[Mailman-Users] UTF-8 From and Reply-to addresses not getting properly processed.

Lindsay Haisley fmouse at fmp.com
Sun Feb 16 13:17:00 EST 2020 

Here's a more concise summary:

On Sat, 2020-02-15 at 20:00 -0800, Mark Sapiro wrote:
> On 2/15/20 5:58 PM, Lindsay Haisley wrote:
> > We're running Mailman 2.1.18-1 and have a list which is having a porn
> > spam problem. The list is set to discard posts from non-members, and
> > the list moderator has set various filters to try to filter on words
> > which contain "f***", as many do, however the Subject, From and Reply-
> > to addresses are all UTF-8 strings, and are apparently confusing
> > Mailman's decision-making functions, and these posts are ending up in
> > the administrative requests list.  Here's a sample set of headers:
> >
> > From: =?utf-8?B?IkFiaWEiIDxBYmlhQG11bHRpLm5ldC5waz4=?=
[snip..]

* The list admin wants to discard, not hold, _all_ nonmember
submissions. These "problem posts" are getting held, not discarded.

* generic_nonmember_action is set to "Discard" but this isn't working
for these posts.

* From and Reply-to addresses on "problem posts" are base64 (utf-8 ?)
encoded, both in the held post detail and on the held post listing
page, so there's no way of identifying the addresses they represent. They may actually be subscribed in their decoded form, or handled in
some other context which prescribes that they be held, not discarded.
(New member posts are moderated by default via
default_member_moderation.)

* From and Reply-to addresses differ from one to another of these
"problem posts", so blocking individual sender addresses is useless, as
is usually the case with spam.

* MM spam filters are apparently irrelevant to this issue.

> If you only want to discard non-member posts with RFC 2047 encoded
> From:, you could put something like
> 
> ^[^@]+@[a-z0-9_.]+$
> 
> in hold_these_nonmembers to hold the ones that at least don't have
> base64 encoded From:

We could use

^[^@]+$

in hold_these_nonmembers and this _might_ discard the base64
addressed "problem posts", but would _hold_ other non-member posts,
which isn't the result we want. We want to discard _all_ non-member
posts, and the problem is that these base64-addressed posts _are_ being
held and not discarded. 

-- 
Lindsay Haisley       |  "The arc of history is long, but
FMP Computer Services |     it bends toward Justice"
512-259-1190          |
http://www.fmp.com    |        - Barack Obama

More information about the Mailman-Users mailing list