From 205504d8f729af4a948ad7a3c9636939dbdc00b9 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Sat, 1 Aug 2009 12:14:32 -0700 Subject: Removed or anonymized additional headers in posts to anonymous lists. --- Mailman/Handlers/Cleanse.py | 15 ++++++++++++++- NEWS | 2 ++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Mailman/Handlers/Cleanse.py b/Mailman/Handlers/Cleanse.py index 8033d41f..b2c9611a 100644 --- a/Mailman/Handlers/Cleanse.py +++ b/Mailman/Handlers/Cleanse.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2006 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -17,8 +17,11 @@ """Cleanse certain headers from all messages.""" +import re + from email.Utils import formataddr +from Mailman.Utils import unique_message_id from Mailman.Logging.Syslog import syslog from Mailman.Handlers.CookHeaders import uheader @@ -39,11 +42,21 @@ def process(mlist, msg, msgdata): del msg['from'] del msg['reply-to'] del msg['sender'] + del msg['return-path'] # Hotmail sets this one del msg['x-originating-email'] + # And these can reveal the sender too + del msg['received'] + # And so can the message-id so replace it. + del msg['message-id'] + msg['Message-ID'] = unique_message_id(mlist) i18ndesc = str(uheader(mlist, mlist.description, 'From')) msg['From'] = formataddr((i18ndesc, mlist.GetListEmail())) msg['Reply-To'] = mlist.GetListEmail() + uf = msg.get_unixfrom() + if uf: + uf = re.sub(r'\S*@\S*', mlist.GetListEmail(), uf) + msg.set_unixfrom(uf) # Some headers can be used to fish for membership del msg['return-receipt-to'] del msg['disposition-notification-to'] diff --git a/NEWS b/NEWS index 524122da..477a81f0 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,8 @@ Here is a history of user visible changes to Mailman. Bug Fixes and other patches + - Removed or anonymized additional headers in posts to anonymous lists. + - Fixed a bug that could cause incorrect threading of replies to archived messages that arrive with timestamps in the same second. -- cgit v1.2.3