Subject: Developers of Sympa
List archive
RE: [sympa-dev] Bypass moderation by putting a password in the email?
- From: "Jason Holland" <address@concealed>
- To: "John Kirkland" <address@concealed>
- Cc: <address@concealed>
- Subject: RE: [sympa-dev] Bypass moderation by putting a password in the email?
- Date: Fri, 7 Dec 2007 17:27:09 -0600
This is what I ended up doing. Since its not that easy for regular users to
add another header to their emails I changed the scenario and added an
additional line of code to mail.pm.
1. The scenario is this. (I add a new scenario per list with a new password):
--------------------
title.us Password - Requires password in body
match([msg_body],/x_PASSWORD_x/) smtp -> do_it
true() smtp,smime,md5 -> reject
--------------------
2. Then I added a line of code to mail.pm in the sendto subroutine:
--------------------
sub sendto {
my($msg_header, $msg_body, $from, $rcpt, $robot, $encrypt) = @_;
do_log('debug2', 'mail::sendto(%s, %s, %s', $from, $rcpt, $encrypt);
$msg_body =~ s/x_.+_x//i; # Strip out any passwords from message body
my $msg;
--------------------
Of course I will need to keep track of this patch to mail.pm so I can
re-patch it when my company decides to upgrade.
Thanks,
Jason
-----Original Message-----
From: John Kirkland [mailto:address@concealed]
Sent: Thursday, December 06, 2007 11:13 AM
To: Jason Holland
Cc: address@concealed
Subject: Re: [sympa-dev] Bypass moderation by putting a password in the
email?
I also moved from Lyris to Sympa.
What I do is put a header in the email with my "password" in it.
To accomplish this, I did:
1. Create custom "send" scenario that looks like this:
--------------------
title.us Password Newsletter -- requires PASSWD Header
match([header->PASSWD],/password/) smtp -> do_it
true() smtp,smime,md5 -> reject
--------------------
2. Configure sympa via /etc/sympa.conf to remove the password from the
headers with this line:
remove_headers
Return-Receipt-To,Precedence,X-Sequence,Disposition-Notification-To,PASSWD
3. Configure your list to use the custom send scenario, and any
messages with the password in the header can bypass moderation...
Actually... in my example above, any message missing the password is
outright rejected.
Regards,
John
address@concealed wrote:
> Hello,
>
> I am working on moving our list services from Lyris to Sympa. One thing
> Lyris
> allows a list owner to do is bypass moderation by putting a password in the
> body of the email. Is this something Sympa can do and if so where can this
> be
> configured?
>
> Thanks for your time,
> Jason
>
-
[sympa-dev] Bypass moderation by putting a password in the email?,
jholland, 12/06/2007
- Re: [sympa-dev] Bypass moderation by putting a password in the email?, serge . aumont, 12/06/2007
-
Re: [sympa-dev] Bypass moderation by putting a password in the email?,
John Kirkland, 12/06/2007
- RE: [sympa-dev] Bypass moderation by putting a password in the email?, Jason Holland, 12/07/2007
Archive powered by MHonArc 2.6.19+.