We have had a lot of calls and emails from people concerned about a recent malicious email (fake DHL parcel notification – see https://blog.bham.ac.uk/itsecurity/2017/04/04/malware-in-fake-dhl-parcel-notification/).
The messages were sent mainly to Majordomo mailing lists, so many people received multiple copies. It has become apparent that many list owners are not taking advantage of security features of lists that can be used to reduce spam and malicious email.
There are two types of control that can be used which are outlined below.
Majordomo controls
The configuration file contains the following options which can be set and will help to reduce the amount of unwanted email distributed to a list. All of these configuration options can be changed using the Majorcool interface (http://majorcool.bham.ac.uk/). All are documented within the Majorcool configuration options interface.
The most relevant options are as follows
moderate
This makes the list moderated so that the list owner (or an approved moderator) has to approve messages before they are distributed to the list. Nobody can post to the list without the message being approved.
restrict post
This allows posting to the list to be restricted to members of the list, or another set of people in another mailing list. All other list traffic is then sent to the owner (or moderator) for approval.
taboo headers
This allows filtering of messages – for example those tagged as potential spam to be filtered out. The following knowledge base article has more details.
https://universityofbirmingham.service-now.com/kb_view.do?sysparm_article=KB12472
taboo body
This operates in a similar way to taboo headers, but operates on the body of the message
Mailhub Security Controls
Many lists never need to receive email from outside the University. Any list can be set so that email from outside the University will automatically be rejected. If you are a list owner and you would like this to apply to any of your lists, please request this via the IT Service Desk – http://itservicedesk.bham.ac.uk.
Slight error in the guide above – to access the majorcool interface, use https://www.majorcool.bham.ac.uk rather than simply majorcool.bham.ac.uk
Thanks. The link should now work.
Simply “majorcool.bham.ac.uk” works for me?