Can someone give me some feedback on the following patch to SMTPDirect.py - whatever I've overlooked, or done that might be dangerous? The purpose of this patch is to insert a header, "X-subdata" into VERPed emails which won't be flagged and redacted by AOL's brain-dead "Email Feedback Report" system, and will continue to allow my local scripts to unsubscribe subscribers who hit the "Report Spam" button on their AOL mail UI. The content of the header is an MD5 hash of the receiving subscriber's email address - the same information contained in the Sender and Return-path headers, normally munged ("redacted") by AOL. The hope is that this hash will address AOL's privacy concerns, and/or else fall beneath the intelligence level of their scrutiny. The address hash can be compared against the list of subscribers to the list, identified in several (improperly redacted or un-redacted) headers. I'm not submitting this as a suggested patch for Mailman, but just asking for some feedback from people who know the code better than I do. --- SMTPDirect.py.orig 2012-06-17 17:16:25.000000000 -0500 +++ SMTPDirect.py 2012-06-17 21:17:25.000000000 -0500 @@ -43,6 +43,8 @@ from email.Utils import formataddr from email.Header import Header from email.Charset import Charset +from md5crypt import md5crypt +from random import choice DOT = '.' @@ -307,6 +309,9 @@ 'host' : DOT.join(rdomain), } envsender = '%s@%s' % ((mm_cfg.VERP_FORMAT % d), DOT.join(bdomain)) + saltmarsh = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrsyuvwxyz1234567890./" + if not msgdata.has_key("X-subdata"): + msgcopy["X-Subdata"] = md5crypt(rmailbox + "@" + DOT.join(rdomain), choice(saltmarsh) + choice(saltmarsh)) if mlist.personalize == 2: # When fully personalizing, we want the To address to point to the # recipient, not to the mailing list