[Mailman-Users] incorrect list-id
Chuq Von Rospach
chuqui at plaidworks.com
Thu Jun 1 20:22:22 CEST 2000
At 10:59 AM -0700 6/1/2000, John W Baxter wrote:
>>Arguably, since it's a meta-message and not a list-message, it
>>probably ought to not have a list-id attached. it's not coming from a
>>list, but from the list's server.
>And, based on a complaint just now in another list (exim-users) from a
>person who gateways list messages throughout his company, there probably
>ought to be some easy filtering method (some X-xxx header in place of
>List-ID??) so that the list password doesn't get broadcast by the gateway
>process in that situation.
There's a proposed standard for this: list-probe. While it doesn't
fit these password messages perfectly, I think it could be used (and
perhaps this concept ought to be tossed into the discussion pot for
list-probe). See <http://www.nisto.com/listspec/>
Actually, this is a pretty gnarly problem. If you mail to an
exploder, all bets are off, since the person is actually not
subscribed to the list, so the exploder list ought to follow RFC2369
and strip the List-* headers, since they aren't relevant to the users
on the other side of the exploder. It also, frankly, ought to replace
them with a relevant set of their own List-* headers.
but -- does list-ID change in this kind of exploder situation?
Ack. And on the more general level, if you're sending out that
"monthly notice about the foobar mail list", what's appropriate for
these headers? I think there ought to be list-* headers for RFC2369,
since that's effectively what the message is for, but no List-ID,
since it's not attached to a list, but to the list's server. But if
list-probe is adopted (and at first glance, I like it), it'd allow an
exploder to recognize a message as a meta-message and strip it.
No, wait. That causes another problem. It screws up using list-probe
for what it's really there for, probing for bogus, forwarded
addresses. Because in the case wehre the bogus address is on the
wrong side of the exploder, stripping messages with list-probe breaks
the attempt to find the failing address, especially if it's bouncing
back to the main list and not to the exploder (as it ought to -- but
how many exploders fix the envelope properly to self-handle their own
bounces? Not enough)
So forget that. List-probe can't be used to ID meta-messages.
So, alternative: set up a special list-ID for server messages? So
that if you get a message from the server, it can be recognized as
such, and exploders can therefore be trained to only forward messages
with the appropriate list-ID, and you can safely send out the
passwords using the meta-ID knowing the exploder will strip it.
Does that work? I realize most exploders DON'T do this work today,
but should. But if we put the pieces in place, we make it easier to
convince folks to do them properly...
so I guess what I'm saying is:
1) server messages go out with a listid identifying the server not a
list on the server. As in ListID: plaidworks.com instead of ListID:
sharks.plaidworks.com (you could potentially id the server type, as
in mailman.plaidworks.com, but what if you happen to run a list named
mailman on the mailman server? Perhaps formalizing the server as
being the identifying domain is the better thought?)
2) if you're probing addresses, you use ListID set to the list, and
List-Probe set per the proposal....
Should it be de-riguer that exploders strip all list-* headers, on
the assumption that they're not relevant on the other side of the
list? I think so, since reading teh 2369 RFC says that a list
shouldn't allow user-generated headers to be passed on, but instead
strip them, and an exploder is really nothing more than a special
case of a mail list...
(grant, apologize for cc:ing you in on an ongoing discussion on a
list, but I thought it was something you ought to see, and might ave
useful feedback on...)
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui at plaidworks.com)
Apple Mail List Gnome (mailto:chuq at apple.com)
And they sit at the bar and put bread in my jar
and say 'Man, what are you doing here?'"
More information about the Mailman-Users