Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Changed member_verbosity_threshold from a >= test to a strictly > test. | Mark Sapiro | 2017-05-24 | 1 | -2/+2 |
| | |||||
* | Fixed unexploitable XSS attach via crafted HTTP Host: header. | Mark Sapiro | 2017-03-30 | 1 | -1/+1 |
| | |||||
* | Fixed a typo and deleted an unreferenced assignment. | Mark Sapiro | 2016-10-29 | 1 | -5/+2 |
| | |||||
* | Match header_filter_rules as normalized unicodes. | Mark Sapiro | 2016-07-14 | 1 | -0/+31 |
| | |||||
* | Allow DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to be None or the null string. | Mark Sapiro | 2016-05-04 | 1 | -0/+2 |
| | |||||
* | Use rfind rather than find to find '@' for domain splitting. | Mark Sapiro | 2016-04-09 | 1 | -1/+2 |
| | |||||
* | Honor an organizational domain's DMARC sp= policy for sub-domains. | Mark Sapiro | 2016-04-09 | 1 | -5/+14 |
| | |||||
* | Better logging of DMARC lookup DNS exceptions. | Mark Sapiro | 2016-03-06 | 1 | -1/+1 |
| | |||||
* | Minor documentation clean up. | Mark Sapiro | 2016-02-26 | 1 | -4/+5 |
| | |||||
* | Lower case domains for the Organizational Domain fix. | Mark Sapiro | 2016-02-25 | 1 | -3/+3 |
| | |||||
* | Further refactoring of the Organizational Domain fix. | Mark Sapiro | 2016-02-25 | 1 | -2/+1 |
| | |||||
* | Refactored OrganizationalDomain fix. | Mark Sapiro | 2016-02-25 | 1 | -17/+81 |
| | |||||
* | If DMARC lookup fails to find a policy, also try the Organizational Domain. | Mark Sapiro | 2016-02-24 | 1 | -4/+25 |
| | |||||
* | Added dmarc_non_moderation_action to list settings. | Mark Sapiro | 2016-02-02 | 1 | -0/+9 |
| | |||||
* | Merged and tweaked Jim P's mailman-auto-mod-verbose-members branch. | Mark Sapiro | 2016-01-18 | 1 | -1/+48 |
|\ | |||||
| * | Improvements based on feedback from Mark Sapiro | jimpop@template.hostname | 2015-11-04 | 1 | -5/+3 |
| | | | | | | | | https://code.launchpad.net/~jimpop/mailman/mailman-auto-mod-verbose-members/+merge/276706/comments/699744 | ||||
| * | Removed 2 development debugging lines | jimpop@template.hostname | 2015-11-04 | 1 | -5/+0 |
| | | |||||
| * | Auto-Moderate Verbose Members | jimpop@template.hostname | 2015-11-04 | 1 | -0/+26 |
|/ | |||||
* | Defended against a user submitting URLs with query fragments or POST | Mark Sapiro | 2015-09-16 | 1 | -0/+16 |
| | | | data containing multiple occurrences of the same variable. | ||||
* | Improved identification of remote clients coming via a proxy server. | Mark Sapiro | 2015-06-23 | 1 | -1/+8 |
|\ | |||||
| * | Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) | Jim Popovitch | 2015-06-23 | 1 | -1/+5 |
|/ | |||||
* | The vette log entry for DMARC policy hits now contains the list name. | Mark Sapiro | 2015-05-01 | 1 | -4/+4 |
| | |||||
* | Fix for path traversal vulnerability. | Mark Sapiro | 2015-03-27 | 1 | -0/+6 |
| | |||||
* | Implemented the equivalent domains feature for list posting/moderation. | Mark Sapiro | 2015-01-23 | 1 | -0/+34 |
| | |||||
* | A number of changes from the unofficial 2.2 branch have been backported to | Mark Sapiro | 2015-01-22 | 1 | -1/+57 |
| | | | | | the 2.1 branch for release with 2.1.19. The 2.2 branch is now no different from the 2.1 branch and will no longer be maintained. | ||||
* | The options CGI now rejects all but HTTP GET and POST requests. | Mark Sapiro | 2014-09-21 | 1 | -0/+5 |
| | |||||
* | If checking DNS for dmarc_moderation_action and DNS lookup is not | Mark Sapiro | 2014-05-29 | 1 | -1/+5 |
| | | | | available, log it. (LP: #1324541) | ||||
* | Make dmarc_quarantine_moderaction_action a list setting. | Mark Sapiro | 2014-05-02 | 1 | -3/+2 |
