[Bug 1444673] Re: Anonymous lists can expose the sending domain.
Mark Sapiro
mark at msapiro.net
Wed Apr 15 21:58:42 CEST 2015
There is a work around for Mailman 2.1.17 and newer (older versions
don't have ANONYMOUS_LIST_KEEP_HEADERS). Copy
ANONYMOUS_LIST_KEEP_HEADERS from Defaults.py to mm_cfg.py if it's not
already there. You will then have something like the following (possibly
edited by you already).
ANONYMOUS_LIST_KEEP_HEADERS = ['^(?!x-)', '^x-mailman-',
'^x-content-filtered-by:', '^x-topics:',
'^x-ack:', '^x-beenthere:',
'^x-list-administrivia:', '^x-spam-',
]
In this list, replace the first line with
ANONYMOUS_LIST_KEEP_HEADERS = [
'^((?!x-)(?!dkim)(?!authentication)(?!domainkey))',
'^x-mailman-',
and keep the next 4 lines as is. I.e., you are just replacing '^(?!x-)'
with '^((?!x-)(?!dkim)(?!authentication)(?!domainkey))'
** Description changed:
- Headers DKIM-Signature:, DomainKey-Signature: and Authentication-Results
- are not removed by default from mail to an anonymous list. These headers
- can reveal the sending domain.
+ Headers DKIM-Signature:, DomainKey-Signature: and Authentication-
+ Results: are not removed by default from mail to an anonymous list.
+ These headers can reveal the sending domain.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1444673
Title:
Anonymous lists can expose the sending domain.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1444673/+subscriptions
More information about the Mailman-coders
mailing list