Anonymous lists can expose the sending domain.
Bug #1444673 reported by
Mark Sapiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro |
Bug Description
Headers DKIM-Signature:, DomainKey-
Related branches
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
milestone: | 2.1.21 → 2.1.21rc1 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
There is a work around for Mailman 2.1.17 and newer (older versions don't have ANONYMOUS_ LIST_KEEP_ HEADERS) . Copy ANONYMOUS_ LIST_KEEP_ HEADERS from Defaults.py to mm_cfg.py if it's not already there. You will then have something like the following (possibly edited by you already).
ANONYMOUS_ LIST_KEEP_ HEADERS = ['^(?!x-)', '^x-mailman-',
'^x- content- filtered- by:', '^x-topics:',
'^x- ack:', '^x-beenthere:',
'^x- list-administri via:', '^x-spam-',
]
In this list, replace the first line with
ANONYMOUS_ LIST_KEEP_ HEADERS = [
'^((? !x-)(?! dkim)(? !authentication )(?!domainkey) )',
'^x-mailman- ',
and keep the next 4 lines as is. I.e., you are just replacing '^(?!x-)' with '^((?!x- )(?!dkim) (?!authenticati on)(?!domainkey ))'