Majordomo

Cyber City cyber1 at r-node.io.org
Tue May 10 00:05:44 PDT 1994


I'm posting this from Toronto, and I have no direct knowledge of what
took the Cypherpunks list down, but here's my guess:

The CP list is run my "majordomo" [MJD], a group of Perl scripts.
According to the MJD docs:

"If you'd like a list with the absolute minimum of maintenance (but also
 a minimum of security), you could create an "auto" list.  All
 subscription or unsubscription requests will be honored without any
 input from the list owner.  For example, anyone could unsubscribe
 anyone else."

 - unsubscribe list [address]

 This unsubscribes the user (or "address") from "list".

This means that anyone could write a message to majordomo at toad.com, with
the following message:

unsubscribe cypherpunks user1 at some.org
unsubscribe cypherpunks user2 at some.org
unsubscribe cypherpunks user3 at some.org

... and so on.  Forgery is unnecessary.

MJD permits the use of a password by which the list owner can approve
unsubscription requests, but Sendmail displays this password. See:

telnet toad.com 25
Trying 140.174.2.1...
Connected to toad.com.
220 toad.com Sendmail 4.1/Gnu-smail ready at Mon, 9 May 94 22:12:32 PDT
VRFY owner-cypherpunks
250 Eric Hughes <"|/u/hughes/.bin/procmail">
VRFY cypherpunks
250 <"|/u/majordom/bin/wrapper resend -p bulk \
                                      -l cypherpunks -f owner-cypherpunks \
                                      -h toad.com -s cypherpunks-outgoing">
                                   *** password would be displayed here ***
==== What it means ========================================================
  -l <list-name>       list name
  -h <host-name>       host name
  -f <from-addr>       "sender" (default <list-name>-request)
  -p <precedence>      add "Precedence: <precedence>" header
  -I <file-list>       Bounce messages from users not listed in file
                               in colon-separated <file-list> *
  -a <passwd>          approval password **
  -s                   enable "administrivia" checks

 * Note that majordomo postings can be limited to those on an approved
   list, but selected posters can not be excluded.  This is not
   appropriate for the Cypherpunk list, due to anonymous remailers,
   pseudonyms, etc.
** Note that if there WAS an approval password, it would be visible.


Fortunately, version 1.90 of MJD, which is now in beta, fixes this
problem by putting the passwords in a configuration file.  It is
available for ftp.GreatCircle.com.

What to do about abusive posters?  How about reversing the function of
the -I switch?

=== Here's the PERL code for option -I from 1.90 beta: ===============

if ( defined($opt_I) && defined($from) && ! defined($approved) ) {
    local($infile) = 0;
 
    @files = split (/[:\t\n]+/, $opt_I);
 
    foreach $file (@files) {
	if ($file !~ /^\//) {
	    $file = "$listdir/$file";
	}
        if ( open (LISTFD, "<${file}") != 0 ) {
	    @output = grep (&addr_match($from, $_), <LISTFD>);
            close (LISTFD);
   
            if ( $#output != -1 ) {
                $infile = 1;
                last;
            }
        } else {
	    die("resend: Can't open $file: $!");
	}
    }
 
    if ( $infile == 0 ) {
        &bounce ("Non-member submission from [$from]");
    }
}

=== Now, with minimal hacking, this can be reversed, so that if the user
=== name is in the list, the incoming post is bounced to the list owner,
=== who can approve it or junk it.


So here is a technological fix, where we don't have to go bothering
system administators if they have a troublesome user.

--
Alex Brock







More information about the cypherpunks-legacy mailing list