in a form which can
be turned into plain-text [3].
James.
[1] See e-mail headers to work out what I run...
[2] In case umpteen hundred e-mails a month weren't enough to remind you
that you were on a mailing list.
[3] Unless you try every imaginable password until you find one that
fits...
--
James Wilkinson | Power corrupts, PowerPoint corrupts absolutely.
Exeter Devon UK | -- Vint Cerf
E-mail address: james |
@westexe.demon.co.uk |
More information about the fedora-list
mailing list