List Options change of address accepts mailto:
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro | ||
Bug Description
One of my users changed their subscription address by copying and pasting
in List Options, and accidentally included the mailto: protocol. While
they received messages at their new address, they were not recognised as
subscribers when attempting to send.
Testing this, I find that the Mass Subscription page strips mailto: and
subscribes the proper address.
**The normal deletion tools fail to operate on the invalid address**:
Membership list unsub checkbox;
Mass Removal page;
Command Line remove_members
- all fail to remove an address with mailto:
remove_members produces the following error for the example address
mailto:
-----
Traceback (most recent call last):
File "/usr/sbin/
main()
File "/usr/sbin/
admin_notif, userack)
File "/usr/lib/
ApprovedDeleteM
self.
File "/usr/lib/
removeMember
self.
File "/usr/lib/
__assertIsMember
raise Errors.
Mailman.
-----
- indicating (I think) that the search function fails because it doesn't
include mailto: as part of the address.
There *is* a workaround: clone_member -r will delete the invalid address.
(Using clone_member without -r successfully creates a new valid
subscription, e.g. testaddress@server - but this then will be deleted by
any of the above tools rather than "mailto:
However, the main problem here is that mailto: is accepted by the List
Options page change of address mechanism. Hopefully it would not be too
hard to adapt the filtering used on the Mass Subscription page?
[http://
| Mark Sapiro (msapiro) wrote | #1 |
| Mark Sapiro (msapiro) wrote | #2 |
| Changed in mailman: | |
| status: | Confirmed → Fix Released |
Originator: NO
Wow, is this a can of worms.
Actually, mailto:<email address hidden> should be a valid email address although
it should be quoted as "mailto:<email address hidden> because it contains a
colon.
However, as you have observed, there are multiple problems with this in
Mailman.
Note that in addition to your clone_member workaround, the withlist method
described at
<http://
also work to remove the address.
Most of the command line tools don't work, because they use the Python
email.Utils.
address, and this returns various things depending on exactly how the
address is presented. E.g. email.Utils.
returns '<email address hidden>' which is why mass subscribe "works", but
email.Utils.
Also, MTAs get involved. In my test with Postfix, Mailman sent the
confirmation to mailto:<email address hidden> with an envelope from
list-bounces+
to <email address hidden> and <email address hidden> respectively. If it
weren't for this, the confirmation couldn't be received in the first place
and the change couldn't be confirmed.
Anyway, it needs to be fixed. Since there should not be any colon (or
several other characters) in unquoted local parts, I'll check explicitly
for that in Mailman.
validate email addresses.