Exploit:

  Majordomo allows appending to any file
  owned by the majordomo user/group.

  create a symlink in /tmp to any majordomo file
  ex: ln -s /usr/lib/majordomo/majordomo
                            /tmp/majordomo.debug

  send a message with any emailer to majordomo
  with a "/" in the return address. (i tested with
  Winbloze Internet Mail) ex: blah/1234@yerdomain.com

  the owner of majordomo will receive the below
  message... from then on, majordomo will be
  inoperable.  (if the above symlink is used)
  Majordomo keeps a debug log and appends to it
  every time it crashes with out checking ownerships
  of the symlinks.. or for that matter for symlinks
  at all.