[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Majordomo

To: [email protected]
Subject: Majordomo
From: Cyber City <[email protected]>
Date: Tue, 10 May 1994 03:05:33 -0400
Sender: [email protected]

I'm posting this from Toronto, and I have no direct knowledge of what
took the Cypherpunks list down, but here's my guess:

The CP list is run my "majordomo" [MJD], a group of Perl scripts.
According to the MJD docs:

"If you'd like a list with the absolute minimum of maintenance (but also
 a minimum of security), you could create an "auto" list.  All
 subscription or unsubscription requests will be honored without any
 input from the list owner.  For example, anyone could unsubscribe
 anyone else."

 - unsubscribe list [address]

 This unsubscribes the user (or "address") from "list".

This means that anyone could write a message to [email protected], with
the following message:

unsubscribe cypherpunks [email protected]
unsubscribe cypherpunks [email protected]
unsubscribe cypherpunks [email protected]

... and so on.  Forgery is unnecessary.

MJD permits the use of a password by which the list owner can approve
unsubscription requests, but Sendmail displays this password. See:

telnet toad.com 25
Trying 140.174.2.1...
Connected to toad.com.
220 toad.com Sendmail 4.1/Gnu-smail ready at Mon, 9 May 94 22:12:32 PDT
VRFY owner-cypherpunks
250 Eric Hughes <"|/u/hughes/.bin/procmail">
VRFY cypherpunks
250 <"|/u/majordom/bin/wrapper resend -p bulk \
                                      -l cypherpunks -f owner-cypherpunks \
                                      -h toad.com -s cypherpunks-outgoing">
                                   *** password would be displayed here ***
==== What it means ========================================================
  -l <list-name>       list name
  -h <host-name>       host name
  -f <from-addr>       "sender" (default <list-name>-request)
  -p <precedence>      add "Precedence: <precedence>" header
  -I <file-list>       Bounce messages from users not listed in file
                               in colon-separated <file-list> *
  -a <passwd>          approval password **
  -s                   enable "administrivia" checks

 * Note that majordomo postings can be limited to those on an approved
   list, but selected posters can not be excluded.  This is not
   appropriate for the Cypherpunk list, due to anonymous remailers,
   pseudonyms, etc.
** Note that if there WAS an approval password, it would be visible.


Fortunately, version 1.90 of MJD, which is now in beta, fixes this
problem by putting the passwords in a configuration file.  It is
available for ftp.GreatCircle.com.

What to do about abusive posters?  How about reversing the function of
the -I switch?

=== Here's the PERL code for option -I from 1.90 beta: ===============

if ( defined($opt_I) && defined($from) && ! defined($approved) ) {
    local($infile) = 0;
 
    @files = split (/[:\t\n]+/, $opt_I);
 
    foreach $file (@files) {
	if ($file !~ /^\//) {
	    $file = "$listdir/$file";
	}
        if ( open (LISTFD, "<${file}") != 0 ) {
	    @output = grep (&addr_match($from, $_), <LISTFD>);
            close (LISTFD);
   
            if ( $#output != -1 ) {
                $infile = 1;
                last;
            }
        } else {
	    die("resend: Can't open $file: $!");
	}
    }
 
    if ( $infile == 0 ) {
        &bounce ("Non-member submission from [$from]");
    }
}

=== Now, with minimal hacking, this can be reversed, so that if the user
=== name is in the list, the incoming post is bounced to the list owner,
=== who can approve it or junk it.


So here is a technological fix, where we don't have to go bothering
system administators if they have a troublesome user.

--
Alex Brock

Prev by Date: Re: Patents on RSA will expire soon....
Next by Date: Re: This is an abstract from a talk at Cornell University...
Prev by thread: Re: Patents on RSA will expire soon....
Next by thread: Party Announcement
Index(es):
- Date
- Thread