This patch originally was written by Oxymoron (see 
http://www.waste.org/~oxymoron/majordomo/ftp/newconfirm.patch)
for Majordomo 1.94.1.

I have just cleaned it up so that it will apply against
Majordomo 1.94.4

If you have any problems with this, please let me know.

-Jeff (jeffw@smoe.org)

This patch for 1.94.4 provides more robust handling for open+confirm
subscription policies. The patch also adds support for
unsubscribe_policy +confirm to all for secure removals. It adds a new
address for Majordomo for handling subscription confirmations.  When a
user requests a subscription, they are sent a message with a randomly
generated key in the subject and the body explaining the confirmation
process and telling them what address made the request. To confirm,
they just have to hit reply and launch off the message. Other messages
to the confirmation address will be bounced back with instructions for
contacting the proper address.

This should be more secure than the old auth cookie method and easier
for users. It also makes administration simpler by not requiring
additional owner approval for open lists when address_a subscribes
address_b (confirmation makes this redundant).

It requires several new entries in majordomo.cf:

$confirm_address = "confirm\@$whereami";
$confirm_expire = 14*24*3600 # Seconds to wait before expiring (2 weeks)
$confirm_randev = "/dev/random" # Leave undefined to use rand instead
$confirm_keys = "$listdir/confirm.keys" # Or some other MD-writable place

Also add an alias at the confirm address to call majordomo with the -a
switch.