[Mailman-Users] Photos from Macs getting removed by list server

Peter Shute pshute at nuw.org.au
Mon Jan 22 21:10:32 EST 2018 

Thanks for all that. I googled collapse_alternatives, and I can see from the colour of some of the results that I've looked this up before.

Given that Mac and (particularly) iPhone/iPad users are common, we probably don't have an unusual problem. Maybe I should just ask the list owner to try changing those two settings to see how it goes:
collapse_alternatives=No
convert_html_to_plaintext=No

I wonder how much dangerous javascript in email is these days.

What happens if we just change collapse_alternatives to No?

> -----Original Message-----
> From: Mark Sapiro [mailto:mark at msapiro.net]
> Sent: Tuesday, 23 January 2018 12:08 PM
> To: Peter Shute <pshute at nuw.org.au>; mailman-users at python.org
> Subject: Re: [Mailman-Users] Photos from Macs getting removed by list
> server
> 
> On 01/22/2018 01:33 PM, Peter Shute wrote:
> >
> > Perhaps I've used the wrong terminology. I mean that
> convert_html_to_plaintext is set to Yes.
> 
> 
> OK
> 
> 
> > I've attached a screenshot of the content filtering page. Does that
> > tell you everything you need to know? (Assuming it'll be allowed
> > through. If not, what's the easiest way to list all the settings?)
> 
> 
> It didn't go to the list, but I got it in my direct copy. For future reference, the
> settings are:
> 
> filter_content: Yes
> filter_mime_types: empty
> pass_mime_types:
>   multipart
>   text/plain
>   text/html
>   image/jpeg
>   image/png
> filter_filename_extensions:
>   exe
>   bat
>   cmd
>   com
>   pif
>   scr
>   vbs
>   cpl
>   mpg
>   mc4
>   mp3
>   And more not in the screenshot
> pass_filename_extensions: empty
> collapse_alternatives: Yes
> convert_html_to_plaintext: Yes
> filter_action: Discard
> 
> And something like the above is the best way to report them.
> 
> 
> > I still have all the moderation notification emails, with the original emails
> attached. Can I use those to get the information you need?
> 
> 
> Yes, but see below.
> 
> 
> > But before I start trying to gather together evidence, could we "fix" this
> problem by setting convert_html_to_plaintext to No? If so, are there any
> side effects of that we should know about before we try it?
> 
> 
> That alone probably won't fix it. Consider a message with the following MIME
> structure:
> 
> multipart/alternative
>     text/plain
>         plain text body
>     multipart/related
>         text/html
>              HTML body that references images
>         image/jpeg
>             first image
>         image/jpeg
>             second image
> 
> pass_mime_types will accept everything, but collapse_alternatives = Yes will
> replace the multipart/alternative part with the first sub-part, i.e. the
> text/plain part leaving only
> 
> text/plain
>     plain text body
> 
> as the message to be delivered.
> 
> Even a different message like
> 
> multipart/related
>     multipart/alternative
>         text/plain
>             plain text body
>         text/html
>              HTML body that references images
>     image/jpeg
>         first image
>     image/jpeg
>         second image
> 
> Will result in the filtered message
> 
> multipart/related
>     text/plain
>         plain text body
>     image/jpeg
>         first image
>     image/jpeg
>         second image
> 
> with the image parts still in the delivered message, but the HTML that
> referenced them gone.
> 
> The only time the HTML is left in the message in any form is if it's not in a
> multipart/alternative sub-part such as
> 
> multipart/related
>     text/html
>         HTML body that references images
>     image/jpeg
>         first image
>     image/jpeg
>         second image
> 
> but even here, the text/html part will be converted to text/plain by
> HTML_TO_PLAIN_TEXT_COMMAND and how the result will render will vary
> depending both on what that command does and the MUA that views the
> result.
> 
> 
> > I'm not the owner of the list, and it wasn't my decision to set it to Yes. I'm
> under the impression that the owner changed it as a precaution once after
> the list was somehow being used to send out spam. It's my impression that in
> the years before I had admin access, there have been periods when html
> was allowed, but I have no idea of the reasons for the earlier changes.
> 
> 
> You definitely want to set collapse_alternatives to No. Depending on how
> that works for you, you may also need to set convert_html_to_plaintext to
> No to get the result you want.
> 
> The risk in setting convert_html_to_plaintext to No is messages with evil
> javascript will go to the list.
> 
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list