We have a list where the list owner set the owner address to be the list's -admin address, which results in a loop.
When setting a list admin or owner there should be checks that disallow using special addresses:
-admin
-request
-bounce
-editor
-subscribe
-unsubscribe
+++ b/sympa-6.2.32/src/cgi//wwsympa.fcgi.in 2018-04-22 03:56:15.973309951 -0700
@@ -10457,6 +10457,26 @@
Sympa::WWW::Report::notice_report_web('subscribers_noticed_deleted_topics',
{}, $param->{'action'});
}
+ ## Checking that list owner address is not set to one of the special
+ ## addresses:
+ if (exists $changed{'owner'}) {
+ my $list = $param->{'list'};
+ my @special = ("$list-owner\@$robot",
+ "$list-editor\@$robot", "$list-owner\@$robot",
+ "$list-admin\@$robot", "$list-request\@$robot",
+ "$list-bounce\@$robot", "$list-subscribe\@$robot",
+ "$list-unsubscribe\@$robot");
+ foreach my $owner (@{$new_admin->{'owner'}}) {
+ if (grep (/^$owner->{'email'}$/, @special)) {
+ ## generate an error and return
+ &report::reject_report_web('user','incorrect_email',{'email'=>$owner->{'email'}},$param->{'action'},$list);
+ &wwslog('info','do_edit_list: Reserved email address %s', $owner->{'email'});
+ &web_db_log({'status' => 'error', 'error_type' => 'incorrect_email'}, 'parameters' => $owner->{'email'});
+ return undef;
+ }
+ }
+ }
+
# For changed owner/editor
_notify_added_admin($config);
#my $owner_update = 1