On 4/2/19 9:55 AM, Odhiambo Washington wrote: > I have a client who is facing a problem unseen before. > She's been using MS Outlook to send mail to a Newsletter managed by Mailman. > > It's all been good, using Approved:Password as the very first line to send > her newsletters using Outlook - until we added an Exchange account. > Now, when she sends the Newsletter, the below error is returned and the > message rejected by Mailman: > > -----Original Message----- > From: Newsletter [mailto:listname-boun...@lists.domain.name] On Behalf Of > listname-ow...@lists.domain.name > Sent: Tuesday, April 02, 2019 6:48 PM > To: Jane Doe > Subject: Monthly Newsletter > > Message rejected. > It appears that this message contains an HTML part with the > Approved: password line, but due to the way it is coded in the HTML it > can't be safely removed. > ----- End Original Message----
The best way to handle this is to use a real Approved: header rather than a "pseudo-header" as the first body line, but I recognize that many MUAs make it difficult or impossible to do that. If the "Approved: password" line is the first body line of the first text/plain part, Mailman remove it and will attempt to remove it from all other text/* parts using the regexp Approved:(\xA0|\s| )*password If that regexp matches in the text/* part the matching text is removed. If the regexp doesn't match, but does match after stripping all html tags and ignoring line breaks, we conclude we can't remove the match without seriously mangling the text, so we reject the post as above rather than leak the password to the list. > I am debating with myself whether it is necessary to adjust any changes > related to message composition within Outlook, or make a change > within Mailman config to accommodate the issue. A possible Mailman config change is to adjust the list settings so a post without the Approved: header is held. Then post and approve the held post. Depending on how many "non-approved" held posts would result from this, it might be viable, albeit more cumbersome than pre-approval. The message composition changes that would be effective are: 1) Use a real header instead of the first body line, or 2) Compose the message as plain text only rather than multipart/alternative, or 3) Examine the actual message HTML part to see why the pattern can't be removed and possibly alter that. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org