The original cypherpunks filtering CDR setup came from Eric Murray. His original archive includes instructions and some of the scripts he used to make things work.
The al-qaeda.net/jfet.org setup is slightly different from this original setup, though I'm still using majordomo and sendmail.
First, you'll need Majordomo up and running. Presumably this means that you've edited majordomo.cf appropriately and set up the appropriate aliases in /etc/mail/aliases or the moral equivalent:
### majordomo ### majordomo: "|/etc/mail/smrsh/wrapper majordomo" owner-majordomo: [email protected] majordomo-owner: [email protected]
The other thing you'll need is a cypherpunks.config file for Majordomo; you can use mine as a starting point. Don't forget to write some kind of cypherpunks.info file as well.
Finally, you'll need to slightly patch majordomo.pl with Eric Murray's modification to allow wildcards in the allowed posters list:
sub main'addr_match {
local($a1) = &main'chop_nl(shift);
local($a2) = &main'chop_nl(shift);
local($partial) = shift; # may be "undef"
print STDERR "addr_match: enter\n" if $DEBUG;
print STDERR "addr_match: comparing $a1 against $a2\n" if $DEBUG;
> # ERICM:
> # allow for wild cards (*@remailer.com) in allowed-posters lists:
> if ($a2 =~ /^\*@/) {
> $a2 =~ s/\*//;
> $a1 =~ s/^.*@/@/;
> }
Now for the cypherpunks mail setup. I'm assuming that you'll be using smrsh, the sendmail restricted shell, for the small bit of added security it offers. In that case, your cypherpunks-specific aliases will look like this:
cypherpunks: |/etc/mail/smrsh/docpunks cypherpunks-outgoing: :include:/var/spool/majordomo/lists/cypherpunks cypherpunks-request: "|/etc/mail/smrsh/wrapper majordomo -l cypherpunks" cpunks: cpunk cpunk: |/etc/mail/smrsh/docypherpunks cypherpunks-approval: cypherpunks-owner owner-cypherpunks: cypherpunks-owner cypherpunks-owner: majordomo-owner
docpunks and docypherpunks are symblinks from /etc/mail/smrsh to the corresponding script in /var/spool/cpunks; wrapper is the Majordomo wrapper script and lives in /var/spool/majordomo on my system.
There's some stuff going on here that's not obvious. Let's follow a piece of cypherpunks mail through this Rube-Goldberg device (download the archive to follow along with the code).
cypherpunks@. It is processed by the docpunks script, which invokes procmail with an appropriate procmailrc.
X-Loop header doesn't appear in the message already. The local X-Loop header is added to the forwarded messages.
cpunk@, as long as the local X-Loop header doesn't appear in the message.cpunk@ goes through another script, docypherpunks (yes, I know these are named backwards). This filters the message before forwarding it via Majordomo to cypherpunks-outgoing@ (Majordomo handles the whitelist check and adds an X-Loop header to the local copy).
Here's the part that's been defunct for more than 5 years: filtering nodes have to know who's subscribed to every other node in order to allow their posts through. This means that the CDR nodes have to share their subscriber lists with one another. Previously, this was done using a script that would receive the output of Majordomo who. I dislike this for two reasons: (1) it's not authenticated, and (2) it requires that lists enable the who command.
I propose that we use cron jobs that deliver (possibly PGP-signed) poster lists to partner CDR nodes. Pushing the who lists means that the list admins don't have to enable Majordomo who, and using PGP signatures protects against malicious interference with the whitelist.
This part doesn't exist yet, because no one else has run a Cypherpunks node since 2005 (minder.net closed on 1/11/05; I got my last who update from pro-ns.net on 5/11/05). If/when other people set up CDRs, they should email me and we'll get to work on this. In the meantime, I'll start implementing my idea so it's ready to go.
The last thing you have to do is ask other CDR operators to hook you into their .procmailrc file—and, of course, you'll need to hook them up to yours. You can probably do this by announcing your existence on the cypherpunks mailing list and asking to be added.
This is the current .procmailrc forward list:
:0c * !^X-Loop:.*al-qaeda.net.* [email protected]