Thanks for all that. I googled collapse_alternatives, and I can see from the colour of some of the results that I've looked this up before.
Given that Mac and (particularly) iPhone/iPad users are common, we probably don't have an unusual problem. Maybe I should just ask the list owner to try changing those two settings to see how it goes: collapse_alternatives=No convert_html_to_plaintext=No I wonder how much dangerous javascript in email is these days. What happens if we just change collapse_alternatives to No? > -----Original Message----- > From: Mark Sapiro [mailto:m...@msapiro.net] > Sent: Tuesday, 23 January 2018 12:08 PM > To: Peter Shute <psh...@nuw.org.au>; mailman-users@python.org > Subject: Re: [Mailman-Users] Photos from Macs getting removed by list > server > > On 01/22/2018 01:33 PM, Peter Shute wrote: > > > > Perhaps I've used the wrong terminology. I mean that > convert_html_to_plaintext is set to Yes. > > > OK > > > > I've attached a screenshot of the content filtering page. Does that > > tell you everything you need to know? (Assuming it'll be allowed > > through. If not, what's the easiest way to list all the settings?) > > > It didn't go to the list, but I got it in my direct copy. For future > reference, the > settings are: > > filter_content: Yes > filter_mime_types: empty > pass_mime_types: > multipart > text/plain > text/html > image/jpeg > image/png > filter_filename_extensions: > exe > bat > cmd > com > pif > scr > vbs > cpl > mpg > mc4 > mp3 > And more not in the screenshot > pass_filename_extensions: empty > collapse_alternatives: Yes > convert_html_to_plaintext: Yes > filter_action: Discard > > And something like the above is the best way to report them. > > > > I still have all the moderation notification emails, with the original > > emails > attached. Can I use those to get the information you need? > > > Yes, but see below. > > > > But before I start trying to gather together evidence, could we "fix" this > problem by setting convert_html_to_plaintext to No? If so, are there any > side effects of that we should know about before we try it? > > > That alone probably won't fix it. Consider a message with the following MIME > structure: > > multipart/alternative > text/plain > plain text body > multipart/related > text/html > HTML body that references images > image/jpeg > first image > image/jpeg > second image > > pass_mime_types will accept everything, but collapse_alternatives = Yes will > replace the multipart/alternative part with the first sub-part, i.e. the > text/plain part leaving only > > text/plain > plain text body > > as the message to be delivered. > > Even a different message like > > multipart/related > multipart/alternative > text/plain > plain text body > text/html > HTML body that references images > image/jpeg > first image > image/jpeg > second image > > Will result in the filtered message > > multipart/related > text/plain > plain text body > image/jpeg > first image > image/jpeg > second image > > with the image parts still in the delivered message, but the HTML that > referenced them gone. > > The only time the HTML is left in the message in any form is if it's not in a > multipart/alternative sub-part such as > > multipart/related > text/html > HTML body that references images > image/jpeg > first image > image/jpeg > second image > > but even here, the text/html part will be converted to text/plain by > HTML_TO_PLAIN_TEXT_COMMAND and how the result will render will vary > depending both on what that command does and the MUA that views the > result. > > > > I'm not the owner of the list, and it wasn't my decision to set it to Yes. > > I'm > under the impression that the owner changed it as a precaution once after > the list was somehow being used to send out spam. It's my impression that in > the years before I had admin access, there have been periods when html > was allowed, but I have no idea of the reasons for the earlier changes. > > > You definitely want to set collapse_alternatives to No. Depending on how > that works for you, you may also need to set convert_html_to_plaintext to > No to get the result you want. > > The risk in setting convert_html_to_plaintext to No is messages with evil > javascript will go to the list. > > -- > Mark Sapiro <m...@msapiro.net> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
