[Mailman-Users] Re: What is character set of the log files?
Mark Sapiro writes: > On 5/26/20 4:30 PM, Brett Delmage wrote: > > Hi! > > > > What is the character set coding for the log files, please? > > I'm using MM 2.1.29 > > Basically unknown. For the most part, log files are us-ascii, I would consider declaring ISO-8859-1, ISO-8859-15, or Windows-1252. All contain mappings for all 256 octets, so you will never get a decoding error. US users may prefer Windows-1252, since it's the main 8-bit encoding for them which has "smart quotes" and the like, and the 8-bit control character area is mapped to graphic characters which are less likely to upset terminals. ISO-8859-15 may be more popular in Western Europe since it is a variant of ISO-8859-1 with the EURO SIGN. Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: What is character set of the log files?
Hi! On 27/05/2020 01:08, Mark Sapiro wrote: > On 5/26/20 4:30 PM, Brett Delmage wrote: [...] >> What is the character set coding for the log files, please? >> I'm using MM 2.1.29 > > Basically unknown. For the most part, log files are us-ascii, but some > entries contain user entered data such as names or (malformed) email If the user enters his name in a HTML form with e.g. German umlauts, it should be UTF-8 encoded, not? MfG, Bernd -- There is no cloud, just other people computers. -- https://static.fsf.org/nosvn/stickers/thereisnocloud.svg -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Insecure setup?
Until a few hours ago I was running mailman 2.1.29 on Debian Stretch, as packaged by Debian, e.g. mailman_1:2.1.29-1_amd64.deb, so I was missing the latest update published by Debian on April, 24 as mailman_1:2.1.29-1+deb10u1_amd64.deb. That means my mailman was vulnerable to this specific issue: https://security-tracker.debian.org/tracker/CVE-2020-12137 which is a XSS issue, and, as such, it can hardly be the cause of my problem. However I've now updated it nevertheless. A few hours ago I received a FBL complaint notification about a monthly subscription reminder marked as spam and actually coming from my server. The subscription reminder was attached to the FBL complaint, so I could see the mailman list subscribed email inside it, which is ada3167eb87301cb4835917425f07...@libero.it: it's clearly a fake email address or a real email address that's been created just for sending spam. The real user that raised the complaint is not shown for obvious privacy reasons, though I could discover it from the message id, but who cares, he's right after all, but by double checking the message id I could confirm the whole reminder is authentic and it actually went out of my mailserver. It is attached here, except I've masked my real domain name and my real server ip address. My mailman subscription logs (/var/log/mailman/subscribe*) go back one year and that fake email address does not appear in any of them, nor it is listed in the current subscribers list. It obviously does NOT match the email address of the user that received the spammed reminder and that raised the complaint. How did it happen? Is there a security flaw in my mailman setup? Where should I start looking at? Source: Italia Online (Libero and Virgilio)=0D Abuse-Type: complaint=0D Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/394805= =0D User-Agent: ReturnPathFBL/2.0=0D Original-Rcpt-To: ada3167eb87301cb4835917425f07...@libero.it=0D Arrival-Date: Mon, 01 Jun 2020 03:00:04 +=0D Original-Mail-From: mailman-boun...@my.real.hostname.it=0D Reported-Domain: my.real.hostname.it=0D Source-Ip: my.real.mailman.server.ip.address=0D Feedback-Type: abuse=0D Version: 1=0D --2b38e7ed6655b3398b3fa78c503692fce35b2e77326c2691bbcfb3bc2516 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-ID: <5ed497103f356_ebe2b2335d7596447...@abuse.myprovider.company.mail> Delivered-To: * Received: from mobimap.libero.it by with IMAP4 (i;15392:1) Mon, 01 Jun 2020 03:00:27 + Return-Path: Delivered-To: ada3167eb87301cb4835917425f07...