[Mailman-Users] Option to suppress senders' email addresses?
Mark Sapiro
msapiro at value.net
Sun Sep 26 21:11:37 CEST 2004
Brad Knowles wrote:
>At 7:30 PM +0200 2004-09-26, Brad Knowles quoted Mark Sapiro:
>
>>> The more I think of this though, the more I think it would be
>>> appropriate for Mailman to drop the incoming Received: headers from
>>> posts to an anonymous list. Why preserve the trace of how a post got
>>> from source to list when you want to make the source anonymous?
>>
>> This makes it much more difficult to debug certain types of mail
>> problems, including bounces and multiple deliveries of the same
>> message, etc....
>
> Besides, you have to sanitize more than just the "Received:"
>headers. All sorts of other headers might also expose personal
>information. You'd have to sanitize all headers, and copy over only
>the message body and subject lines.
It appears that Cleanse.py already does a pretty good job of this
including even a few known X- headers, although nothing removes
addresses from To: and Cc: which could be an issue I suppose. Also,
there could be any number of other X- headers that could contain
anything.
If I were implementing this, which I'm not, I would add a new variable
"ANONYMOUS_REMOVE_RECEIVED_HEADERS = No" in Defaults.py with comments
indicating the issues with turning it on, and in Cleanse.py I would
add to the anonymous_list processing, removal of received headers
conditional on the above new variable.
If you were going to take the "keep only these" approach rather than
the "delete these" approach, you'd have to keep more than Subject:.
You'd also need to keep Mime-Version:, Content-Type:
Content-Transfer-Encoding: and probably Message-Id: (although this may
reveal the originating domain), In-Reply-To: (for proper archive
threading), References: and Date:.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list