On Thu, Nov 01, 2001 at 16:58 -0800, Christopher Mahmood wrote:
Here's the policy as it currently stands: o mail that consists only of a MIME attachment gets bounced
[ separated for optical grouping only ]
o HTML mail gets bounced o all attachments that aren't text/plain get stripped
Whom are you trying to protect here (or some other place on SuSE lists)? I take it "HTML mail" are the "text/html" and "multipart/alternative" thingies. But ISTR that a "text/plain" mark is taken by MS browsers as an invitation to the usual "maybe I know better and it actually _is_ HTML?" attitude. So HTML is easily pushed through this filter by simply classifying it as text/plain. Is this a problem? (Sorry, I'm not sure about what you are heading for -- security or less annoyance.) As to the valid (reasonable?) attachment types: What about C code and patches, *zip'ed or tar'ed archives, and the like which usually carry some "application/x-c", "application/x-gzip" or some such type (this is from memory, names might be different but the situation is always the same: neither can you enumerate the good nor the "bad" ones without forgetting a few hundred ...).
o other than the bounces in the first two cases, no notification is sent to the sender that their attachments have been removed
But I feel (strongly) the mangled messages should be marked as such. IANAL. But what would you think if you post a message to a public list and have it published *unnoticed* in a scrambled way while it's still attributed to you? There's definitely a need for something along the lines of "X-Note: crippled by the list management software". Maybe the inserted text needs to be worded some other way but I feel that any kind of manipulation applied to articles contributed by others in principle is crippling them. Did I already mention that I don't like the unnecessary, useless and annoying "[listname]" insertion in the subject line? Just to make it clear. All of the above assumes that this kind of manipulation is of benefit. But I'm not too convinced of this. Yes, I'm annoyed by HTML messages and v-cards (which seem to be the most prominent failures you're trying to keep away from the list). But the same holds true for bad quoting ratios, TOFU (sorry, I lack a better "English" term), pages full of nonsense disclaimers ("this is an email ..."), sigs longer than the actual message, OT and FAQ postings etc. To cut it short: Most problems - actually the worst ones - aren't of technical nature and obviously cannot be solved by technical means but with a clue bat only. :( Sometimes I wish list maintainers would ban articles coming from certain mail frontends (those which cannot even be configured correctly since they are broken by design; Lotus, the thankfully dying X-400 ones, and MS' "mail programs" come to mind) plus those which show a fine example of bad attitude towards other people's time and resources (yes, even with capable and conforming mail frontends ignorant users are able to send out crappy messages which are a burdon for the receiver). This way subscribing to some lists could become bearable and of benefit, again, instead of just wasting one's time. :) I fear that the kind of filter you talk about could easily turn out to be more of a problem than being a (real) solution. At least I have a hard time seeing all the benefits I should cheer about joyfully ... Undoubtedly it takes a *huge* amout of consideration and careful testing before being implemented on lists by default. But you're already aware of this. :) If you are searching for ways to improve the lists' appearance to their subscribers I would suggest - removing the Subject mangling - clearly (and in public) stating that you will _never_ consider Reply-To munging - _immediately_ removing subscribers with bouncing messages, "test" postings and misconfigured autoresponders (any bulk that goes to a list is braindead) and I already like very much that only subscribers can post to the list (at least in those lists I'm subscribed to). Regarding the virus scanning others mentioned I'm sure no list owner would happily spend the cpu cycles necessary to do this. Even more in the case of the (so called only?) SuSE lists -- since they are by no means an official SuSE service IIUC but merely pure kindness on SuSE's side to host these on their servers. A fact some posters sometimes seem to forget together with the fact that no list reader gets paid for participating (neither for reading nor for helping others). Anyway do I feel that virus scanning should be done as close as possible at the sender's and receiver's sides as possible (just like anti spoofing measures). There's no point in shoving all the nonsense over a network passing many hops just to drop it on the other terminal point. After a little thinking it's obvious that it would have been best to not issue this stuff at all or at least not having it pass the very first hop. So it's good habit to not annoy others with virii and it's just sane to not accept virii from others. :> virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.