From 15fe2d6a451d42c11941abfc8db931a4cb100530 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Fri, 5 Aug 2022 09:19:46 +0200 Subject: add writeup of the implicit moderation bug --- wiki/mailman.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 wiki/mailman.md (limited to 'wiki') diff --git a/wiki/mailman.md b/wiki/mailman.md new file mode 100644 index 0000000..c9b5c2b --- /dev/null +++ b/wiki/mailman.md @@ -0,0 +1,48 @@ +# Mailman notes + +We're running Mailman 3 from Debian package version 3.3.3-1 (as of 2022-08-05). + + +## Implicit destination + +Some emails end up in moderation when sending to a list with the +default setting of not allowing postings without the list address +explicitly set in To: or CC: ("Require Explicit Destination"). Here's +an example of a destination header which triggers this: + + To: "12 45678901234567890123456789012345678901 3456789012345678901234 678901234" + +The following examples do _not_ trigger moderation: + + To: "spaces and parentheses (do they matter?) and whatnot " + To: 1234567890123456789012345678901234567890123456789012345678901234567890123456 + To: "12345678901234567890123456789012345678901234567890123456789012345678901234" + +Let's call the two parts "fullname" and "address". Moderation is +triggered when the fullname part is both long enough (76 characters is +enough while 60 is not) and contains space(s) (3 are enough). + +This is handled in `mailman/src/mailman/rules/implicit_dest.py`: + +``` + for header in ('to', 'cc', 'resent-to', 'resent-cc'): + for fullname, address in getaddresses(msg.get_all(header, [])): + if isinstance(address, bytes): + address = address.decode('ascii') + address = address.lower() + if address in aliases: + return False + recipients.add(address) +``` + +At least it doesn't seem like it's getaddresses() which gets it wrong. +``` +linus@madvise:~$ python3 +Python 3.9.2 (default, Feb 28 2021, 17:03:44) +[GCC 10.2.1 20210110] on linux +Type "help", "copyright", "credits" or "license" for more information. +>>> import email.utils +>>> s='To: "12 45678901234567890123456789012345678901 3456789012345678901234 678901234" ' +>>> email.utils.getaddresses([s]) +[('12 45678901234567890123456789012345678901 3456789012345678901234 678901234', 'testing@lists.sigsum.org')] +``` -- cgit v1.2.3