At 10:33 AM 6/1/2000, Alexandre Denes dos Santos wrote:
I posted something to the developer's list about this last month. Apparently Mm uses the ID of the first publicly visible list on your server for all of the monthly reminder messages. The rationale for this seems to be that many people getting the reminders may be on multiple lists, so the list ID used for the reminder is really just an unimportant placeholder so that there is not a lot of header creation confusion for people on multiple lists.
Now that I bothered to write that out, here is one of the official replies: Herald Meland wrote:
You can find the string in the Mm developer's list archive, the subject line that I used was:
wrong list info in header (b1)Cheers,
--chris
--
/////\\\\\/////\\\\
Christopher G. Kolar
Director, Department of Instructional Technology
Aurora University, Aurora, Illinois
ckolar@admin.aurora.edu -- www.aurora.edu/~ckolar
[PGP Public Key ID: 0xC6492C72]
At 10:44 AM -0500 6/1/2000, Christopher Kolar wrote:
Arguably, since it's a meta-message and not a list-message, it probably ought to not have a list-id attached. it's not coming from a list, but from the list's server.
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
And they sit at the bar and put bread in my jar and say 'Man, what are you doing here?'"
At 8:59 -0700 6/1/2000, Chuq Von Rospach wrote:
And, based on a complaint just now in another list (exim-users) from a person who gateways list messages throughout his company, there probably ought to be some easy filtering method (some X-xxx header in place of List-ID??) so that the list password doesn't get broadcast by the gateway process in that situation.
--John
John Baxter jwblist@olympus.net Port Ludlow, WA, USA
At 10:59 AM -0700 6/1/2000, John W Baxter wrote:
There's a proposed standard for this: list-probe. While it doesn't fit these password messages perfectly, I think it could be used (and perhaps this concept ought to be tossed into the discussion pot for list-probe). See <http://www.nisto.com/listspec/>
Actually, this is a pretty gnarly problem. If you mail to an exploder, all bets are off, since the person is actually not subscribed to the list, so the exploder list ought to follow RFC2369 and strip the List-* headers, since they aren't relevant to the users on the other side of the exploder. It also, frankly, ought to replace them with a relevant set of their own List-* headers.
but -- does list-ID change in this kind of exploder situation?
Ack. And on the more general level, if you're sending out that "monthly notice about the foobar mail list", what's appropriate for these headers? I think there ought to be list-* headers for RFC2369, since that's effectively what the message is for, but no List-ID, since it's not attached to a list, but to the list's server. But if list-probe is adopted (and at first glance, I like it), it'd allow an exploder to recognize a message as a meta-message and strip it.
No, wait. That causes another problem. It screws up using list-probe for what it's really there for, probing for bogus, forwarded addresses. Because in the case wehre the bogus address is on the wrong side of the exploder, stripping messages with list-probe breaks the attempt to find the failing address, especially if it's bouncing back to the main list and not to the exploder (as it ought to -- but how many exploders fix the envelope properly to self-handle their own bounces? Not enough)
So forget that. List-probe can't be used to ID meta-messages.
So, alternative: set up a special list-ID for server messages? So that if you get a message from the server, it can be recognized as such, and exploders can therefore be trained to only forward messages with the appropriate list-ID, and you can safely send out the passwords using the meta-ID knowing the exploder will strip it.
Does that work? I realize most exploders DON'T do this work today, but should. But if we put the pieces in place, we make it easier to convince folks to do them properly...
so I guess what I'm saying is:
server messages go out with a listid identifying the server not a list on the server. As in ListID: plaidworks.com instead of ListID: sharks.plaidworks.com (you could potentially id the server type, as in mailman.plaidworks.com, but what if you happen to run a list named mailman on the mailman server? Perhaps formalizing the server as being the identifying domain is the better thought?)
if you're probing addresses, you use ListID set to the list, and List-Probe set per the proposal....
Should it be de-riguer that exploders strip all list-* headers, on the assumption that they're not relevant on the other side of the list? I think so, since reading teh 2369 RFC says that a list shouldn't allow user-generated headers to be passed on, but instead strip them, and an exploder is really nothing more than a special case of a mail list...
(grant, apologize for cc:ing you in on an ongoing discussion on a list, but I thought it was something you ought to see, and might ave useful feedback on...)
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
And they sit at the bar and put bread in my jar and say 'Man, what are you doing here?'"
Thanks for Christopher about the answer.
As Microsoft said when they discovered a security problem in NT: "that's not a bug, it's a feature".
Bye Denes
On Thu, 1 Jun 2000, Christopher Kolar wrote:
Yes, but this confuses my procmail rules and saves it to the folder mailman-developer instead of mailman-users. Because I'm not subscribed to mailman-developer, I have that folder not set up in my MUA, so I don't see the reminder.
-- Tot ziens,
Bart-Jan
----- Original Message ----- From: "Bart-Jan Vrielink" <bartjan@vrielink.net> To: "Christopher Kolar" <ckolar@admin.aurora.edu> Cc: <mailman-users@python.org> Sent: Thursday, June 01, 2000 12:14 PM Subject: Re: [Mailman-Users] incorrect list-id
I too would like to see a more accurate list ID on the reminder messages. I take advantage of the monthly reminder messages to help me cleanup the subscriptions on the lower volume mailing lists. When I get a bounce, I go delete the user. Fortunately, I only need to filter through three or four lists so it's not hideous but it would be nice to know exactly where to go to delete the given user.
