The REQ script for the majordomo package says:

>         echo "Creating '$MAJORDOMO_USER' user ..."
>         ${ADDNERD} -h ${HOME} -g ${MAJORDOMO_GROUP} ${MAJORDOMO_USER}
>         echo Done.

Note that the call to addnerd doesn't set a password or a shell. When I 
installed earlier today, I noticed that it had added an unpassworded user 
with a shell of /bin/sh. Of course, the addnerd command should also have 
'-s /sbin/nologin'.

On a related note, how does one find who is responsible for a particular 
package? It doesn't appear in the README.html in pkgsrc/mail/majordomo. 
Thus, I don't know which person to report this to. (I hope someone from 
either of these lists will take care of it...).