[H-GEN] Open source firm releases patch for IE spoofing flaw

Russell Stuart russell at stuart.id.au
Tue Dec 30 02:47:29 EST 2003 

On Tue, 2003-12-30 at 16:07, Greg Black wrote:
> On 2003-12-29, Russell Stuart top-posted:

Glad you noticed :)  It was my way of spitting the dummy.

> > Is a compromise possible?  If someone were to submit a patch to mailman
> > that made reply-to munging an option the user could turn off and on,
> > what is the odds of it being accepted?
> 
> Anybody who wants such a feature can add it with a trivial
> procmail recipe; this is, after all, the way that Unix users
> traditionally solve these little problems.  There's no need for
> patches to mailman.

That is not true for everyone.  Firstly to an old unix programmer like
yourself it could[1] be trivial.  Judging by the questions I have seen
on this list from others there are a few - perhaps the majority, who
would not find it trivial.  I am sure to some would it would be
impossible.

Secondly, its only option if you are allowed to install procmail scripts
on the machine that has your mail box[2].  Again most find it easiest to
just collect their email from their ISP using their client.

If this was a Unix sysadmin list your comments would be spot on.  Its
not.  Among other things, it is a forum newbies use ask the opinions of
more experienced users.  Telling a newbie to write a procmail script is
not helpful.  In fact, I think is simply elitest.

We should be making things as easy for them as possible.  A web page
option is much easier for a *nix newbie to handle.

> Of course, this means that such users won't respect the wishes
> of the people whose messages they mutilate, unless they take
> care to write a recipe that only adds their chosen Reply-To if
> there's not one already in place.

Again, "respecting wishes" implies they now how to make their wishes
known.  In this case, it means knowing how to set the "Reply To"
header.  I would wager that most people on this list don't know, and of
those that do most are not willing to take the effort.

But the way, I notice you do take the effort.  Do you do this manually
on a message by message basis, or is it a feature of you client, or have
you written some scripts?  If you do it manually, hats off to you - I
don't have the patience.  If you have written some scripts would you
care to share?

This suggests another idea.  Rather than turn on "Reply-To" munging on
outgoing mail, why not have an option that turns it on for incoming
mail.  In other words, when I send mail to the list, I ask that mailman
set the "Reply To" on my email to be the list.  That way, all the people
who have wishes they want respected can just turn the feature off.  The
rest of us lazy bums can just leave it on.

[1] My first experience with procmail was a bun fight.  I wouldn't
    consider myself a newbie.  When I tested the script it worked.  When
    I installed it into the pseudo account it was meant to be used under
    it didn't work.  In fact it didn't ever seem to run the program I
    was trying to pipe the command to.  After several frustrating hours 
    of strace'ing and then reading the source it turned out to be
    caused by /bin/false being the shell for the pseudo account.  I am
    sure that fact was mentioned in the reams and reams of man pages you
    get with procmail - but I missed it.  Anyway, the point is that even
    for the experienced Unix user procmail is not the easiest thing to
    use.

[2] You could probably use fetchmail and then run procmail.  But this
    just makes things even more complex.

More information about the General mailing list