Re: list

[Piet Beertema <]

    I feel a quick reaction is in order, though I don't have a
    definitive answer on _all_ your points at 18:45 where there's
    not _that_ many people around to discuss this with...
How comes? :-)

    It is impossible to subscribe someone else than the source-address
    of the e-mail to the list automatically.  But they can subscribe
    themselves. (If people send a mail with 'subscribe anti-spam' to
    majordomo@localhost, this is done automatically; ...
I don't know which version of majordomo you're running,
but the version I picked up some 2 months ago and which
was then the latest version has a very serious flaw: it
looks *only* at the header From: line to extract the
sender's address from, but that line if by far the most
easy to fake. So I can subscribe hundreds of users by
sending as many subscribe messages with forged From:
lines. Majordomo really should at least check a Sender:
line (when present) too and take that as the sender's
address in case of discrepancy with the From: address.
    
    At this moment anyone can get a list of the people subscribed to our
    majordomo lists.
Ouch!


	Piet