aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortkikuchi <>2006-01-14 10:11:19 +0000
committertkikuchi <>2006-01-14 10:11:19 +0000
commit2addaea12bf7f60ae5bb225a372f46f403badf4f (patch)
tree0bc739be28077de46bd9335d64043df633c7f91d
parent0dcb32eac518c64114c4726d2db3cad11bfb8a6f (diff)
downloadmailman2-2addaea12bf7f60ae5bb225a372f46f403badf4f.tar.gz
mailman2-2addaea12bf7f60ae5bb225a372f46f403badf4f.tar.xz
mailman2-2addaea12bf7f60ae5bb225a372f46f403badf4f.zip
SpamDetect.py: Fix loop. As a side effect, spam message may pass the
filter if X-List-Administrivia header is forged.
-rw-r--r--Mailman/Handlers/SpamDetect.py28
1 files changed, 15 insertions, 13 deletions
diff --git a/Mailman/Handlers/SpamDetect.py b/Mailman/Handlers/SpamDetect.py
index 352b18fc..a9c9123b 100644
--- a/Mailman/Handlers/SpamDetect.py
+++ b/Mailman/Handlers/SpamDetect.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -92,8 +92,7 @@ class HeaderGenerator(Generator):
def process(mlist, msg, msgdata):
- if msgdata.get('approved') or msgdata.get('reduced_list_headers'):
- # TK: 'reduced_list_headers' is intenally crafted message (virgin).
+ if msgdata.get('approved'):
return
# First do site hard coded header spam checks
for header, regex in mm_cfg.KNOWN_SPAMMERS:
@@ -103,20 +102,23 @@ def process(mlist, msg, msgdata):
if mo:
# we've detected spam, so throw the message away
raise SpamDetected
+ # Before we go to header_filter_rules, we exclude internally generated
+ # owner notification from checking, because 1) we collect headers from
+ # all the attachments but this will cause matching the filter rule again,
+ # and 2) list owners may want to check header name / value pair like
+ # 'Precedence: bulk' which is also generated by mailman. Both will
+ # cause loop of holding owner notification messages if the action is
+ # set to 'hold'.
+ if msgdata.get('toowner') and msg.get('x-list-administrivia') == 'yes':
+ return
# Now do header_filter_rules
# TK: Collect headers in sub-parts because attachment filename
# extension may be a clue to possible virus/spam.
- if msg.is_multipart():
- headers = ''
- for p in msg.walk():
- g = HeaderGenerator(StringIO())
- g.flatten(p)
- headers += g.header_text()
- else:
- # Only the top level header should be checked.
+ headers = ''
+ for p in msg.walk():
g = HeaderGenerator(StringIO())
- g.flatten(msg)
- headers = g.header_text()
+ g.flatten(p)
+ headers += g.header_text()
# Now reshape headers (remove extra CR and connect multiline).
headers = re.sub('\n+', '\n', headers)
headers = re.sub('\n\s', ' ', headers)