[Mailman-Users] How hard is it to spoof an email?
Mark Sapiro
msapiro at value.net
Sun Jan 29 23:59:21 CET 2006
JC Dill wrote:
>
>I just updated the announcement list FAQ:
>
><http://www.python.org/cgi-bin/faqw-mm.py?query=approved+header&querytype=simple&casefold=yes&req=search>
>
>to include:
>
<snip>
Thanks JC
>I don't know how HTML formatting and other email client oddities may
>affect using the approved header in the first line of your post so I
>can't be certain that this will work perfectly for you on your first
>try.
In Mailman 2.1.6 and earlier, the Approved: line was only found and
removed if it was the first non-blank line in the first text/plain
part of the post (and the line following was removed too.). If the
post was multipart/alternative with say a text/plain part and a
text/html part, the Approved: line would only be removed from the
text/plain part. Thus, if the text/html part was not removed by
content filtering, the Approved: line would go to the list in the
text/html part.
Beginning in Mailman 2.1.7, this has been improved. An Approved: body
line must still be the first non-blank line in the first text/plain
part. Thus, you still can't post an html only message with an
Approved: body line. However, the line following the Approved: line is
no longer removed so it is no longer necessary to follow it with a
blank line. Also, once the Approved: line is found in the first
text/plain part, an attempt is made to remove it from every text/*
part in the post.
I say 'attempt' because while I'm sure it will be removed from a
text/html part, I'm not so sure that the pattern I use to find it will
match in a text/enriched, text/rtf, text/richtext or similar
alternative part. Thus, testing on a small test list is always a good
idea.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list