[Mailman-Users] mailman loops because of & in an address
Barry A. Warsaw
barry at zope.com
Fri Apr 26 18:16:46 CEST 2002
>>>>> "AS" == Antenna Support <support at antenna.nl> writes:
AS> We just experienced a loop: a message was sent many times
AS> because it wasn't deleted in the /home/mailman/qfiles
AS> directory The error mailed was:
AS> /usr/bin/python -S /home/mailman/cron/qrunner
| sh: c.lovell at xtra.co.nz: command not found
| c... User unknown
| It appeared that there was an address added to the list:
| m&c.lovell at xtra.co.nz
AS> The loop could only be stopped by removing the .msg and .db
AS> file in the qfiles directory. I also removed this address from
AS> the subscribers.
AS> Is there anything I can do to prevent this from happening
Don't use the Sendmail.py DELIVERY_MODULE. It goes through the shell,
and its input is not properly escaped. For the same reason,
Sendmail.py is a security problem.
Mailman itself can handle addresses with &'s in them just fine (and I
believe they're legal as per RFC 2822). Use the SMTPDirect.py
delivery module and you should be fine.
More information about the Mailman-Users