Re: list
- Date: Wed, 11 Feb 1998 20:07:45 +0100
I feel a quick reaction is in order, though I don't have a
definitive answer on _all_ your points at 18:45 where there's
not _that_ many people around to discuss this with...
How comes? :-)
It is impossible to subscribe someone else than the source-address
of the e-mail to the list automatically. But they can subscribe
themselves. (If people send a mail with 'subscribe anti-spam' to
majordomo@localhost, this is done automatically; ...
I don't know which version of majordomo you're running,
but the version I picked up some 2 months ago and which
was then the latest version has a very serious flaw: it
looks *only* at the header From: line to extract the
sender's address from, but that line if by far the most
easy to fake. So I can subscribe hundreds of users by
sending as many subscribe messages with forged From:
lines. Majordomo really should at least check a Sender:
line (when present) too and take that as the sender's
address in case of discrepancy with the From: address.
At this moment anyone can get a list of the people subscribed to our
majordomo lists.
Ouch!
Piet