@libero.it Received: from dcd-18 ([10.103.10.26]) by dcbackend-44.iol.local with LMTP id aBB+HUtv1F5HTwMAm9QHFw for ; Mon, 01 Jun 2020 05:00:27 +0200 Received: from dcp-12.iol.local ([10.103.10.26]) by dcd-18 with LMTP id 8KFpHUtv1F72MQAAWU+Phw ; Mon, 01 Jun 2020 05:00:27 +0200 Received: from libero.it ([10.103.10.26]) by dcp-12.iol.local with LMTP id oBQ9Dktv1F6y6wAAFc0f+g ; Mon, 01 Jun 2020 05:00:27 +0200 Received: from my.real.hostname.it ([my.real.mailman.server.ip.address]) by smtp-26.iol.local with ESMTP id fagcjaRdEBNRlfagcj6sQm; Mon, 01 Jun 2020 05:00:27 +0200 X-IOL-DMARC: fail_monitor con il dominio my.real.domain.where.i.host.mailman X-IOL-DKIM: Messaggio non firmato X-IOL-SPF: pass con l'IP my.real.mailman.server.ip.address;my.real.hostname.it X-IOL-SEC: _SPFOK_NODKIM_DMARCFAIL_ENVFROMHEADDIFF X-IOL-Original-Envfrom: mailman-boun...@my.real.hostname.it x-libjamoibt: 2601 Received-SPF: pass X-CNFS-Analysis: v=2.3 cv=X7os11be c=1 sm=1 tr=0 a=FkFSD/Dudah5UTUvEddLDw==:117 a=FkFSD/Dudah5UTUvEddLDw==:17 a=lP7XrAzt:8 a=KiCxJD0x+Pe5VASQKmYoJrcyuOo=:19 a=xqWC_Br6kY4A:10 a=8nJEP1OIZ-IA:10 a=nTHF0DUjJn0A:10 a=Mrz3sjv-sVQA:10 a=IAtt1hzd:8 a=vYhxhHx_zviUCDRhy94A:9 a=wPNLvfGTeEIA:10 a=2EkGEB5KO2G9k0KlfTuJ:22 a=1L9rwC9n54gXs6W524hS:22 Received: from my.real.hostname.it ([::1]) by my.real.hostname.it with ESMTP id 00123253.5ED46F3F.4A46; Mon, 01 Jun 2020 05:00:15 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: promemoria per gli iscritti della lista my.real.domain.where.i.host.mailman From: mailman-ow...@my.real.domain.where.i.host.mailman To: ada3167eb87301cb4835917425f07...@libero.it X-No-Archive: yes Auto-Submitted: auto-generated Message-ID: Date: Mon, 01 Jun 2020 05:00:04 +0200 Precedence: bulk X-BeenThere: mail...@my.real.hostname.it X-Mailman-Version: 2.1.29 List-Id: X-List-Administrivia: yes Errors-To: mailman-boun...@my.real.hostname.it Sender: "Mailman" X-CMAE-Envelope: MS4wfE7WgNK6+1TCWJT2l9eUtLErptK18C5819kRL7yRE0HAlor0NJBLXLDL6HfOahF0FqVW6I95j5Oz78Y4MekgnFd5rnHMtNjcemup+IEvZPAik3ig8RbU yUf5JnpXs0aKtyC4ykkZ73aCGK8h7SqTc+S8FR9HSkpVwEpBFRFMHW5PAagGRRIICd1fep7ihrf2iQ== X-Mru-Rpop: 1 X-Ipop: 89664477 X-Mru-UID: 1089306654 X-Mailru-Intl-Tran
[Mailman-Users] looking for just one command...
I am running v2.1.20, looking to upgrade to 2.1.32 (or 33), but the upgrade path seems to me to want the same options used in the previous install. I didn't do the previous install, so the one command I'm looking for is -- the one command that will tell me what options were used in the previous install. is there a command that will return the compile options of the previous install? is there a file that contains (maybe a list of) the compile options of the previous install? -- Jeff -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: looking for just one command...
If you still have access to the source directory used to build the previous install, the compile command is in the file config.log... in my case ./configure --with-cgi-gid=apache Quoting Jeffrey Westgate (jeffrey.westg...@arkansas.gov): > I am running v2.1.20, looking to upgrade to 2.1.32 (or 33), but the upgrade > path seems to me to want the same options used in the previous install. I > didn't do the previous install, so the one command I'm looking for is -- > > the one command that will tell me what options were used in the previous > install. > > is there a command that will return the compile options of the previous > install? > > is there a file that contains (maybe a list of) the compile options of the > previous install? > > -- > Jeff > -- > Mailman-Users mailing list -- mailman-users@python.org > To unsubscribe send an email to mailman-users-le...@python.org > https://mail.python.org/mailman3/lists/mailman-users.python.org/ > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ > https://mail.python.org/archives/list/mailman-users@python.org/ -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: looking for just one command...
