nanog mailing list archives

Re: it's mailman time again

From: Jim Popovitch via NANOG <nanog () nanog org>
Date: Fri, 01 Sep 2023 15:00:45 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 2023-09-01 at 10:16 -0700, Randy Bush wrote:

and i just have to wonder about sending passords over the net in
cleartext in 2023.  really?

randy


For those that wish to do something about it...


$ ~/mailman/debian/patches$ cat 21-mask-mailpasswds.patch
=== modified file 'cron/mailpasswds'
- --- cron/mailpasswds  2018-06-04 19:52:31.850899000 +0000
+++ cron/mailpasswds    2018-04-24 11:14:10.770128000 +0000
@@ -141,7 +141,9 @@
     for host in byhost.keys():
         # Site owner is `mailman () dom ain'
         userinfo = {}
+        virtlist = {}
         for mlist in byhost[host]:
+            virtlist = mlist
             listaddr = mlist.GetListEmail()
             for member in mlist.getMembers():
                 # The user may have disabled reminders for this list
@@ -184,7 +186,7 @@
                     fmt = '%s\n           %-10s\n%s\n'
                 else:
                     fmt = '%-40s %-10s\n%s\n'
- -                table.append(fmt % (listaddr, password, optionsurl))
+                table.append(fmt % (listaddr, "********", optionsurl))
             # Figure out which language to use
             langcnt = 0
             poplang = None
@@ -218,7 +220,7 @@
                 # Add the table to the end so it doesn't get wrapped/filled
                 text += (header + '\n' + NL.join(table))
                 msg = Message.UserNotification(
- -                    addr, siteowner,
+                    addr, sitebounce,
                     _('%(host)s mailing list memberships reminder'),
                     text.encode(enc, 'replace'), poplang)
                 # Note that text must be encoded into 'enc' because unicode
@@ -228,11 +230,7 @@
             msg['X-No-Archive'] = 'yes'
             del msg['auto-submitted']
             msg['Auto-Submitted'] = 'auto-generated'
- -            # We want to make this look like it's coming from the siteowner's
- -            # list, but we also want to be sure that the apparent host name is
- -            # the current virtual host.  Look in CookHeaders.py for why this
- -            # trick works.  Blarg.
- -            msg.send(sitelist, **{'errorsto': sitebounce,
+            msg.send(virtlist, **{'errorsto': sitebounce,
                                   '_nolist' : 1,
                                   'verp'    : mm_cfg.VERP_PASSWORD_REMINDERS,
                                   })



-----BEGIN PGP SIGNATURE-----

iQIyBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmTyNN0ACgkQPcxbabkK
GJ93Kg/49K27NUwr2K7LV69h切玔᛫∠壿層氖鴡�鏃ꎍࡐ
pPt2KqRlnz6t0b8FnZbQljp8gVVDgWdkbrzY35PSStSzJ3K5z玡腽鱷곴
TROO8ztj95葈�荖ﳀ浈@죖癀觓占鴒굚閧쇢纄尷뒈荛
EcftLs/jRs8ghC0pSyNcZd8Bjrym�ﