[Mailman-Users] non-subscriber managed to post to a subscriber only list
Mark Sapiro
mark at msapiro.net
Tue Jan 27 01:05:02 CET 2009
Lindsay Haisley wrote:
>On Mon, 2009-01-26 at 14:34 -0700, Steve Lindemann wrote:
>> would mailman remove it from the header for
>> final delivery to the list members?
>
>Yes, absolutely. Not only in the text/plain part but in every part of a
>multipart message in which it occurs. Otherwise it would be the
>equivalent of serving up your list security on a silver platter to the
>world and passing out carving knives :(
As a point of clarification, if the Approved: header is a message
header, it will be removed.
In order to accommodate those who have difficulty adding arbitrary real
headers to messages, the Approved: header can be added as a
pseudo-header as the first non-blank line of the first text/plain part
of the message. If it is found there, it is also looked for in and
removed from other text/* parts of the message.
Some caveats are:
If a pseudo-header is not in the first text/plain part (e.g. the
message is html only), it won't be found or removed, but presumably
there was a need for the message to be pre-approved, so it won't go to
the list.
The removal of the pseudo-header from html and or subsequent parts is a
best effort, not a guarantee. It is possible that the header will be
sufficiently garbled with additional html tags or entities or other
rich text artifacts, that it won't be found.
The moral is if at all possible, use a real header. If you have to use
a pseudo header, post a text/plain only message or remove non-text
plain parts with content filtering.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list