[Mailman-Users] Strange behavior with Outlook+Exchange

Mark Sapiro mark at msapiro.net
Thu Apr 4 18:15:51 EDT 2019 

On 4/2/19 9:55 AM, Odhiambo Washington wrote:
> I have a client who is facing a problem unseen before.
> She's been using MS Outlook to send mail to a Newsletter managed by Mailman.
> 
> It's all been good, using Approved:Password as the very first line to send
> her newsletters using Outlook - until we added an Exchange account.
> Now, when she sends the Newsletter, the below error is returned and the
> message rejected by Mailman:
> 
> -----Original Message-----
> From: Newsletter [mailto:listname-bounces at lists.domain.name] On Behalf Of
> listname-owner at lists.domain.name
> Sent: Tuesday, April 02, 2019 6:48 PM
> To: Jane Doe
> Subject: Monthly Newsletter
> 
> Message rejected.
> It appears that this message contains an HTML part with the
> Approved: password line, but due to the way it is coded in the HTML it
> can't be safely removed.
> ----- End Original Message----


The best way to handle this is to use a real Approved: header rather
than a "pseudo-header" as the first body line, but I recognize that many
MUAs make it difficult or impossible to do that.

If the "Approved: password" line is the first body line of the first
text/plain part, Mailman remove it and will attempt to remove it from
all other text/* parts using the regexp

Approved:(\xA0|\s| )*password

If that regexp matches in the text/* part the matching text is removed.

If the regexp doesn't match, but does match after stripping all html
tags and ignoring line breaks, we conclude we can't remove the match
without seriously mangling the text, so we reject the post as above
rather than leak the password to the list.


> I am debating with myself whether it is necessary to adjust any changes
> related to message composition within Outlook, or make a change
> within Mailman config to accommodate the issue.


A possible Mailman config change is to adjust the list settings so a
post without the Approved: header is held. Then post and approve the
held post. Depending on how many "non-approved" held posts would result
from this, it might be viable, albeit more cumbersome than pre-approval.

The message composition changes that would be effective are:

1) Use a real header instead of the first body line, or

2) Compose the message as plain text only rather than
multipart/alternative, or

3) Examine the actual message HTML part to see why the pattern can't be
removed and possibly alter that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list