[Mailman-Users] FW: Unexpected Mailman error

Brad Knowles brad.knowles at skynet.be
Thu Jun 10 20:01:35 CEST 2004 

At 10:48 AM -0700 2004-06-10, Sandra Hansen wrote:

>                                  Somehow messages have been distributed
>  to our 800+ subscribers containing an attachment with the Bagle virus. I
>  am running MailMan 2.0.11. We ARE seeking an administrator with Unix
>  experience to upgrade our MailMan system. Meanwhile, I'm struggling with
>  the problem. I CANNOT find any place in MailMan to block all
>  attachments.

	See 
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.008.htp> 
and 
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.013.htp>.

>                                                                     My
>  ISP is recommending an upgrade from SendMail 8.11.x to SendMail 8.12
>  which appears to incorporate MIMEDefang.

	So far as I know, MIMEDefang is not incorporated by default with 
sendmail 8.12.  You can choose to incorporate MIMEDefang with 
sendmail if you like (or most any other MTA, if you prefer something 
other than sendmail), but this is not done by default.

	It might be simplest to upgrade to Mailman 2.1.x, which provides 
some MIME handling features which could be used to strip most types 
of attachments.

>  Meanwhile, I have received the following MailMan error message. Is it
>  related to whatever is allowing postings to go out without moderation?
>  How do I implement a fix? I have exchanged xxx in the following message
>  for the actual strings, having list and domain names--
>
>  -----Original Message-----
>  From: xxx-owner at xxx.org [mailto: (me)] On Behalf Of xxx-admin at xxx.org
>  Sent: Thursday, June 10, 2004 7:27 AM
>  To: xxx-admin at xxx.org
>  Subject: Unexpected Mailman error
>
>
>  An unexpected Mailman error has occurred in
>  MailCommandHandler.ParseMailCommands().  Here is the traceback:
>
>  Traceback (most recent call last):
>    File "/usr/home/xxx/usr/local/mailman/Mailman/MailCommandHandler.py",
>  line 223, in ParseMailCommands
>      self.__dispatch[cmd](args, line, msg)
>    File "/usr/home/xxx/usr/local/mailman/Mailman/MailCommandHandler.py",
>  line 665, in ProcessHelpCmd
>      {'listname'    : self.real_name,
>    File "/usr/home/xxx/usr/local/mailman/Mailman/Utils.py", line 503, in
>  maketext
>      text = template % SafeDict(dict)
>  ValueError: incomplete format key

	I'm not sure what this error message means.

	However, until you get some sort of method of protecting your 
subscribers against malicious attachments being sent via the mailing 
list, I would urge you to *not* allow any messages to go through 
un-moderated.


	Trust me, if you allow messages to go out un-moderated, once one 
user gets infected with a virus/worm like Bagle, your problem could 
explode by many orders of magnitude.  You do *not* want your problem 
to become 800+ users mailing out copies of Bagle to all of the other 
800+ subscribers, and each time a person gets re-infected, they 
re-mail out the same virus to all the other 800+ subscribers.

	Talk about a serious melt-down.  Yowch!

-- 
Brad Knowles, <brad.knowles at skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list