I'm using sendmail on a small server and in addition to several users I have a few small email lists implemented in the aliases file. Is there any way to secure these aliases so that they can only be used by users with accounts on the machine already?

I'm getting a lot of external spam sent to the lists and I figure this is the easiest way to deal with it. 100% security isn't even necessary if I can stop most of the spam (i.e. causing sendmail to discard any mail sent to the lists that don't originate with the same domain name as the server would kill 99% of the spam since most of it doesn't have a spoofed email matching our server's domain name).

I'm using Debian Lenny if that matters.

Any specific reason not to use a mailing list tool like mailman (and of course there are others, mailman is just the one I have experience with)?

Things like only allowing members to post (which can be spoofed, of course, but still prevents most spam like you already wrote) is a standard feature in these tools. Along with other cool stuff like standard-mailinglist headers helping user-agents that are aware of that, or VERP to filter out abandoned addresses. Mailman integrates particularly nice into exim, but I don't know about sendmail (just hate this config-monster, sorry *g*)

1 members found this post helpful.