[Mailman-Developers] 2 bugs, but I need a confirmation :-)
Thomas Wouters
thomas@xs4all.net
Tue, 12 Dec 2000 11:11:17 +0100
I *think* I found two (more) bugs in Mailman, but my setup is sufficiently
hacked that I can't test it for sure. One of the two I tested on
python-list, and I think I saw it reproduced. The other one I'm not going to
test, because it's potentially destructive.
1) Subscription-confirmation-response-emails to *-request, with multiple
attachements, fail. The problem is that Mailman tries to interpret the MIME
boundary and content-type headers and what not as commands, rather than
taking the first attachement and parsing that. This wasn't a real problem
when I tested it on python-list, because my mailer doesn't put enough
headers in the first MIME part, but customers of ours have seen honest
problems with this. People mailing with HTML mail enabled, for instance, but
also people who get a signature attached to the email, without being able to
prevent it. This enforced signature is becoming more and more populair in
clueless paranoid companies :P
2) '\n.\n' screws up Mailman. This comes in two flavours :) If the '\n.\n'
sequence is late enough in the email, Mailman doesn't notice, and the rest
of the mail (including the '\n.\n') silently vanishes. If the sequence is a
bit higher, Mailman does notice: sendmail stops the transmission while
Mailman still has data to send. Mailman considers the mail not sent, and
tries again later -- but the first part of the mail is sent to all
recipients just fine.
This is a problem in particular with digests. One of our employees found out
she could skip the mailman-enforced signature by adding '\n.\n' to the end
of her own signature. She forgot about digests, however, and 5 other
employees got 300+ copies of the start of each digest, up to her signature.
Obviously, I don't want to test this on python.org's lists, unless Barry or
someone else is ready to edit the qfiles to remove the '\n.\n' sequence. Is
there a mailman-test-list on python.org or some 'vanilla' installation that
this could be tested on ?
--
Thomas Wouters <thomas@xs4all.net>
Hi! I'm a .signature virus! copy me into your .signature file to help me spread!