[ OpenInfo Home ] [ UP ]

Mailman Patch #850805 Aggressive anti email address harvesting measure

Description

This patch is an aggressive anti e-mail address harvesting measure.

The objective is to limit the ability of spam generators to acquire e-mail addresses from archived material in Mailman's list archives. Implementation is via a dynamic search and replace for anything that looks like an e-mail address which appears in files of MIME type text/html or text/plain, as those files are requested. The underlying archive file content as generated by the archiving software remains unchanged.

As pointed out on the mailman-developers list, potential users of this patch should be aware that the simple approach to masking e-mail addresses used by this patch will also capture and munge any other strings in the archive data that resemble email addresses. This can include mailto URLs, other URLs and Message ids. This side-effect may make the patch unsuitable for use with your system.

However, you also need to consider that the patch does not irreversibly change the source archive material held on the server; the changes are only made in the copy of the archive material sent to the requesting browser by the server.

Applicability

This patch is applicable to Mailman 2.1.3 and 2.1.8 and later.

Note that there were errors in the download link URLs below in the version of this page posted between 21/9/06 and 20/10/06. Apologies to any users of this patch who were confused by this.

Necessary Precursors

None

Changes Made

Files Mailman/Defaults.py and Mailman/Cgi/private.py are modified by this patch.

The implementation arranges for all archive files to be delivered by a modified private.py CGI script which only requires user authentication if the list whose archive material is being requested is set up as a private list. In order to get public archives served by private.py a RewriteRule like this:

    RewriteRule ^/pipermail/(.*) /mailman/private/$1 [PT]

needs to be used in the Apache httpd.conf to transparently redirect public archive file requests.

Rather idiosyncratically most of the operational elements of this patch are in Mailman/Defaults.py. My reasoning behind this decision is that if people want to fool with the regexes that are at the heart of this patch they can see what will be affected by the changes more readily if the related bits are in the same place.

Applying the patch

Apply the patch from within the Mailman build directory using the command:

    patch -p1 < path-to-patch-file

Download Patch File

MM Version Download
2.1.12 Download
2.1.11 Download
2.1.10 Download
2.1.9 Download
2.1.8 Download
2.1.3 Download


Click to e-mail comments or complaints Last updated: 09/07/2009 13:27

[ OpenInfo Home ] [ UP ]