On Friday 29 Mar 2013 00:07:42 Martin Nyhus wrote: > On Tue, 26 Mar 2013 15:25:30 +0000 Matthew Toseland wrote: > > This page gives some Freemail bugs related to running a mailing list. > > The header issue that is mentioned should be fixed by allowing a few > more headers through the filter. I'm guessing the most important one > here is reply-to since using reply all is mentioned, but the other list > headers should also be safe (more details below). > > I'm not sure how to handle the **SPOOFED** issue properly. For now the > easiest thing might be to not check the From header if the sending > identity has been whitelisted by the user. Not a very user friendly > solution, but the only one I can think of right now (except dropping > the check completely).
What does it mean? > > I'm fairly busy at university at the moment, so I can't really promise > anything, but the header filtering is simple enough that I can probably > get it done in between other stuff. I really should release a new > version anyway, so maybe this is a nice reason to get it done :) > > > The list related headers I've found so far: > > Reply-To: > Should be filtered to only allow Freemail addresses to guard against > configuration mishaps leaking the id of the mailing list operator. > Ideally we would also check this on the recipient side to make sure > email clients can't be tricked into replying outside Freenet. > > List-ID: > We can't really do anything about the list name, but the id should > probably be something like name.<list address domain>.freemail. Again > the biggest problem is a list configured in a way that leaks the owners > id. > > List-Archive > List-Help > List-Owner > List-Post > List-Subscribe > List-Unsubscribe: > Putting http links here won't really work reliably I guess since people > don't need to have their node at 127.0.0.1:8888, but mailto links that > point to Freemail addresses can at least be allowed through. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/freemail/attachments/20130329/d1bca086/attachment.pgp>
