FAQ
I have a mailing list with users subscribed from two particular domains,
call them nice.com and naughty.com. The security czars are naughty.com
have decided that inbound email with naughty.com in the From address
cannot possibly be legitimate so they silently drop the mail.

The result of this is when users from nice.com send email to the list,
everyone gets the message just fine. However, when someone from
naughty.com sends a message, only users at nice.com get the message.

One way around this is to make the list anonymous but that creates the
problem that we don't know who sent the message unless everyone always
remembers to mark the messages either in the subject line or at the end
of the message.

I was looking for a way that we could automatically add the sender's
name or email address to the message to make this more fool-proof. I
would prefer to add it to the subject line to make sorting in the mail
client meaningful but adding it to the message body would be useful too.

BTW, for our setup we are using Mailman 2.1.7 with Exim 4.54 on Gentoo.

Thanks for your help,
Matthew Thompson

Search Discussions

  • Mark Sapiro at Feb 22, 2006 at 3:12 am

    Matthew Thompson wrote:
    I was looking for a way that we could automatically add the sender's
    name or email address to the message to make this more fool-proof. I
    would prefer to add it to the subject line to make sorting in the mail
    client meaningful but adding it to the message body would be useful too.

    You will have to modify code to make this happen.

    I have several ideas about how this could be done, but perhaps the most
    interesting to me is not to make the list anonymous, but to mung the
    address in From:. Exactly how to design this depends on what
    naughty.com looks at/for.

    Does it care about Reply-To:? It would be cool if it didn't. You could
    mung the address in From: replacing '@' with ' at ' and '.' with
    ' dot ' or whatever works. Now, if there's already a Reply-To:, you're
    done because reply would go there anyway. If there isn't a Reply-To:,
    you add one with the original From: address.

    If it cares about Reply-To:, you probably have to strip it (a current
    list option), and people will have to edit the addresses in their
    replies so this is not nearly as viable.

    Also, even in the first case, you'll probably run into MUA's that want
    to reply to the To: and the Cc: and the From: and the Reply-To: on a
    'reply all', so the From: will have to be edited out in those cases.

    The logical place to do all this is Mailman/Handlers/CookHeaders.py.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Stephen J. Turnbull at Feb 23, 2006 at 4:48 am
    "Mark" == Mark Sapiro <msapiro at value.net> writes:
    Mark> The logical place to do all this is
    Mark> Mailman/Handlers/CookHeaders.py.

    I don't understand this recommendation. Why not use a separate
    Handler in either the global pipeline (if it's an organizational
    installation) or the list-specific pipeline?

    --
    School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
    University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
    Ask not how you can "do" free software business;
    ask what your business can "do for" free software.
  • Mark Sapiro at Feb 23, 2006 at 5:09 am

    Stephen J. Turnbull wrote:

    "Mark" == Mark Sapiro <msapiro at value.net> writes:
    Mark> The logical place to do all this is
    Mark> Mailman/Handlers/CookHeaders.py.

    I don't understand this recommendation. Why not use a separate
    Handler in either the global pipeline (if it's an organizational
    installation) or the list-specific pipeline?
    Actually, you are correct Stephen. I was thinking in terms of existing
    handlers, but a separate handler that could be inserted in the global
    pipeline in mm_cfg.py or in a list specific pipeline is a much better
    idea since it would persist across updates.

    Thanks for the correction.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Stephen J. Turnbull at Feb 22, 2006 at 5:35 am
    "Matthew" == Matthew Thompson <thompson at bwcoe.com> writes:
    Matthew> I have a mailing list with users subscribed from two
    Matthew> particular domains, call them nice.com and naughty.com.
    Matthew> The security czars are naughty.com have decided that
    Matthew> inbound email with naughty.com in the From address cannot
    Matthew> possibly be legitimate so they silently drop the mail.

    "Mr. Foot, meet Mr. Bullet." Make sure you cash any checks from
    naughty.com immediately; one gets the feeling they're not going to be
    around for very long.

