I've recently moved the mailing list which I run from MXSERVER@BIBLE.ACU.EDU
to Majordomo@genesis.acu.edu. Soon after than, a mail loop between the two
computers started. If have now understood how this came about, and I've
decided to share this experience, for the warning of the unwary :)
a) A user sees information about the CHURCHPLANTERS list on a web
page and is interested. That web page allows to create a subscription
request and send it to the old server address. (I really hate those
WWW-email gateways, they've caused me trouble before.)
b) The user gets a message from the old, disabled list which states that
the list has moved and that he can subscribe to CHURCHPLANTERS by
sending mail to Majordomo@genesis.acu.edu
c) Instead of composing a new message, the user uses the "forward" feature
of his mailreader to send the following command to Majordomo:
The mailreader sends this message with a "From:" header field like this:
From: MX mailing list processor <MXserver@BIBLE.ACU.EDU> (by way of firstname.lastname@example.org (Daniel D. Robayo))
Not being experienced in the ways of e-mail, the user suspects nothing.
d) Majordomo sees the From: header and interprets the subscription request
subscribe churchplanters MX mailing list processor <MXserver@BIBLE.ACU.EDU> (by way of email@example.com (Daniel D. Robayo))
As the maillog indicates, the envelope-From of this request was
<firstname.lastname@example.org>. Unfortunately, the address
email@example.com was included in a comment to the subscribed
address, and for this reason Majordomo accepted the request. I consider
this behavior to be a bug of Majordomo, because RFC 822 specifies:
RFC822> Comments should be retained while the message is subject to
RFC822> interpretation according to this standard. However, comments
RFC822> must NOT be included in other cases, such as during protocol
RFC822> exchanges with mail servers.
This means (by my interpretation) that Majordomo is REQUIRED by the
standard to strip comments from the address before checking whether
it matches with the envelope-From. For my list, the subscription mode
is set to "open", hence subscription requests are automatically
honoured if the subscribed address "matches" the envelope-From.
e) A welcome message is mailed out to the new subscriber
MXserver@BIBLE.ACU.EDU. This welcome message contains examples of
commands which people could send to Majordomo.
f) This starts a nasty loop between Majordomo@genesis.acu.edu and
MXSERVER@bible.acu.edu in which the two computers frantically
scream their help messages at each other. With every iteration of
the loop, the number of messages is doubled. (I call such a thing
a loop cascade.) Hundreds of error messages were generated and sent
to the majordomo admins, but fortunately not to the list subscribers.
NEEDLESS TO SAY, I've now taken some measures which should suffice to
prevent this kind of thing from happening again.
Norbert Bollow, Zuerich, Switzerland. Admin of the CHURCHPLANTERS list
Email-To: firstname.lastname@example.org PGP encrypted mail welcome
PGP public key & WWW homepage of CHURCHPLANTERS at http://pobox.com/~nb