[Mailman-Developers] Thoughts on processing for pre-approved messages

Stephen J. Turnbull stephen at xemacs.org
Sun Mar 18 11:28:44 CET 2012 

On Sat, Mar 17, 2012 at 2:41 AM, Mark Sapiro <mark at msapiro.net> wrote:

> I've gone around a bit on this and I've concluded this is analogous to
> the list poster password I implemented for 2.1. Presumably we don't
> want to allow this password to be used to authenticate to the web ui.

Right.

> We may want to allow it for authentication for certain email commands.
> I'm not sure about that one.

This is a list policy thing.  I wouldn't allow it, but then I don't plan to use
X-Approve either.


> Now I see some issues with what rules/approved.py does. It checks for
> the header and validates the password. This is good. It also removes
> any header or body lines containing the pseudo-header from the
> message. Architecturally, this latter operation belongs in the
> pipeline, not in a chain rule.

Strictly speaking, yes, but the whole idea of Approved: is unclean enough
that I don't really have a problem with allowing a chain rule to remove the
Approved: header.  But maybe there should be a pipeline Handler that
removes all Approved headers and pseudo-headers, regardless of whether
it would actually work on that list.

> we need a mlist.check_approved(msg, clean=True|False) method to do the
> heavy lifting.

I don't know about that.  Having both one or more Handlers and a special
seems like overkill, especially since really one checks the header and the
other deletes, completely different functionality.  Wouldn't it be
better to have
a class variable Mlist.approval_headers = ["Approve", "X-Approve"] and have

    for h in mlist.approval_headers:
        if msg[h] == mlist.moderator_password:
            return True
    return False

for the chain rule and

    for h in mlist.approval_headers:
        del msg[h]

in a RemoveApprovalHeaders.py pipeline handler?


> Unfortunately, this adds complexity and potential for
> security lapses if the rule hits but the pipeline doesn't remove the
> authentication.

Realistically, I don't think that's a problem.  I think that more likely
the problem will be that people will misspell the header, or use it in
list that doesn't support approval-by-header, or grab an incorrect
password out of an old message, or whatever.

More information about the Mailman-Developers mailing list