I was pretty explicit about not sending responses to the list, but oh well... * Gerhard Sittig (Gerhard.Sittig@gmx.net) [011102 13:13]:
Whom are you trying to protect here (or some other place on SuSE lists)? I take it "HTML mail" are the "text/html" and "multipart/alternative" thingies.
Personally, I really don't care if someone's Windows machine gets a virus and my concerns, in order, are 1) decreasing the amount of unnecessary list traffic we have 2) decreasing the annoyance of the overuse of attachments and HTML mail 3) avoiding viruses being pread through our lists (which has only happened once that I can recall)
But ISTR that a "text/plain" mark is taken by MS browsers as an invitation to the usual "maybe I know better and it actually _is_ HTML?" attitude. So HTML is easily pushed through this filter by simply classifying it as text/plain. Is this a problem?
It's not a problem for me, but it probably is for the sender since I can't imagine many people are willing to take the time to pipe the mail into lynx or html2text or whatever to read.
As to the valid (reasonable?) attachment types: What about C code and patches,
That's text.
*zip'ed or tar'ed archives, and the like which usually carry some "application/x-c", "application/x-gzip" or some such type (this is from memory, names might be different but the situation is always the same: neither can you enumerate the good nor the "bad" ones without forgetting a few hundred ...).
No, gzip and tar archives would be stripped. If your patch (which are rare on most of our lists) is so large as to require compression to get in under 50K(!) message size limit that we've been using for quite some time, even the most ardent supporter of the trend that has developed over the last few years of using SMTP as poor man's file transfer protocol would suggest that you probably should find some other way to tell the list about it. But you are correct, if someone *really* can only express themself in HTML then they can inline it and it will get through.
But I feel (strongly) the mangled messages should be marked as such.
It's clearly stated in both the welcome message they will receive and the FAQ.
IANAL. But what would you think if you post a message to a public list and have it published *unnoticed* in a scrambled way while it's still attributed to you?
I'd be pissed, but that's not really what's happening.
There's definitely a need for something along the lines of "X-Note: crippled by the list management software".
Fair enough, I'll insert an X-header that says something to that effect.
Did I already mention that I don't like the unnecessary, useless and annoying "[listname]" insertion in the subject line?
Probably not since I thought we were discussing attachment filtering, but add something like the following to your procmailrc: :0 hwf * ^Subject.*\[suse-security\] | sed 's/\[suse-security\]//' $MBOX_WHERE_I_KEEP_SUSE-SECURITY if it really bothers you.
To cut it short: Most problems - actually the worst ones - aren't of technical nature and obviously cannot be solved by technical means but with a clue bat only. :(
No one is trying to legislate common sense here and I don't have the time or the personality to enforce a set of policies that we don't really don't have anyway.
I fear that the kind of filter you talk about could easily turn out to be more of a problem than being a (real) solution.
Then we'll remove it.
At least I have a hard time seeing all the benefits I should cheer about joyfully ...
I never asked for cheering, I just wanted some feedback from a list who's opinions I respect. I got that and now I'm slowly acting on it.
Undoubtedly it takes a *huge* amout of consideration and careful testing before being implemented on lists by default. But you're already aware of this. :)
Hence the careful testing, request for comments, careful log watching during dinner, etc.
If you are searching for ways to improve the lists' appearance to their subscribers I would suggest - removing the Subject mangling
Done. See procmail example above.
- clearly (and in public) stating that you will _never_ consider Reply-To munging
Done several times on SLE (the last time resulted various threats on my physical well-being and misc. insults...no joke) and in the FAQs. We don't use reply-to's on any of our lists and never will...don't worry, I'm a True Believer.
- _immediately_ removing subscribers with bouncing messages,
We do it as quickly as we can.
"test" postings and misconfigured autoresponders (any bulk that goes to a list is braindead)
Personally, I leave "testers" alone since others usually flame them. We try to to get autoresponders as quickly as we can and ezmlm is very good at catching most of them.
and I already like very much that only subscribers can post to the list (at least in those lists I'm subscribed to).
All of our lists are closed. -- -ckm