    Matthew> One way around this is to make the list anonymous but
    Matthew> that creates the problem that we don't know who sent the
    Matthew> message unless everyone always remembers to mark the
    Matthew> messages either in the subject line or at the end of the
    Matthew> message.

    Why not simply change all instances of @naughty.com in the author
    headers to @naughty.invalid or @censored.invalid or something like
    that? It's easy enough to create a custom Handler to do that kind of
    thing, and should be safe, too. Since you're going to have to modify
    Mailman in any case, I believe, this is the least intrusive way to do
    it.

    If the answer is "that would work for us", then I'll look at doing the
    coding and documenting the installation process, unless somebody beats
    me to it. :-) Gotta run....

    --
    School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
    University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
    Ask not how you can "do" free software business;
    ask what your business can "do for" free software.
  • Matthew Thompson at Feb 22, 2006 at 4:59 pm
    I haven't had time to sit and poke at the offending mail server to see
    if they react to the reply to: or the from: header. I'll have to mess
    with that this weekend when traffic is lower on lour lists.
    On Wed, 2006-02-22 at 14:35 +0900, Stephen J. Turnbull wrote:
    "Matthew" == Matthew Thompson <thompson at bwcoe.com> writes:
    Matthew> I have a mailing list with users subscribed from two
    Matthew> particular domains, call them nice.com and naughty.com.
    Matthew> The security czars are naughty.com have decided that
    Matthew> inbound email with naughty.com in the From address cannot
    Matthew> possibly be legitimate so they silently drop the mail.

    "Mr. Foot, meet Mr. Bullet." Make sure you cash any checks from
    naughty.com immediately; one gets the feeling they're not going to be
    around for very long.
    I can't believe they are doing this either but unless someone invents a
    machine capable of perpetual motion in the next couple of years, I'll
    probably still have a job. ;)
    Matthew> One way around this is to make the list anonymous but
    Matthew> that creates the problem that we don't know who sent the
    Matthew> message unless everyone always remembers to mark the
    Matthew> messages either in the subject line or at the end of the
    Matthew> message.

    Why not simply change all instances of @naughty.com in the author
    headers to @naughty.invalid or @censored.invalid or something like
    that? It's easy enough to create a custom Handler to do that kind of
    thing, and should be safe, too. Since you're going to have to modify
    Mailman in any case, I believe, this is the least intrusive way to do
    it.
    This would probably work for us. I was throwing this out to the list to
    see what other approaches existed than the ideas I had. It didn't occur
    to me to just obscure the domain name. I'd be happy to help out with
    either the coding or testing if you need the help.


    Thanks for the great suggestions all.

    -Matt
  • John W. Baxter at Feb 22, 2006 at 9:34 pm

    On 2/21/06 3:27 PM, "Matthew Thompson" wrote:

    I have a mailing list with users subscribed from two particular domains,
    call them nice.com and naughty.com. The security czars are naughty.com
    have decided that inbound email with naughty.com in the From address
    cannot possibly be legitimate so they silently drop the mail.

    The result of this is when users from nice.com send email to the list,
    everyone gets the message just fine. However, when someone from
    naughty.com sends a message, only users at nice.com get the message.

    One way around this is to make the list anonymous but that creates the
    problem that we don't know who sent the message unless everyone always
    remembers to mark the messages either in the subject line or at the end
    of the message.
    You know your institutional requirements and I don't. However, I don't
    think I would do anything to accommodate naughty.com's users. Let them use
    an address elsewhere for dealing with your mailing list.

    --John the Churl
  • John W. Baxter at Feb 22, 2006 at 9:48 pm

    On 2/21/06 3:27 PM, "Matthew Thompson" wrote:

    I have a mailing list with users subscribed from two particular domains,
    call them nice.com and naughty.com.
    By the way, almost any domain whose name one invents for purposes like this
    exists.

    nice.com has existed since 1992 (or earlier), and naughty.com since 1996
    (or earlier).

    --John

    [Not to mention at.com since 1993 and atdot.com since 1998.]

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedFeb 21, '06 at 11:27p
activeFeb 23, '06 at 5:09a
posts8
users4
websitelist.org

People

Translate

site design / logo © 2022 Grokbase