Good choice of defaults for content filtering?
Hi all,
I had MM2 set to the default filtering that I think came OOTB. MM3 has none such and I was wondering: a. What were those MM2 defaults (My MM2 server is long gone now). b. Is there a better set today. I know that MIME types can be faked, but they have worked. I want to avoid anything that can contain malicious code while also allowing simple text to go through.
Yours,
Allan
On 7/30/20 5:00 PM, hansen@rc.org wrote:
Hi all,
I had MM2 set to the default filtering that I think came OOTB. MM3 has none such and I was wondering: a. What were those MM2 defaults (My MM2 server is long gone now).
You will find the content filtering defaults beginning at <https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Defaults.py.in#L1410>. These have been the defaults for new lists since Mailman 2.1.21. Prior th that, the the default for pass_mime_types was
['multipart/mixed', 'multipart/alternative', 'text/plain']
b. Is there a better set today. I know that MIME types can be faked, but they have worked. I want to avoid anything that can contain malicious code while also allowing simple text to go through.
If you go with the current defaults, except of course for setting filter content on, you can add text/html to pass_types and any html parts that aren't collapsed out by collapse alternatives will be kept and converted to plain text.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Excellent. Thank you, Mark.
Allan Hansen P.O. Box 2423 Cypress, CA 90630
On Jul 30, 2020, at 18:00, Mark Sapiro <mark@msapiro.net> wrote:
On 7/30/20 5:00 PM, hansen@rc.org wrote:
Hi all,
I had MM2 set to the default filtering that I think came OOTB. MM3 has none such and I was wondering: a. What were those MM2 defaults (My MM2 server is long gone now).
You will find the content filtering defaults beginning at <https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Defaults.py.in#L1410>. These have been the defaults for new lists since Mailman 2.1.21. Prior th that, the the default for pass_mime_types was
['multipart/mixed', 'multipart/alternative', 'text/plain']
b. Is there a better set today. I know that MIME types can be faked, but they have worked. I want to avoid anything that can contain malicious code while also allowing simple text to go through.
If you go with the current defaults, except of course for setting filter content on, you can add text/html to pass_types and any html parts that aren't collapsed out by collapse alternatives will be kept and converted to plain text.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
participants (3)
-
Allan Hansen -
hansen@rc.org
-
Mark Sapiro