aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Utils.py (unfollow)
Commit message (Expand)AuthorFilesLines
2018-06-11Support for verifying subscriber domains against the Spamhaus DBLJim Popovitch1-0/+22
2018-06-06Improved logging of security related eventsJim Popovitch1-1/+5
2018-06-05Extend BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE for IPv6.Mark Sapiro1-7/+21
2018-06-04Restrict Spamhaus ZEN hits to SBL, CSS and XBL.Mark Sapiro1-1/+1
2018-06-04Added BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE FeatureMark Sapiro1-0/+21
2018-03-08Added a few more badword checks to Utils.suspiciousHTML().Mark Sapiro1-4/+27
2017-10-26Updated i18n in preparation for 2.1.25 release.Mark Sapiro1-2/+2
2017-10-07Improved DMARC testing for domains with DNSSEC validation problems.Mark Sapiro1-2/+14
2017-05-24Changed member_verbosity_threshold from a >= test to a strictly > test.Mark Sapiro1-2/+2
2017-03-30Fixed unexploitable XSS attach via crafted HTTP Host: header.Mark Sapiro1-1/+1
2016-10-29Fixed a typo and deleted an unreferenced assignment.Mark Sapiro1-5/+2
2016-07-14Match header_filter_rules as normalized unicodes.Mark Sapiro1-0/+31
2016-05-04Allow DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to be None or the null string.Mark Sapiro1-0/+2
2016-04-09Use rfind rather than find to find '@' for domain splitting.Mark Sapiro1-1/+2
2016-04-09Honor an organizational domain's DMARC sp= policy for sub-domains.Mark Sapiro1-5/+14
2016-03-06Better logging of DMARC lookup DNS exceptions.Mark Sapiro1-1/+1
2016-02-26Minor documentation clean up.Mark Sapiro1-4/+5
2016-02-25Lower case domains for the Organizational Domain fix.Mark Sapiro1-3/+3
2016-02-25Further refactoring of the Organizational Domain fix.Mark Sapiro1-2/+1
2016-02-25Refactored OrganizationalDomain fix.Mark Sapiro1-17/+81
2016-02-24If DMARC lookup fails to find a policy, also try the Organizational Domain.Mark Sapiro1-4/+25
2016-02-02Added dmarc_non_moderation_action to list settings.Mark Sapiro1-0/+9
2015-11-04Improvements based on feedback from Mark Sapirojimpop@template.hostname1-5/+3
2015-11-04Removed 2 development debugging linesjimpop@template.hostname1-5/+0
2015-11-04Auto-Moderate Verbose Membersjimpop@template.hostname1-0/+26
2015-09-16Defended against a user submitting URLs with query fragments or POSTMark Sapiro1-0/+16
2015-06-23Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch1-1/+5
2015-05-01The vette log entry for DMARC policy hits now contains the list name.Mark Sapiro1-4/+4
2015-03-27Fix for path traversal vulnerability.Mark Sapiro1-0/+6
2015-01-23Implemented the equivalent domains feature for list posting/moderation.Mark Sapiro1-0/+34
2015-01-22A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro1-1/+57
2014-09-21The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro1-0/+5
2014-05-29If checking DNS for dmarc_moderation_action and DNS lookup is notMark Sapiro1-1/+5
2014-05-02Make dmarc_quarantine_moderaction_action a list setting.Mark Sapiro1-3/+2
2014-05-02More fine tuning of dmarc_moderation_action.Mark Sapiro1-8/+8
2014-04-19The new Utils.IsDMARCProhibited() used collections.defaultdict whichMark Sapiro1-3/+2
2013-12-06Fixed email address validation to do a bit better in obscure cases.Mark Sapiro1-3/+4
2013-11-08Added suuport for p=quarantine based on feedback from Franck Martin.Jim Popovitch1-0/+5
2013-10-20Incorporated some feedback from Mark S.Jim Popovitch1-1/+1
2013-03-18Handle CNAMEs when chasing DMARC TXT records.Phil Pennock1-5/+44
2013-03-03Hold/Reject/Discard moderation support for Senders with a DMARC p=reject policyJim Popovitch1-0/+39
2011-11-13Strengthened the validation of email addresses.Mark Sapiro1-8/+3
2011-09-15Strengthened the validation of email address domains.Mark Sapiro1-0/+6
2011-05-01Made the web escaping of additional characters a configuration setting.Mark Sapiro1-12/+6
2011-04-26Yet another change to the broken browser HTML escaping.Mark Sapiro1-1/+2
2011-04-26Don't try converting non-ascii to HTML entities in unicode.Mark Sapiro1-2/+5
2011-04-25Strengthened escaping of user web data by including some characters thatMark Sapiro1-0/+8
2011-03-21Changed the maximum number of arguments for the who command to beMark Sapiro1-2/+2
2010-09-09Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro1-93/+94
2009-08-01XSS protection in the web interface went too far in escaping HTMLMark Sapiro1-1/+3