[Tutor] sORRY

dman dsh8290@rit.edu
Thu, 17 Jan 2002 15:54:16 -0500 

On Thu, Jan 17, 2002 at 02:55:27PM -0500, kirk Bailey wrote:
| dman wrote:
| > 
| > On Thu, Jan 17, 2002 at 01:19:10AM -0500, kirk Bailey wrote:
| > | someone on the GMbrianpenn list closed an account and did not tell us
| > | od come and do the wtright thing and unsubscribe. We jus tdiscovered
| > | the error fed back from sendmail when it cannot connect to the
| > | account, the error comnig back blows the acript at that point- and
| > | remaining members do nto get the message, but the submiting member
| > | DOES get a error message. Removing old members one at a time, I
| > | discovered which ones were doing it, and they are not disrupting it
| > | any more.
| > |
| > | I need to set up a Try:/Except ERROR: block with a small program and a
| > | tiny dummy message, and see what the errors look like, and prepare to
| > | handle them. This shall surely show up again.
| > 
| > Are you doing the SMTP transfer yourself, or are you piping to your
| > MTA and letting it deal with it?
|
| TLpost has a loop in it that reads a list variable ('members') and
| sends the prepared message to that member with the smtplib functions.
| Here is that loop:
| 
| server = smtplib.SMTP(localhost)
| for to_addr in members :		# for each address in 'listnamemembers',
| 	# print "to_addr: ", to_addr
| 	# print "from_addr: ", from_addr
| 	# print "msg=" + CRLF, msg
| 	server.sendmail(from_addr, to_addr, msg)	# 400 send envlope and msg!
| 
| # don't delete the above line!
| server.quit()				# then close the connection.

This is ok, and perhaps makes it easier to handle bad addressess.  I
still like using a pipe better and leaving SMTP for the masters (such
as Philip Hazel :-)).

 
| Probably the solution should be something like:
| 
| server = smtplib.SMTP(localhost)
| for to_addr in members :		# for each address in 'listnamemembers',
| 	Try:
| 		# print "to_addr: ", to_addr
| 		# print "from_addr: ", from_addr
| 		# print "msg=" + CRLF, msg
| 		server.sendmail(from_addr, to_addr, msg)	# 400 send envlope and msg!
| 	Except ERROR:foofoofoo
| 	# just skip the bad address for now and continue the loop.
| #
| server.quit()				# then close the connection.
| 
| Any discussion or suggestions

RTFM and see what exceptions can be thrown.  Catch them and print them
out so you know what there is and can figure out how to deal with it :

try :
    <blah>
except Exception , err :
    print err.__class__
    print err
    print dir( err )
    

| > In the former case, read RFC2821 and the source of some MTA and see
| > how to handle errors.  (this is why it is better to simply pipe to
| > your MTA and let it deal with it)
| 
| This can be done 2 ways. One of them is a security problem, and the
| other one is a security FAILURE.
| 
| 1. sendmail calls. We limit recipients per envlope to 10 in the
| sendmail.cf file to limit someone getting an account to do a spam
| run.  TL avoids this by this loop and sending one envlope per
| recipient, I am unsure that direct calls and handing it the list would
| be friendly to the limitation.

What do you mean by "sendmail calls"?  Running sendmail from the
commandline?  The example (psuedo-)code I gave still only puts one
recipient per envelope.

| 2. outbound aliases. Sendmail compiles aliases and recognizes a few
| imbedded commands when doing so. One of these is ':include:'. This is
| the method used by majordomo and some other MLM's. such an aslias
| would be:

Are you using an outbound alias?  I told you not to.  It seems that
you are saying the same thing.  Why do you keep describing them?  Once
we (you) have decided not to use them, forget about them.

| And when something hits this alias, it goes out. FROM ANYONE. Good
| news is sendmail sends it out one envlope per person. There is NO
| input filtering, ANY spammeister can play with your list at will.

So use exim.  It will be easy then to only allow members to post.  And
you can stick spamassassin in the middle to flag spam messages (which
you can do with as you like then).


I think you are not understanding what spamassassin does or why I
think you really want to use it.  It is a program that takes a mail
message on stdin and returns it on stdout.  When it returns it it adds
a couple of headers that you can look for.  These headers tell you
whether or not the message is spam.  How is this helpful?  If the
message is tagged as spam, don't continue delivering it!  It provides
an easy way for you to block spam messages sent to any address.


In fact, I assert that TL is not "secure" right now.  I can send a
message (call is spam) to your list address, and it will be sent to
the list's subscribers.  This is how I get all my spam.  Instead if
you filter the message through a spam detector before relaying it, you
can drop these spam messages and not worry about someone guessing your
alias address.

-D

-- 

He who walks with the wise grows wise,
but a companion of fools suffers harm.
        Proverbs 13:20