Re: list

• To: Roderik Muit < >
• From: Piet Beertema < >
• Date: Wed, 11 Feb 1998 20:07:45 +0100
• Cc:

    I feel a quick reaction is in order, though I don't have a
    definitive answer on _all_ your points at 18:45 where there's
    not _that_ many people around to discuss this with...
How comes? :-)

    It is impossible to subscribe someone else than the source-address
    of the e-mail to the list automatically.  But they can subscribe
    themselves. (If people send a mail with 'subscribe anti-spam' to
    majordomo@localhost, this is done automatically; ...
I don't know which version of majordomo you're running,
but the version I picked up some 2 months ago and which
was then the latest version has a very serious flaw: it
looks *only* at the header From: line to extract the
sender's address from, but that line if by far the most
easy to fake. So I can subscribe hundreds of users by
sending as many subscribe messages with forged From:
lines. Majordomo really should at least check a Sender:
line (when present) too and take that as the sender's
address in case of discrepancy with the From: address.
    
    At this moment anyone can get a list of the people subscribed to our
    majordomo lists.
Ouch!


	Piet

• Post To The List:

• Follow-Ups:
  • Re: list
    • From: Xander Jansen

• References:
  • Re: list
    • From: Roderik Muit