1994-05-10 - Majordomo

Header Data

From: Cyber City <cyber1@r-node.io.org>
To: cypherpunks@toad.com
Message Hash: 6270f2124bd65110416d32ae8dc76389430d4c7eada43d542eefb063b8a9e86d
Message ID: <199405100705.DAA02514@r-node.io.org>
Reply To: N/A
UTC Datetime: 1994-05-10 07:05:44 UTC
Raw Date: Tue, 10 May 94 00:05:44 PDT

Raw message

From: Cyber City <cyber1@r-node.io.org>
Date: Tue, 10 May 94 00:05:44 PDT
To: cypherpunks@toad.com
Subject: Majordomo
Message-ID: <199405100705.DAA02514@r-node.io.org>
MIME-Version: 1.0
Content-Type: text/plain


I'm posting this from Toronto, and I have no direct knowledge of what
took the Cypherpunks list down, but here's my guess:

The CP list is run my "majordomo" [MJD], a group of Perl scripts.
According to the MJD docs:

"If you'd like a list with the absolute minimum of maintenance (but also
 a minimum of security), you could create an "auto" list.  All
 subscription or unsubscription requests will be honored without any
 input from the list owner.  For example, anyone could unsubscribe
 anyone else."

 - unsubscribe list [address]

 This unsubscribes the user (or "address") from "list".

This means that anyone could write a message to majordomo@toad.com, with
the following message:

unsubscribe cypherpunks user1@some.org
unsubscribe cypherpunks user2@some.org
unsubscribe cypherpunks user3@some.org

... and so on.  Forgery is unnecessary.

MJD permits the use of a password by which the list owner can approve
unsubscription requests, but Sendmail displays this password. See:

telnet toad.com 25
Trying 140.174.2.1...
Connected to toad.com.
220 toad.com Sendmail 4.1/Gnu-smail ready at Mon, 9 May 94 22:12:32 PDT
VRFY owner-cypherpunks
250 Eric Hughes <"|/u/hughes/.bin/procmail">
VRFY cypherpunks
250 <"|/u/majordom/bin/wrapper resend -p bulk \
                                      -l cypherpunks -f owner-cypherpunks \
                                      -h toad.com -s cypherpunks-outgoing">
                                   *** password would be displayed here ***
==== What it means ========================================================
  -l <list-name>       list name
  -h <host-name>       host name
  -f <from-addr>       "sender" (default <list-name>-request)
  -p <precedence>      add "Precedence: <precedence>" header
  -I <file-list>       Bounce messages from users not listed in file
                               in colon-separated <file-list> *
  -a <passwd>          approval password **
  -s                   enable "administrivia" checks

 * Note that majordomo postings can be limited to those on an approved
   list, but selected posters can not be excluded.  This is not
   appropriate for the Cypherpunk list, due to anonymous remailers,
   pseudonyms, etc.
** Note that if there WAS an approval password, it would be visible.


Fortunately, version 1.90 of MJD, which is now in beta, fixes this
problem by putting the passwords in a configuration file.  It is
available for ftp.GreatCircle.com.

What to do about abusive posters?  How about reversing the function of
the -I switch?

=== Here's the PERL code for option -I from 1.90 beta: ===============

if ( defined($opt_I) && defined($from) && ! defined($approved) ) {
    local($infile) = 0;
 
    @files = split (/[:\t\n]+/, $opt_I);
 
    foreach $file (@files) {
	if ($file !~ /^\//) {
	    $file = "$listdir/$file";
	}
        if ( open (LISTFD, "<${file}") != 0 ) {
	    @output = grep (&addr_match($from, $_), <LISTFD>);
            close (LISTFD);
   
            if ( $#output != -1 ) {
                $infile = 1;
                last;
            }
        } else {
	    die("resend: Can't open $file: $!");
	}
    }
 
    if ( $infile == 0 ) {
        &bounce ("Non-member submission from [$from]");
    }
}

=== Now, with minimal hacking, this can be reversed, so that if the user
=== name is in the list, the incoming post is bounced to the list owner,
=== who can approve it or junk it.


So here is a technological fix, where we don't have to go bothering
system administators if they have a troublesome user.

--
Alex Brock






Thread