[Mailman-Users] List security: approved line got mailed out to listusers

Mark Sapiro msapiro at value.net
Sat Jan 27 03:13:39 CET 2007

Jacob Sam-La Rose wrote:
>Subject: 	FYI (important): any email to  / Jacob this morning...
>	Date: 	26 January 2007 11:00:05 GMT
>	To: 	  fyi at metaroar.com

As Brad points out in another reply, these don't look like raw message
headers for a few reasons, not the least of which being Subject:,
Date: and To: preceeding the headers immediately below.

>	Return-Path: 	<yosafa at mrfriendly.asmallorange.com>
>	Envelope-To: 	jacob at jsamlarose.com
>	Delivery-Date: 	Fri, 26 Jan 2007 06:03:20 -0500
>	Received: 	from yosafa by mrfriendly.asmallorange.com with local- 
>bsmtp (Exim 4.63) (envelope-from  
><yosafa at mrfriendly.asmallorange.com>) id 1HAOrV-0000z6-3K for  
>jacob at jsamlarose.com; Fri, 26 Jan 2007 06:03:20 -0500
>	Received: 	from hypnotoad.liquidweb.com ([]:50358) by  
>mrfriendly.asmallorange.com with esmtps (TLSv1:AES256-SHA:256) (Exim  
>4.63) (envelope-from <fyi-bounces at metaroar.com>) id 1HAOrU-0000xz-PZ  
>for jacob at jsamlarose.com; Fri, 26 Jan 2007 06:03:16 -0500
>	Received: 	from localhost ([]:50149  
>helo=hypnotoad.liquidweb.com) by hypnotoad.liquidweb.com with esmtp  
>(Exim 4.63) (envelope-from <fyi-bounces at metaroar.com>) id  
>1HAOoT-00032t-0j; Fri, 26 Jan 2007 06:00:09 -0500
>	Received: 	from [] (port=56306) by  
>hypnotoad.liquidweb.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim  
>4.63) (envelope-from <jacob at metaroar.com>) id 1HAOoR-00032U-85 for  
>fyi at metaroar.com; Fri, 26 Jan 2007 06:00:07 -0500
>	X-Spam-Checker-Version: 	SpamAssassin 3.1.7 (2006-10-05) on   
>	X-Spam-Level: 	
>	X-Spam-Status: 	No, score=0.0 required=7.0 tests=AWL,HTML_MESSAGE   
>autolearn=ham version=3.1.7
>	Mime-Version: 	1.0 (Apple Message framework v752.2)
>	Message-Id: 	<68175EC0-1B93-4673-AD2D-2188F7E0DE29 at metaroar.com>
>	X-Mailer: 	Apple Mail (2.752.2)
>	X-Clamantivirus-Scanner: 	This mail is clean
>	X-Clamantivirus-Scanner: 	This mail is clean
>	X-Beenthere: 	fyi at metaroar.com
>	X-Mailman-Version: 	2.1.9.cp2
>	Precedence: 	list
>	List-Id: 	"Everything you wanted to know about poetry, but didn't  
>know who to ask..." <fyi_metaroar.com.metaroar.com>
>	List-Unsubscribe: 	<http://metaroar.com/mailman/listinfo/ 
>fyi_metaroar.com>, <mailto:fyi-request at metaroar.com?subject=unsubscribe>
>	List-Archive: 	<http://metaroar.com/pipermail/fyi_metaroar.com>
>	List-Post: 	<mailto:fyi at metaroar.com>
>	List-Help: 	<mailto:fyi-request at metaroar.com?subject=help>
>	List-Subscribe: 	<http://metaroar.com/mailman/listinfo/ 
>fyi_metaroar.com>, <mailto:fyi-request at metaroar.com?subject=subscribe>
>	Content-Type: 	multipart/mixed;  

The multipart/mixed structure is probably due to Mailman's adding
either msg_header or msg_footer or both as separate MIME parts, thus,
by itself this doesn't tell me much about the original message.

>	Errors-To: 	fyi-bounces at metaroar.com
>	X-Antiabuse: 	This header was added to track abuse, please include  
>it with any abuse report
>	X-Antiabuse: 	Primary Hostname - hypnotoad.liquidweb.com
>	X-Antiabuse: 	Original Domain - jsamlarose.com
>	X-Antiabuse: 	Originator/Caller UID/GID - [0 0] / [47 12]
>	X-Antiabuse: 	Sender Address Domain - metaroar.com
>	X-Source: 	
>	X-Source-Args: 	
>	X-Source-Dir: 	
>	X-Antivirus-Scanner: 	Clean mail though you should still use an  
>Do you need to see the body of the email?

I need to see the mime structure of the message including the part
headers and at least the initial lines of the part that still has the
Approved: line in it, and I need to see this as a raw message, not
interpreted by some MUA.

>> How did the message get sent to the list? Was it held and manually
>> approved (a clue that something was wrong with Approved:).
>Sent as email straight to the list - didn't have to be manually  
>approved - it went straight through.
>> Was the Approved: line that went to the list in the first text/plain
>> part of the message or was it in a subsequent part, e.g. an HTML
>> alternative part.
>It was in the first text/plain part - though in the sent version I've  
>got of the mail, the Approved: line is the very first line.  Once it  
>went through the list, there was a line space at the top of the  
>email, before the Approved: line...

Assuming that the message actually needed to be approved, the line
would have been removed at least from the first text/plain part.

If you are able to get that 'sent version' in its raw form, that would
be most useful.

You appear to be using Apple mail. You can view raw source via
View->Message->Raw source (option-command-U).

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list