On 6/1/20 6:11 AM, Jeffrey Westgate wrote: > I am running v2.1.20, looking to upgrade to 2.1.32 (or 33), but the upgrade > path seems to me to want the same options used in the previous install. I > didn't do the previous install, so the one command I'm looking for is -- > > the one command that will tell me what options were used in the previous > install. > > is there a command that will return the compile options of the previous > install? > > is there a file that contains (maybe a list of) the compile options of the > previous install? As noted in another reply, if you have the config.log from the prior ./configure, it will contain near the beginning the command that was used. There is a Mailman command, bin/mailman-config that will show you this info, but this first appeared in 2.1.26 so you don't have it, and you can't get it after the fact because it relies on being configured by ./configure to get the information. If you don't have config.log, you can discern various things by examining the current installation. The most common and important options to configure are: --prefix --with-var-prefix (if different from prefix) --with-username (usually 'mailman' except Debian/Ubuntu 'list) --with-groupname (usually 'mailman' except Debian/Ubuntu 'list) --with-cgi-gid (whatever your web server user is) --with-mail-gid (depends on the MTA, with Postfix it's the primary group of the owner of Mailman's data/aliases.db file) --with-mailhost (sets DEFAULT_EMAIL_HOST in Defaults.py) --with-urlhost (sets DEFAULT_URL_HOST in Defaults.py) See `./configure --help` for a complete list. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Insecure setup?
On 6/1/20 3:10 AM, Lucio wrote: > > A few hours ago I received a FBL complaint notification about a monthly > subscription reminder marked as spam and actually coming from my server. > The subscription reminder was attached to the FBL complaint, so I could > see the mailman list subscribed email inside it, which is > ada3167eb87301cb4835917425f07...@libero.it: it's clearly a fake email > address or a real email address that's been created just for sending spam. The trace headers in the message you attached all indicate it was sent and delivered to ada3167eb87301cb4835917425f07...@libero.it. If this is not a deliverable address for the end recipient, how did it get there? My first thought is that ada3167eb87301cb4835917425f07242 is a HEX encoding, but decoding it as either hex or base64 gives garbage. Have you checked your MTA logs to see what is there for this reminder. I.e., was anything sent to this address? What was sent to the real list member address? It seems unlikely that some intermediary would rewirit the address to ada3167eb87301cb4835917425f07...@libero.it everywhere in the message headers and body including the line: https://my.real.domain.where.i.host.mailman/options/my.real.list.name/ada3167eb87301cb4835917425f07242%40libero.it It really looks like it came from your Mailman for that user. > My mailman subscription logs (/var/log/mailman/subscribe*) go back one year > and that fake email address does not appear in any of them, nor it is listed > in the current subscribers list. It obviously does NOT match the email > address of the user that received the spammed reminder and that raised the > complaint. > > How did it happen? Is there a security flaw in my mailman setup? Where should > I start looking at? I would start with the MTA logs to see exactly what was sent from your server. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Insecure setup?
