From: stewarts@ix.netcom.com
Date: Sun, 7 Apr 1996 12:40:25 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Someone's screwing around with anon.penet.fi
Message-ID: <199604062359.PAA23221@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 AM 4/6/96 -0800, Steve Reid <steve@edmweb.com> wrote:
>Here's another one of them unsolicited messages from anon.penet.fi.
>I have a feeling lots of people on the Cypherpunks list are going to be 
>getting these... My first post to the list was only about two days ago, 
>and someone's already messing around. :(

Anon.penet.fi is working just fine.  The problem is that someone
subscribed to the cypherpunks list as anXXXXXX@anon.penet.fi, so
any time you post to cypherpunks, anon.penet.fi receives a message
        From: you@yourplace.com
        To: anXXXXXX@anon.penet.fi
        Subject: My exciting post to cypherpunks
It then checks its userlist for you@yourplace.fi, doesn't find you,
allocates anYYYYYY@anon.penet.fi, notifies you, and sends out the message
        From: anYYYYYY@anon.penet.fi
        To: hisname@hisplace.com
        Subject: My exciting post to cypherpunks

In my case, if I post to cypherpunks, it checks its userlist for
stewarts@ix.netcom.com, finds anZZZZZZ@anon.penet.fi, sees that my
password is PASSWORD, sees that the posting doesn't include the password,
and sends me a reject message.  

The problem is that, the next time you post to cypherpunks, it'll leak
your identity in the message headers; I forget the details.

The way to prevent this whole mess is to educate majordomo to turn
subscription requests from anXXXXXX@anon.penet.fi into naXXXXXX@anon.penet.fi,
or at least to block subscription requests form anXXXXXX@anon.penet.fi.