[Mailman-Developers] Thoughts on processing for pre-approved messages

Mark Sapiro mark at msapiro.net
Fri Mar 16 18:41:06 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've had several thoughts on what is now (in MM 3) done by
rules/approved.py.

There is a moderator_password list attribute which can be used in a
(X-)Approve(d): header or first body line pseudo-header to pre-approve
a list post.

I've gone around a bit on this and I've concluded this is analogous to
the list poster password I implemented for 2.1. Presumably we don't
want to allow this password to be used to authenticate to the web ui.
We may want to allow it for authentication for certain email commands.
I'm not sure about that one.

My basic thought is we know who allegedly sent the post (maybe we have
a few places to check - the poster might legitimately spoof the
From:), so we can find a user who owns that address, see if the user
has a moderator or admin role for this list, and validate the header
password against that user's password. We *don't* want to do this
because the user doesn't want to send her own personal password in a
plain text email header. So we use this relatively easily changed and
not very capable moderator_password instead.

So far, so good.

Now I see some issues with what rules/approved.py does. It checks for
the header and validates the password. This is good. It also removes
any header or body lines containing the pseudo-header from the
message. Architecturally, this latter operation belongs in the
pipeline, not in a chain rule. This seems to say we need both a rules
module and a pipeline module (or maybe the existing
pipeline/cleanse.py) to do this, and in the interest of DRY, we really
need a mlist.check_approved(msg, clean=True|False) method to do the
heavy lifting. Unfortunately, this adds complexity and potential for
security lapses if the rule hits but the pipeline doesn't remove the
authentication.

Thoughts?

- -- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFPY3sxVVuXXpU7hpMRAodWAKCCcHOzCm3n7Ik9VUVapsUAHTvONwCghcoN
qbND9+Opjm2D+Lb5PTqxIpg=
=4wV2
-----END PGP SIGNATURE-----


More information about the Mailman-Developers mailing list