Il 01/06/20 21:15, Mark Sapiro ha scritto: The trace headers in the message you attached all indicate it was sent and delivered to ada3167eb87301cb4835917425f07...@libero.it. You're right, I overlooked those headers and took for granted the recipient address I found from the MTA logs was the real one. If this is not a deliverable address for the end recipient, how did it get there? Have you checked your MTA logs to see what is there for this reminder. I.e., was anything sent to this address? Ok, let's assume it is a deliverable address. Running the following one-liner yields nothing: # for i in /var/log/mail.log* ; do EXE=cat ; if [[ "$i" == *.gz ]] ; then EXE=zcat ; fi ; echo "$EXE $i ---" ; $EXE $i | grep ada3167eb87301cb4835917425f07242 ; done Command explained: look for the string ada3167eb87301cb4835917425f07242 into all the the MTA logs and output the lines that contain it. Obviously my MTA does log every recipient address it send messages to. What was sent to the real list member address? Same one-liner above, with the message ID 00123253.5ED46F3F.4A46 as filter: # for i in /var/log/mail.log* ; do EXE=cat ; if [[ "$i" == *.gz ]] ; then EXE=zcat ; fi ; echo "$EXE $i ---" ; $EXE $i | grep 00123253\.5ED46F3F\.4A46 ; done cat /var/log/mail.log --- Jun 1 05:00:16 myhostname courierfilter: zdkimfilter[19015]:id=00123253.5ED46F3F.4A46: response: 250 not filtered. Jun 1 05:00:26 myhostname courierd: newmsg,id=00123253.5ED46F3F.4A46: dns; myhostname.and.fqdn ([::1]) Jun 1 05:00:26 myhostname courierd: started,id=00123253.5ED46F3F.4A46,from=,module=esmtp,host=libero.it,addr= Jun 1 05:00:27 myhostname courieresmtp: id=00123253.5ED46F3F.4A46,from=,addr=: 250 fagcjaRdEBNRlfagcj6sQm mail accepted for delivery Jun 1 05:00:27 myhostname courieresmtp: id=00123253.5ED46F3F.4A46,from=,addr=,success: delivered: smtp-in.libero.it [213.209.1.129] Jun 1 05:00:27 myhostname courieresmtp: id=00123253.5ED46F3F.4A46,from=,addr=,status: success Jun 1 05:00:31 myhostname courierd: completed,id=00123253.5ED46F3F.4A46 cat /var/log/mail.log.1 --- zcat /var/log/mail.log.2.gz --- zcat /var/log/mail.log.3.gz --- zcat /var/log/mail.log.4.gz --- I've replaced the real list member address with 'real-list-member', but it's not the forged (or real) address above with the hex number and I've double checked this one is really subscribed to the list. It seems unlikely that some intermediary would rewirit the address to ada3167eb87301cb4835917425f07...@libero.it everywhere in the message headers and body including the line: https://my.real.domain.where.i.host.mailman/options/my.real.list.name/ada3167eb87301cb4835917425f07242%40libero.it It really looks like it came from your Mailman for that user. I agree, but how? -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Insecure setup?
On 6/1/20 3:15 PM, Lucio Crusca wrote: > > Ok, let's assume it is a deliverable address. Running the following > one-liner yields nothing: > > # for i in /var/log/mail.log* ; do EXE=cat ; if [[ "$i" == *.gz ]] ; > then EXE=zcat ; fi ; echo "$EXE $i ---" ; $EXE $i | grep > ada3167eb87301cb4835917425f07242 ; done > > Command explained: look for the string ada3167eb87301cb4835917425f07242 > into all the the MTA logs and output the lines that contain it. > Obviously my MTA does log every recipient address it send messages to. > >> What was sent to the real list >> member address? > > Same one-liner above, with the message ID > 00123253.5ED46F3F.4A46 as filter: > > # for i in /var/log/mail.log* ; do EXE=cat ; if [[ "$i" == *.gz ]] ; > then EXE=zcat ; fi ; echo "$EXE $i ---" ; $EXE $i | grep > 00123253\.5ED46F3F\.4A46 ; done > cat /var/log/mail.log --- > Jun 1 05:00:16 myhostname courierfilter: > zdkimfilter[19015]:id=00123253.5ED46F3F.4A46: > response: 250 not filtered. > Jun 1 05:00:26 myhostname courierd: > newmsg,id=00123253.5ED46F3F.4A46: dns; > myhostname.and.fqdn ([::1]) > Jun 1 05:00:26 myhostname courierd: > started,id=00123253.5ED46F3F.4A46,from=,module=esmtp,host=libero.it,addr= > > Jun 1 05:00:27 myhostname courieresmtp: > id=00123253.5ED46F3F.4A46,from=,addr=: > 250 fagcjaRdEBNRlfagcj6sQm mail accepted for delivery > Jun 1 05:00:27 myhostname courieresmtp: > id=00123253.5ED46F3F.4A46,from=,addr=,success: > delivered: smtp-in.libero.it [213.209.1.129] > Jun 1 05:00:27 myhostname courieresmtp: > id=00123253.5ED46F3F.4A46,from=,addr=,status: > success > Jun 1 05:00:31 myhostname courierd: > completed,id=00123253.5ED46F3F.4A46 ... >> It really looks like it came from your Mailman for that user. >> > > I agree, but how? Well, the message looks like it came from you to ada3167eb87301cb4835917425f07...@libero.it, but your mail logs show that the only message was sent to the real user. There was no message from Mailman to your MTA with the recipient ada3167eb87301cb4835917425f07...@libero.it and there was no message from your MTA with the recipient ada3167eb87301cb4835917425f07...@libero.it. That says to me that the recipient address local part in the FBL message you received was munged for privacy by replacing it globally in the message with ada3167eb87301cb4835917425f07242. I suspect this was done either by the recipient or the recipient's mail provider. If I were you I would either just remove the recipients real address from the list or maybe contact the recipient to see what the message looked like at that end. In any case, I can't see how there could be any issue with Mailman here. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Insecure setup?