| | |||||
* | More fine tuning of dmarc_moderation_action. | Mark Sapiro | 2014-05-02 | 1 | -8/+8 |
| | |||||
* | The new Utils.IsDMARCProhibited() used collections.defaultdict which | Mark Sapiro | 2014-04-19 | 1 | -3/+2 |
| | | | requires Python 2.5. Changed to use a dict and setdefault. | ||||
* | Added and modified various options regarding DMARC. See the NEWS file. | Mark Sapiro | 2014-04-15 | 1 | -1/+96 |
|\ | |||||
| * | Added suuport for p=quarantine based on feedback from Franck Martin. | Jim Popovitch | 2013-11-08 | 1 | -0/+5 |
| | | |||||
| * | Incorporated some feedback from Mark S. | Jim Popovitch | 2013-10-20 | 1 | -1/+1 |
| | | |||||
| * | Handle CNAMEs when chasing DMARC TXT records. | Phil Pennock | 2013-03-18 | 1 | -5/+44 |
| | | | | | | | | | | | | | | | | Handle TXT records missing tags, check all such records, etc. Use \b boundary anchors in regexp check. (Should only be one, but if there are multiple, check them all, reject if any of them say p=reject). | ||||
| * | Hold/Reject/Discard moderation support for Senders with a DMARC p=reject policy | Jim Popovitch | 2013-03-03 | 1 | -0/+39 |
| | | |||||
* | | Fixed email address validation to do a bit better in obscure cases. | Mark Sapiro | 2013-12-06 | 1 | -3/+4 |
|/ | |||||
* | Strengthened the validation of email addresses. | Mark Sapiro | 2011-11-13 | 1 | -8/+3 |
| | |||||
* | Strengthened the validation of email address domains. | Mark Sapiro | 2011-09-15 | 1 | -0/+6 |
| | |||||
* | Made the web escaping of additional characters a configuration setting. | Mark Sapiro | 2011-05-01 | 1 | -12/+6 |
| | |||||
* | Yet another change to the broken browser HTML escaping. | Mark Sapiro | 2011-04-26 | 1 | -1/+2 |
| | |||||
* | Don't try converting non-ascii to HTML entities in unicode. | Mark Sapiro | 2011-04-26 | 1 | -2/+5 |
| | |||||
* | Strengthened escaping of user web data by including some characters that | Mark Sapiro | 2011-04-25 | 1 | -0/+8 |
| | | | | some older browsers misinterpret as < or >. | ||||
* | Changed the maximum number of arguments for the who command to be | Mark Sapiro | 2011-03-21 | 1 | -2/+2 |
| | | | | | considered administrivia from 2 to 1 to help avoid false positives. Bug #739524. | ||||
* | Two potential XSS vulnerabilities have been identified and fixed. | Mark Sapiro | 2010-09-09 | 1 | -93/+94 |
| | |||||
* | XSS protection in the web interface went too far in escaping HTML | Mark Sapiro | 2009-08-01 | 1 | -1/+3 |
| | | | | entities. Fixed. | ||||
* | Backported several bug fixes from the 2.2 branch. | Mark Sapiro | 2009-07-31 | 1 | -20/+21 |
| | |||||
* | Mailman/Utils.py | Mark Sapiro | 2009-01-02 | 1 | -2/+2 |
| | | | | | | | | | | - Fixed a long standing error that stopped relative hrefs from being generated for links on Mailman's web pages. Mailman/Cgi/admindb.py - Changed the admindb interface so that when messages are rejected from the summary page, the reject reason is the rejection message from the Errors.HoldMessage subclass instead of the generic "No reason given". | ||||
* | Changed the regexp for Utils.suspiciousHTML to exempt the | Mark Sapiro | 2008-12-05 | 1 | -1/+2 |
| | | | | | <link rel="SHORTCUT ICON" href="<mm-favicon>"> tag in the options.html template. | ||||
* | Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178. | Barry Warsaw | 2008-11-12 | 1 | -3/+14 |
| | | | | I've modified the patch to improve some of the stylistic issues. | ||||
* | Changed Utils.ValidateEmail to not allow specials (particularly ':') | Mark Sapiro | 2008-05-07 | 1 | -2/+9 |
| | | | | | in unquoted local parts (SF bug # 1956393). |