brad at stop.mail-abuse.org
Mon Mar 21 00:00:59 UTC 2005
At 7:42 PM +0000 2005-03-20, David Woolley wrote:
> That's a potential problem. Although the news server could be pretty
> degenerate and only support the one newsgroup, and be part of the
> mail to news program itself, one really needs to submit with the
> transfer agent to transfer protocol as submission with the user agent
> to transfer agent protocol often causes security measures to be imposed
> that are based on the assumption that the submitter is the originating
> user agent, e.g. Path may be cleared.
Indeed, if you read the code in Mailman/Queue/NewsRunner.py, you
will see comments to the effect of stripping headers, etc... due to
filtering being performed by the server.
> (In most cases you will get away using POST rather than IHAVE, but it
> is much better to use IHAVE as the gateway IS a transfer agent, not a
> user agent.)
Checking the code in NewsRunner.py, starting at line 70, we see
nntp_host, nntp_port = Utils.nntpsplit(mlist.nntp_host)
conn = nntplib.NNTP(nntp_host, nntp_port,
Now, I don't know the internal details of how nntplib.NNTP is
implemented, but from reading this and looking at the other comments,
I would guess that it's using the client-style POST method.
If someone wants to write a minimal news server in Python and get
that incorporated into the Mailman gateway system, I'm sure that the
developers would be very interested to see that code.
I'm not convinced that this is necessary to solve the various
issues that have been identified, but there is certainly room for
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions