Mailman-Bug with faked spam headers and some suggestions new features
This looks like a nasty bug ...
We are running Mailman for some time now - one of the liste is a "half-open" one with these settings:
- everyone can post
- bccs to the list are not permitted (to avoid spams, works fine)
- some alias-names for some users who regulary post to a different adress but bcc to our's
Recently a spam message with a visible to-entry in the mail header arrived here: "To: <>" in the fields displayed by mail clients.
This caused to log Mailman Beta 6 the following files into the error- logfile:
Oct 08 23:53:01 2000 (25258) Delivery exception: read-only character
buffer, None
Oct 08 23:53:01 2000 (25258) Traceback (innermost last):
File "/var/mailman/Mailman/Handlers/HandlerAPI.py", line 82, in
do_pipeline
func(mlist, msg, msgdata)
File "/var/mailman/Mailman/Handlers/Hold.py", line 173, in process
if mlist.require_explicit_destination and
File "/var/mailman/Mailman/MailList.py", line 1208, in HasExplicitDest
addr = string.lower(addr)
TypeError: read-only character buffer, None
... these lines were repeated each *2* minutes for more than 10 hours (until I deleted the db-, and msg-file in the qfiles directory). The original msg-file time was exactly the one of the first log in the log file. In this *first* log I could read something like "implicit header..." followed by the endlessly repeated actual error-log above.
In addition to this here are some more minior bugs:
In case some e-mails are sent with qp-7bit-code the archiver does *not* covert them back into the acutal 8 bit characters - which makes it more diffucult to read the postings in the archive unless you are get used to qp-coding. As for 8 bit characters it works fine. Some of the affected mail clients are Pegasus und Outlook Express (according to some header analyses on an unregular bases). E-Mails are send just fine with no problems.
In case some people send M$-attachments the archive does not interpret this mime code and displays if just as if it was plain text. A nice *new* feature was if there was displayed a link for non-text-files like: download this file.
It would be fine if the archive would *not* display both the text and html code (in source code) if some people send a message with html *and* txt - the default might be *only* to render the html part readable (as e.g. done my pine). In general it would be fine if the archive was mime-aware ... there are too many users out there who have not yet learnt to send e-mails in plain text.
In case there are packet losses and timeouts during processing some admin-(mail)-requests Mailman does recognize the changes but does endlessly attempt to load the updated admin-requests site.
- sugestion for a new feature:
I was told to disable the unsubscribe-funktion for a special list: I edited the list option's site *and* disabled the request e-mail adress (else I had to filter out unsubscribe in the subject and body with procmail or so). So far this works fine *but* has been some work. Therefore a switch like: "unsubscribe yes no" would be a good idea - maybe on a per-list bases in the mydefauls.py-file.
Thanks in advance and thaks for such a great mailing list manager!
PS.: I hope it's ok if I send it to mailman-users and mailman-developers and sorry about the length. Anyway Mailman seems to get better with each Beta version.
participants (1)
-
Steffen Bardolatzi