[Mailman-Users] Photos from Macs getting removed by list server
Peter Shute
pshute at nuw.org.au
Mon Jan 22 21:10:32 EST 2018
Thanks for all that. I googled collapse_alternatives, and I can see from the colour of some of the results that I've looked this up before.
Given that Mac and (particularly) iPhone/iPad users are common, we probably don't have an unusual problem. Maybe I should just ask the list owner to try changing those two settings to see how it goes:
collapse_alternatives=No
convert_html_to_plaintext=No
I wonder how much dangerous javascript in email is these days.
What happens if we just change collapse_alternatives to No?
> -----Original Message-----
> From: Mark Sapiro [mailto:mark at msapiro.net]
> Sent: Tuesday, 23 January 2018 12:08 PM
> To: Peter Shute <pshute at nuw.org.au>; mailman-users at python.org
> Subject: Re: [Mailman-Users] Photos from Macs getting removed by list
> server
>
> On 01/22/2018 01:33 PM, Peter Shute wrote:
> >
> > Perhaps I've used the wrong terminology. I mean that
> convert_html_to_plaintext is set to Yes.
>
>
> OK
>
>
> > I've attached a screenshot of the content filtering page. Does that
> > tell you everything you need to know? (Assuming it'll be allowed
> > through. If not, what's the easiest way to list all the settings?)
>
>
> It didn't go to the list, but I got it in my direct copy. For future reference, the
> settings are:
>
> filter_content: Yes
> filter_mime_types: empty
> pass_mime_types:
> multipart
> text/plain
> text/html
> image/jpeg
> image/png
> filter_filename_extensions:
> exe
> bat
> cmd
> com
> pif
> scr
> vbs
> cpl
> mpg
> mc4
> mp3
> And more not in the screenshot
> pass_filename_extensions: empty
> collapse_alternatives: Yes
> convert_html_to_plaintext: Yes
> filter_action: Discard
>
> And something like the above is the best way to report them.
>
>
> > I still have all the moderation notification emails, with the original emails
> attached. Can I use those to get the information you need?
>
>
> Yes, but see below.
>
>
> > But before I start trying to gather together evidence, could we "fix" this
> problem by setting convert_html_to_plaintext to No? If so, are there any
> side effects of that we should know about before we try it?
>
>
> That alone probably won't fix it. Consider a message with the following MIME
> structure:
>
> multipart/alternative
> text/plain
> plain text body
> multipart/related
> text/html
> HTML body that references images
> image/jpeg
> first image
> image/jpeg
> second image
>
> pass_mime_types will accept everything, but collapse_alternatives = Yes will
> replace the multipart/alternative part with the first sub-part, i.e. the
> text/plain part leaving only
>
> text/plain
> plain text body
>
> as the message to be delivered.
>
> Even a different message like
>
> multipart/related
> multipart/alternative
> text/plain
> plain text body
> text/html
> HTML body that references images
> image/jpeg
> first image
> image/jpeg
> second image
>
> Will result in the filtered message
>
> multipart/related
> text/plain
> plain text body
> image/jpeg
> first image
> image/jpeg
> second image
>
> with the image parts still in the delivered message, but the HTML that
> referenced them gone.
>
> The only time the HTML is left in the message in any form is if it's not in a
> multipart/alternative sub-part such as
>
> multipart/related
> text/html
> HTML body that references images
> image/jpeg
> first image
> image/jpeg
> second image
>
> but even here, the text/html part will be converted to text/plain by
> HTML_TO_PLAIN_TEXT_COMMAND and how the result will render will vary
> depending both on what that command does and the MUA that views the
> result.
>
>
> > I'm not the owner of the list, and it wasn't my decision to set it to Yes. I'm
> under the impression that the owner changed it as a precaution once after
> the list was somehow being used to send out spam. It's my impression that in
> the years before I had admin access, there have been periods when html
> was allowed, but I have no idea of the reasons for the earlier changes.
>
>
> You definitely want to set collapse_alternatives to No. Depending on how
> that works for you, you may also need to set convert_html_to_plaintext to
> No to get the result you want.
>
> The risk in setting convert_html_to_plaintext to No is messages with evil
> javascript will go to the list.
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list