Tokio Kikuchi wrote:
ToDigest.send_digests() can block regular delivery. We put the send_digests() calling part in a try/except clause and leave a message in the error log if something happened in send_digests(). Daily call of cron/senddigests will provide more detail to the site administrator.
I noticed this may lead to yet another DoS for digest delivery. The malicious (non-compliant MIME) message may cause other digest deliveries to stop as long as the malicious message remains in the digest.mbox file. I created a patch for this situation and uploaded in the patch area of SF: http://sourceforge.net/tracker/index.php?func=detail&aid=1556858&group_id=103&atid=300103
I think I will commit in the Release-2.1-maint branch and include in the 2.1.9 final release. I appreciate anyone can review the patch.
At this point of writing, I should note 2.1.9(rc1) has no known vulnerablities by which this patch is required.
-- Tokio Kikuchi tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/