[ntp:questions] forwarding

Brad Knowles brad at stop.mail-abuse.org
Mon Mar 21 00:00:59 UTC 2005

At 7:42 PM +0000 2005-03-20, David Woolley wrote:

>  That's a potential problem.  Although the news server could be pretty
>  degenerate and only support the one newsgroup, and be part of the
>  mail to news program itself, one really needs to submit with the
>  transfer agent to transfer protocol as submission with the user agent
>  to transfer agent protocol often causes security measures to be imposed
>  that are based on the assumption that the submitter is the originating
>  user agent, e.g. Path may be cleared.

	Indeed, if you read the code in Mailman/Queue/NewsRunner.py, you 
will see comments to the effect of stripping headers, etc... due to 
filtering being performed by the server.

>  (In most cases you will get away using POST rather than IHAVE, but it
>  is much better to use IHAVE as the gateway IS a transfer agent, not a
>  user agent.)

	Checking the code in NewsRunner.py, starting at line 70, we see 
the following:

                     nntp_host, nntp_port = Utils.nntpsplit(mlist.nntp_host)
                     conn = nntplib.NNTP(nntp_host, nntp_port,

	Now, I don't know the internal details of how nntplib.NNTP is 
implemented, but from reading this and looking at the other comments, 
I would guess that it's using the client-style POST method.

	If someone wants to write a minimal news server in Python and get 
that incorporated into the Mailman gateway system, I'm sure that the 
developers would be very interested to see that code.

	I'm not convinced that this is necessary to solve the various 
issues that have been identified, but there is certainly room for 

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the questions mailing list