[Mailman-Users] Mailman-Bug with faked spam headers and some suggestions new features

Steffen Bardolatzi steffen at asta.uni-wuppertal.de
Wed Oct 11 01:53:34 CEST 2000

This looks like a nasty bug ...

We are running Mailman for some time now - one of the liste is a
"half-open" one with these settings:

- everyone can post
- bccs to the list are not permitted (to avoid spams, works fine)
- some alias-names for some users who regulary post to a different
adress but bcc to our's

Recently a spam message with a visible to-entry in the mail header
arrived here: "To: <>" in the fields displayed by mail clients.

This caused to log Mailman Beta 6 the following files into the error-

Oct 08 23:53:01 2000 (25258) Delivery exception: read-only character 
buffer, None
Oct 08 23:53:01 2000 (25258) Traceback (innermost last):
  File "/var/mailman/Mailman/Handlers/HandlerAPI.py", line 82, in
    func(mlist, msg, msgdata)
  File "/var/mailman/Mailman/Handlers/Hold.py", line 173, in process
    if mlist.require_explicit_destination and \
  File "/var/mailman/Mailman/MailList.py", line 1208, in HasExplicitDest
    addr = string.lower(addr)
TypeError: read-only character buffer, None

... these lines were repeated each *2* minutes for more than 10 hours
(until I deleted the db-, and msg-file in the qfiles directory).
The original msg-file time was exactly the one of the first log in the
log file. In this *first* log I could read something like "implicit
header..." followed by the endlessly repeated actual error-log above.


In addition to this here are some more minior bugs:

- In case some e-mails are sent with qp-7bit-code the archiver does
*not* covert them back into the acutal 8 bit characters - which makes it
more diffucult to read the postings in the archive unless you are get
used to qp-coding. As for 8 bit characters it works fine.
Some of the affected mail clients are Pegasus und Outlook
Express (according to some header analyses on an unregular bases).
E-Mails are send just fine with no problems.

- In case some people send M$-attachments the archive does not
interpret this mime code and displays if just as if it was plain text.
A nice *new* feature was if there was displayed a link for
non-text-files like: download this file.

- It would be fine if the archive would *not* display both the text
and html code (in source code) if some people send a message with html
*and* txt - the default might be *only* to render the html part
readable (as e.g. done my pine).
In general it would be fine if the archive was mime-aware ... there are
too many users out there who have not yet learnt to send e-mails in
plain text.

- In case there are packet losses and timeouts during processing some
admin-(mail)-requests Mailman does recognize the changes but does
endlessly attempt to load the updated admin-requests site.


- sugestion for a new feature:

I was told to disable the unsubscribe-funktion for a special list: I
edited the list option's site *and* disabled the request e-mail adress
(else I had to filter out unsubscribe in the subject and body with
procmail or so).
So far this works fine *but* has been some work.
Therefore a switch like: "unsubscribe  yes  no" would be a good idea -
maybe on a per-list bases in the mydefauls.py-file.

Thanks in advance and thaks for such a great mailing list manager!

PS.: I hope it's ok if I send it to mailman-users and
mailman-developers and sorry about the length.
Anyway Mailman seems to get better with each Beta version.

More information about the Mailman-Users mailing list