diff options
| -rwxr-xr-x | Mailman/Defaults.py.in | 21 | ||||
| -rw-r--r-- | Mailman/Handlers/Cleanse.py | 23 | ||||
| -rwxr-xr-x | NEWS | 10 |
3 files changed, 54 insertions, 0 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index bb70f497..a7bf31e5 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -983,6 +983,27 @@ USER_FRIENDLY_PASSWORDS = Yes MEMBER_PASSWORD_LENGTH = 8 ADMIN_PASSWORD_LENGTH = 10 +# The following headers are always removed from posts to anonymous lists as +# they can reveal the identity of the poster or at least the poster's domain. +# +# From:, Reply-To:, Sender:, Return-Path:, X-Originating-Email:, Received:, +# Message-ID: and X-Envelope-From:. +# +# In addition, Return-Receipt-To:, Disposition-Notification-To:, +# X-Confirm-Reading-To: and X-Pmrqc: headers are removed from all posts as +# they can be used to fish for list membership in addition to possibly +# revealing sender information. +# +# In addition to the above removals, all other headers except those matching +# regular expressions in the following setting are also removed. The default +# setting below keeps all non X- headers, those X- headers added by Mailman +# and any X-Spam- headers. +ANONYMOUS_LIST_KEEP_HEADERS = ['^(?!x-)', '^x-mailman-', + '^x-content-filtered-by:', '^x-topics:', + '^x-ack:', '^x-beenthere:', + '^x-list-administrivia:', '^x-spam-', + ] + ##### diff --git a/Mailman/Handlers/Cleanse.py b/Mailman/Handlers/Cleanse.py index 9e9dba15..c3e7aa43 100644 --- a/Mailman/Handlers/Cleanse.py +++ b/Mailman/Handlers/Cleanse.py @@ -26,6 +26,25 @@ from Mailman.Utils import unique_message_id from Mailman.Logging.Syslog import syslog from Mailman.Handlers.CookHeaders import uheader +cres = [] +for regexp in mm_cfg.ANONYMOUS_LIST_KEEP_HEADERS: + try: + cres.append(re.compile(regexp, re.IGNORECASE)) + except re.error, e: + syslog('error', + 'ANONYMOUS_LIST_KEEP_HEADERS: ignored bad regexp %s: %s', + regexp, e) + +def remove_nonkeepers(msg): + for hdr in msg.keys(): + keep = False + for cre in cres: + if cre.search(hdr): + keep = True + break + if not keep: + del msg[hdr] + def process(mlist, msg, msgdata): # Always remove this header from any outgoing messages. Be sure to do @@ -54,6 +73,10 @@ def process(mlist, msg, msgdata): # And so can the message-id so replace it. del msg['message-id'] msg['Message-ID'] = unique_message_id(mlist) + # And something sets this + del msg['x-envelope-from'] + # And now remove all but the keepers. + remove_nonkeepers(msg) i18ndesc = str(uheader(mlist, mlist.description, 'From')) msg['From'] = formataddr((i18ndesc, mlist.GetListEmail())) msg['Reply-To'] = mlist.GetListEmail() @@ -7,6 +7,16 @@ Here is a history of user visible changes to Mailman. 2.1.17 (xx-xxx-xxxx) + New Features + + - There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS. Since it + is not possible to know which non-standard headers in a message might + reveal sender information, we now remove all headers from incoming posts + to anonymous lists except those which match regular expressions in this + list. The default setting keeps non X- headers except those known to + reveal sender information, Mailman added X- headers and x-Spam- headers. + See the description in Defaults.py for more information. (LP: #1246039) + Bug Fixes and other patches - Fixed a possible UnicodeDecodeError in bin/sync_members. (LP: #1243343) |