aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Utils.py (follow)
Commit message (Expand)AuthorAgeFilesLines
* Extend BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE for IPv6.Mark Sapiro2018-06-051-7/+21
* Restrict Spamhaus ZEN hits to SBL, CSS and XBL.Mark Sapiro2018-06-041-1/+1
* Added BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE FeatureMark Sapiro2018-06-041-0/+21
* Added a few more badword checks to Utils.suspiciousHTML().Mark Sapiro2018-03-081-4/+27
* Updated i18n in preparation for 2.1.25 release.Mark Sapiro2017-10-261-2/+2
* Improved DMARC testing for domains with DNSSEC validation problems.Mark Sapiro2017-10-071-2/+14
* Changed member_verbosity_threshold from a >= test to a strictly > test.Mark Sapiro2017-05-241-2/+2
* Fixed unexploitable XSS attach via crafted HTTP Host: header.Mark Sapiro2017-03-301-1/+1
* Fixed a typo and deleted an unreferenced assignment.Mark Sapiro2016-10-291-5/+2
* Match header_filter_rules as normalized unicodes.Mark Sapiro2016-07-141-0/+31
* Allow DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to be None or the null string.Mark Sapiro2016-05-041-0/+2
* Use rfind rather than find to find '@' for domain splitting.Mark Sapiro2016-04-091-1/+2
* Honor an organizational domain's DMARC sp= policy for sub-domains.Mark Sapiro2016-04-091-5/+14
* Better logging of DMARC lookup DNS exceptions.Mark Sapiro2016-03-061-1/+1
* Minor documentation clean up.Mark Sapiro2016-02-261-4/+5
* Lower case domains for the Organizational Domain fix.Mark Sapiro2016-02-251-3/+3
* Further refactoring of the Organizational Domain fix.Mark Sapiro2016-02-251-2/+1
* Refactored OrganizationalDomain fix.Mark Sapiro2016-02-251-17/+81
* If DMARC lookup fails to find a policy, also try the Organizational Domain.Mark Sapiro2016-02-241-4/+25
* Added dmarc_non_moderation_action to list settings.Mark Sapiro2016-02-021-0/+9
* Merged and tweaked Jim P's mailman-auto-mod-verbose-members branch.Mark Sapiro2016-01-181-1/+48
|\
| * Improvements based on feedback from Mark Sapirojimpop@template.hostname2015-11-041-5/+3
| * Removed 2 development debugging linesjimpop@template.hostname2015-11-041-5/+0
| * Auto-Moderate Verbose Membersjimpop@template.hostname2015-11-041-0/+26
|/
* Defended against a user submitting URLs with query fragments or POSTMark Sapiro2015-09-161-0/+16
* Improved identification of remote clients coming via a proxy server.Mark Sapiro2015-06-231-1/+8
|\
| * Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-231-1/+5
|/
* The vette log entry for DMARC policy hits now contains the list name.Mark Sapiro2015-05-011-4/+4
* Fix for path traversal vulnerability.Mark Sapiro2015-03-271-0/+6
* Implemented the equivalent domains feature for list posting/moderation.Mark Sapiro2015-01-231-0/+34
* A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2015-01-221-1/+57
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+5
* If checking DNS for dmarc_moderation_action and DNS lookup is notMark Sapiro2014-05-291-1/+5
* Make dmarc_quarantine_moderaction_action a list setting.Mark Sapiro2014-05-021-3/+2
* More fine tuning of dmarc_moderation_action.Mark Sapiro2014-05-021-8/+8
* The new Utils.IsDMARCProhibited() used collections.defaultdict whichMark Sapiro2014-04-191-3/+2
* Added and modified various options regarding DMARC. See the NEWS file.Mark Sapiro2014-04-151-1/+96
|\
| * Added suuport for p=quarantine based on feedback from Franck Martin.Jim Popovitch2013-11-081-0/+5
| * Incorporated some feedback from Mark S.Jim Popovitch2013-10-201-1/+1
| * Handle CNAMEs when chasing DMARC TXT records.Phil Pennock2013-03-181-5/+44
| * Hold/Reject/Discard moderation support for Senders with a DMARC p=reject policyJim Popovitch2013-03-031-0/+39
* | Fixed email address validation to do a bit better in obscure cases.Mark Sapiro2013-12-061-3/+4
|/
* Strengthened the validation of email addresses.Mark Sapiro2011-11-131-8/+3
* Strengthened the validation of email address domains.Mark Sapiro2011-09-151-0/+6
* Made the web escaping of additional characters a configuration setting.Mark Sapiro2011-05-011-12/+6
* Yet another change to the broken browser HTML escaping.Mark Sapiro2011-04-261-1/+2
* Don't try converting non-ascii to HTML entities in unicode.Mark Sapiro2011-04-261-2/+5
* Strengthened escaping of user web data by including some characters thatMark Sapiro2011-04-251-0/+8
* Changed the maximum number of arguments for the who command to beMark Sapiro2011-03-211-2/+2
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-091-93/+94