---eric
At 10:44 AM -0500 6/1/2000, Christopher Kolar wrote:
Arguably, since it's a meta-message and not a list-message, it probably ought to not have a list-id attached. it's not coming from a list, but from the list's server.
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
And they sit at the bar and put bread in my jar and say 'Man, what are you doing here?'"
At 8:59 -0700 6/1/2000, Chuq Von Rospach wrote:
And, based on a complaint just now in another list (exim-users) from a person who gateways list messages throughout his company, there probably ought to be some easy filtering method (some X-xxx header in place of List-ID??) so that the list password doesn't get broadcast by the gateway process in that situation.
--John
John Baxter jwblist@olympus.net Port Ludlow, WA, USA
At 10:59 AM -0700 6/1/2000, John W Baxter wrote:
There's a proposed standard for this: list-probe. While it doesn't fit these password messages perfectly, I think it could be used (and perhaps this concept ought to be tossed into the discussion pot for list-probe). See <http://www.nisto.com/listspec/>
Actually, this is a pretty gnarly problem. If you mail to an exploder, all bets are off, since the person is actually not subscribed to the list, so the exploder list ought to follow RFC2369 and strip the List-* headers, since they aren't relevant to the users on the other side of the exploder. It also, frankly, ought to replace them with a relevant set of their own List-* headers.
but -- does list-ID change in this kind of exploder situation?
Ack. And on the more general level, if you're sending out that "monthly notice about the foobar mail list", what's appropriate for these headers? I think there ought to be list-* headers for RFC2369, since that's effectively what the message is for, but no List-ID, since it's not attached to a list, but to the list's server. But if list-probe is adopted (and at first glance, I like it), it'd allow an exploder to recognize a message as a meta-message and strip it.
No, wait. That causes another problem. It screws up using list-probe for what it's really there for, probing for bogus, forwarded addresses. Because in the case wehre the bogus address is on the wrong side of the exploder, stripping messages with list-probe breaks the attempt to find the failing address, especially if it's bouncing back to the main list and not to the exploder (as it ought to -- but how many exploders fix the envelope properly to self-handle their own bounces? Not enough)
So forget that. List-probe can't be used to ID meta-messages.
So, alternative: set up a special list-ID for server messages? So that if you get a message from the server, it can be recognized as such, and exploders can therefore be trained to only forward messages with the appropriate list-ID, and you can safely send out the passwords using the meta-ID knowing the exploder will strip it.
Does that work? I realize most exploders DON'T do this work today, but should. But if we put the pieces in place, we make it easier to convince folks to do them properly...
so I guess what I'm saying is:
server messages go out with a listid identifying the server not a list on the server. As in ListID: plaidworks.com instead of ListID: sharks.plaidworks.com (you could potentially id the server type, as in mailman.plaidworks.com, but what if you happen to run a list named mailman on the mailman server? Perhaps formalizing the server as being the identifying domain is the better thought?)
if you're probing addresses, you use ListID set to the list, and List-Probe set per the proposal....
Should it be de-riguer that exploders strip all list-* headers, on the assumption that they're not relevant on the other side of the list? I think so, since reading teh 2369 RFC says that a list shouldn't allow user-generated headers to be passed on, but instead strip them, and an exploder is really nothing more than a special case of a mail list...
(grant, apologize for cc:ing you in on an ongoing discussion on a list, but I thought it was something you ought to see, and might ave useful feedback on...)
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
And they sit at the bar and put bread in my jar and say 'Man, what are you doing here?'"
Thanks for Christopher about the answer.
As Microsoft said when they discovered a security problem in NT: "that's not a bug, it's a feature".
Bye Denes
On Thu, 1 Jun 2000, Christopher Kolar wrote:
Yes, but this confuses my procmail rules and saves it to the folder mailman-developer instead of mailman-users. Because I'm not subscribed to mailman-developer, I have that folder not set up in my MUA, so I don't see the reminder.
-- Tot ziens,
Bart-Jan
----- Original Message ----- From: "Bart-Jan Vrielink" <bartjan@vrielink.net> To: "Christopher Kolar" <ckolar@admin.aurora.edu> Cc: <mailman-users@python.org> Sent: Thursday, June 01, 2000 12:14 PM Subject: Re: [Mailman-Users] incorrect list-id
I too would like to see a more accurate list ID on the reminder messages. I take advantage of the monthly reminder messages to help me cleanup the subscriptions on the lower volume mailing lists. When I get a bounce, I go delete the user. Fortunately, I only need to filter through three or four lists so it's not hideous but it would be nice to know exactly where to go to delete the given user.
---eric
participants (6)
-
Alexandre Denes dos Santos -
Bart-Jan Vrielink -
Christopher Kolar -
Chuq Von Rospach -
Eric S. Johansson -
John W Baxter