[Mailman-Users] Personal patch

2012-06-17 Thread Lindsay Haisley 
Can someone give me some feedback on the following patch to
SMTPDirect.py - whatever I've overlooked, or done that might be
dangerous?

The purpose of this patch is to insert a header, X-subdata into VERPed
emails which won't be flagged and redacted by AOL's brain-dead Email
Feedback Report system, and will continue to allow my local scripts to
unsubscribe subscribers who hit the Report Spam button on their AOL
mail UI.

The content of the header is an MD5 hash of the receiving subscriber's
email address - the same information contained in the Sender and
Return-path headers, normally munged (redacted) by AOL.  The hope is
that this hash will address AOL's privacy concerns, and/or else fall
beneath the intelligence level of their scrutiny.

The address hash can be compared against the list of subscribers to the
list, identified in several (improperly redacted or un-redacted)
headers.

I'm not submitting this as a suggested patch for Mailman, but just
asking for some feedback from people who know the code better than I do.

--- SMTPDirect.py.orig  2012-06-17 17:16:25.0 -0500
+++ SMTPDirect.py   2012-06-17 21:17:25.0 -0500
@@ -43,6 +43,8 @@
 from email.Utils import formataddr
 from email.Header import Header
 from email.Charset import Charset
+from md5crypt import md5crypt
+from random import choice
 
 DOT = '.'
 
@@ -307,6 +309,9 @@
  'host'   : DOT.join(rdomain),
  }
 envsender = '%s@%s' % ((mm_cfg.VERP_FORMAT % d), DOT.join(bdomain))
+saltmarsh = 
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrsyuvwxyz1234567890./
+if not msgdata.has_key(X-subdata):
+msgcopy[X-Subdata] = md5crypt(rmailbox + @ + 
DOT.join(rdomain), choice(saltmarsh) + choice(saltmarsh)) 
 if mlist.personalize == 2:
 # When fully personalizing, we want the To address to point to the
 # recipient, not to the mailing list


--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Personal patch

2012-06-17 Thread Mark Sapiro 
Lindsay Haisley wrote:

Can someone give me some feedback on the following patch to
SMTPDirect.py - whatever I've overlooked, or done that might be
dangerous?
[...]
--- SMTPDirect.py.orig 2012-06-17 17:16:25.0 -0500
+++ SMTPDirect.py  2012-06-17 21:17:25.0 -0500
@@ -43,6 +43,8 @@
 from email.Utils import formataddr
 from email.Header import Header
 from email.Charset import Charset
+from md5crypt import md5crypt
+from random import choice
 
 DOT = '.'
 
@@ -307,6 +309,9 @@
  'host'   : DOT.join(rdomain),
  }
 envsender = '%s@%s' % ((mm_cfg.VERP_FORMAT % d), 
 DOT.join(bdomain))
+saltmarsh = 
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrsyuvwxyz1234567890./
+if not msgdata.has_key(X-subdata):
+msgcopy[X-Subdata] = md5crypt(rmailbox + @ + 
DOT.join(rdomain), choice(saltmarsh) + choice(saltmarsh)) 


rmailbox + @ + DOT.join(rdomain)

just does the inverse of 

rmailbox, rdomain = Utils.ParseEmail(recip)

So why not just make the above

+msgcopy[X-Subdata] = md5crypt(recip, choice(saltmarsh) + 
choice(saltmarsh)) 


Other than that, it looks OK assuming there is an appropriate md5crypt
module in Mailman's path.

-- 
Mark Sapiro m...@msapiro.netThe highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org