Update of /cvsroot/mailman/mailman/Mailman/Handlers
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27896
Modified Files:
Tag: Release_2_1-maint
SpamDetect.py
Log Message:
SpamDetect.py: Fix loop. As a side effect, spam message may pass the
filter if X-List-Administrivia header is forged.
Index: SpamDetect.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/SpamDetect.py,v
retrieving revision 2.3.2.10
retrieving revision 2.3.2.11
diff -u -d -r2.3.2.10 -r2.3.2.11
--- SpamDetect.py 31 Dec 2005 06:15:33 -0000 2.3.2.10
+++ SpamDetect.py 14 Jan 2006 10:11:19 -0000 2.3.2.11
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -92,8 +92,7 @@
�
def process(mlist, msg, msgdata):
- if msgdata.get('approved') or msgdata.get('reduced_list_headers'):
- # TK: 'reduced_list_headers' is intenally crafted message (virgin).
+ if msgdata.get('approved'):
return
# First do site hard coded header spam checks
for header, regex in mm_cfg.KNOWN_SPAMMERS:
@@ -103,20 +102,23 @@
if mo:
# we've detected spam, so throw the message away
raise SpamDetected
+ # Before we go to header_filter_rules, we exclude internally generated
+ # owner notification from checking, because 1) we collect headers from
+ # all the attachments but this will cause matching the filter rule again,
+ # and 2) list owners may want to check header name / value pair like
+ # 'Precedence: bulk' which is also generated by mailman. Both will
+ # cause loop of holding owner notification messages if the action is
+ # set to 'hold'.
+ if msgdata.get('toowner') and msg.get('x-list-administrivia') == 'yes':
+ return
# Now do header_filter_rules
# TK: Collect headers in sub-parts because attachment filename
# extension may be a clue to possible virus/spam.
- if msg.is_multipart():
- headers = ''
- for p in msg.walk():
- g = HeaderGenerator(StringIO())
- g.flatten(p)
- headers += g.header_text()
- else:
- # Only the top level header should be checked.
+ headers = ''
+ for p in msg.walk():
g = HeaderGenerator(StringIO())
- g.flatten(msg)
- headers = g.header_text()
+ g.flatten(p)
+ headers += g.header_text()
# Now reshape headers (remove extra CR and connect multiline).
headers = re.sub('\n+', '\n', headers)
headers = re.sub('\n\s', ' ', headers)
_______________________________________________
Mailman-checkins mailing list
[email protected]
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
