Re: [Mailman-Users] Accessing archives [was: Non-subscribers defeating ...]

2009-07-07 Thread Stephen J. Turnbull 
Mark Sapiro writes:

 > > Mark Sapiro writes:

 > > Urk!  That doesn't sound like a good thing to me, however convenient
 > > it may be in situations like this.
 > 
 > You do have to log in as you would for any private archive access.

 > There is little in the LIST.mbox file which is not also in the HTML
 > archive itself or the periodic *.txt and/or *.txt.gz files - mostly
 > only additional headers.

Doesn't it have the raw headers, though?  If you have anonymized
archives, wouldn't this allow people with the password access to real
addresses?

I can imagine situations (such as victims of domestic or sexual
violence) where "double blind" (list admins themselves as well as
participants have no access to such information) would be desirable.
Of course you still have the site admin, but site admins are always a
weak point, as the various cases involving anonymizers have shown.
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Rewriting or identifying late bounces

2009-07-07 Thread Mark Sapiro 

Stefan Förster wrote:
>
> some of my list members have a mail address like recipi...@example.com
> - nothing special about that. When mail is delivered to their address,
> their ISPs mail server rewrite the address internally to
> recipi...@intern.example.com and try to deliver them to the users
> mailbox. If for any reason, e.g. quota, this fails, a NDR/DSN is sent
> with the new name:
>
[...]
> X-Failed-Recipients: recipi...@intern.example.com
> Auto-Submitted: auto-replied
> From: Mail Delivery System 
> To: invalidlist-boun...@lists.incertum.net
> Subject: Mail delivery failed: returning message to sender
> Message-Id: 
> Date: Tue, 07 Jul 2009 23:09:53 +0200
> X-purgate-ID: 149285::1247000993-22A6-9D72E1E7/0-0/0-18
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
>   save to inbox
> generated by recipi...@intern.example.com
> mailbox is full: retry timeout exceeded
>
> Is there any way to rewrite those addresses or to help Mailman
> identify those bounces correctly?
>
> And yes, this a pretty stupid thing to do on their ISPs part...


Mailman has a whole host of heuristic recognizers for non-compliant DSNs,
but it doesn't try to guess if a non-member bouncing address might be a
munged version of a member address.

The 'best' solution for recognizing original recipients of bounced
messages is Mailman's VERP like capability. This puts the original
recipient's address in the envelope sender address so the envelope in this
case is from invalidlist-bounces+recipient=example@lists.incertum.net.
When the bounce is returned to that address, the MTA delivers it to the
list-bounces address and Mailman recognizes the original recipient as
recipi...@example.com from the envelope recipient of the DSN.

The cost of this approach is that Mailman has to send an individual
message to the outgoing MTA for each recipient.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] Rewriting or identifying late bounces

2009-07-07 Thread Stefan Förster 
Hello world,

some of my list members have a mail address like recipi...@example.com
- nothing special about that. When mail is delivered to their address,
their ISPs mail server rewrite the address internally to
recipi...@intern.example.com and try to deliver them to the users
mailbox. If for any reason, e.g. quota, this fails, a NDR/DSN is sent
with the new name:

Received: from mout3.example.com (mout3.example.com [195.4.92.93])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.incertum.net (Postfix) with ESMTPS
for ; Tue,  7 Jul 2009 23:09:54 
+0200 (CEST)
Received: from [195.4.92.10] (helo=0.mx.example.com)
by mout3.example.com with esmtpa (ID exim) (port 25) (Exim 4.69 #92)
id 1MOHvF-000306-UO
for invalidlist-boun...@lists.incertum.net; Tue, 07 Jul 2009 23:09:53 +0200
Received: from mbox134.example.com ([195.4.93.134]:43037)
by 0.mx.example.com with esmtpa (ID exim) (port 25) (Exim 4.69 #79)
id 1MOHvF-0001Qz-H2
for invalidlist-boun...@lists.incertum.net; Tue, 07 Jul 2009 23:09:53 +0200
Received: from exim by mbox134.example.com with local (Exim 4.69 #91)
id 1MOHvF-0007qp-Dc
for invalidlist-boun...@lists.incertum.net; Tue, 07 Jul 2009 23:09:53 +0200
X-Failed-Recipients: recipi...@intern.example.com
Auto-Submitted: auto-replied
From: Mail Delivery System 
To: invalidlist-boun...@lists.incertum.net
Subject: Mail delivery failed: returning message to sender
Message-Id: 
Date: Tue, 07 Jul 2009 23:09:53 +0200
X-purgate-ID: 149285::1247000993-22A6-9D72E1E7/0-0/0-18

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  save to inbox
generated by recipi...@intern.example.com
mailbox is full: retry timeout exceeded

Is there any way to rewrite those addresses or to help Mailman
identify those bounces correctly?

And yes, this a pretty stupid thing to do on their ISPs part...


Ciao
Stefan
-- 
Stefan Förster http://www.incertum.net/ Public Key: 0xBBE2A9E9
You're here because you know something...you can't explain but you feel it...
that there's something wrong with the world.
--Morpheus, from The Matrix
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Accessing archives [was: Non-subscribers defeating ...]

2009-07-07 Thread Mark Sapiro 

Stephen J. Turnbull wrote:
> Mark Sapiro writes:
>
>  > If you don't have direct access to the file on host, you can get it via
>  > the web with a URL like
>  > . This
> works
>  > whether the archive is private or public.
>
> Urk!  That doesn't sound like a good thing to me, however convenient
> it may be in situations like this.


You do have to log in as you would for any private archive access. There
is little in the LIST.mbox file which is not also in the HTML archive
itself or the periodic *.txt and/or *.txt.gz files - mostly only
additional headers.

The site has an option to expose this URL or an equivalent public one in
the case of a public archive. In my view, the main reason for not doing so
is the bandwidth impact for large archives.

I could well be overlooking something, but I don't see this as a security
problem.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] Accessing archives [was: Non-subscribers defeating ...]

2009-07-07 Thread Stephen J. Turnbull 
Mark Sapiro writes:

 > If you don't have direct access to the file on host, you can get it via
 > the web with a URL like
 > . This works
 > whether the archive is private or public.

Urk!  That doesn't sound like a good thing to me, however convenient
it may be in situations like this.

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9