Mark Sapiro writes: > On 6/1/20 3:15 PM, Lucio Crusca wrote: > > Ok, let's assume it is a deliverable address. Running the following > > one-liner yields nothing: My guess is that the real mailbox was replaced with a hash of that mailbox. SHA-2-512 or SHA-3-512 would fit with the 32-hex-digit mailbox in the report. That allows the recipient's host to redact the mailbox from the report to you but still easily identify it. Either way, this looks like a valid subscription reminder. Do you have reminders enabled? If so, this looks like a user who decided to report the reminder as spam rather than take a reasonable action (turn off reminders or unsubscribe). > > I agree [that it was sent to the real address], but how? The recipient domain has clearly altered the header, because it reports a delivery to that address but you have no record of it. (It could be the recipient, but there are very few recipients with the skills to do this, or would bother given that they're reporting on their own behalf to their email provider!) Mark Sapiro writes: > If I were you I would either just remove the recipients real > address from the list or maybe contact the recipient to see what > the message looked like at that end. I don't think there's much point in contacting the recipient. > In any case, I can't see how there could be any issue with Mailman > here. Agreed. Regarding your other question, > > Is there a security flaw in my mailman setup? Maybe, but it looks to me like you just have a user who got annoyed at the password reminder for a list they are subscribed to, and decided to cause you trouble rather than take care of turning reminders off or unsubscribing themself. (This used to be *really* common with America Online because their Report Spam button was big and easy to click, vs unsubscribing or changing their user profile which users had to do themselves. Fortunately those folks don't seem to use Mailman lists any more.) Your MTA does have places security can be tightened. One is to use DKIM to sign the outgoing messages. Without a signature, it's impossible to prove whether the header and/or the message content were spoofed or altered after leaving your server. Also, it seems that you have a DMARC record for "my.real.hostname.it", but it does not cover "my.real.domain.where.i.host.mailman", since "my.real.hostname.it" passes SPF, but "my.real.domain.where.i.host.mailman" fails DMARC. This is a guess since I don't know your domains, nor exactly how IOL does things, but the "fail" in these two fields suggests it: X-IOL-DMARC: fail_monitor con il dominio my.real.domain.where.i.host.mailman X-IOL-SEC: _SPFOK_NODKIM_DMARCFAIL_ENVFROMHEADDIFF Presumably lack of DMARC alignment (address in From needs to match the SPF authenticated domain) contributes to the spam score. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: What is character set of the log files?
Bernd Petrovitsch writes: > On 27/05/2020 01:08, Mark Sapiro wrote: > > Basically unknown. For the most part, log files are us-ascii, but some > > entries contain user entered data such as names or (malformed) email > > If the user enters his name in a HTML form with e.g. German umlauts, > it should be UTF-8 encoded, not? That depends on a lot of things. "Should," yes, but things don't always turn out that way even if both server and client intend to be "reasonable". But usually the most "interesting" messages in the logs are when behavior is *not* reasonable! There's no way to enforce reasonable behavior on the client. Spammers and teen-age wannabe programmers are not known for respecting RFCs; if they're accessing servers with scripts, anything could happen through carelessness. And actively malicious actors might be trying to exploit a vulnerability by declaring one thing in the header and sending something else in the body. So it is an interesting question how to specify that encoding. It depends on several components of the system. Of course Mailman could decide to provide a printable UTF-8 representation of anything that's not UTF-8, marking it somehow, but since all of our message components are ASCII, is it worth going to that trouble, complicating and slowing down logging? -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
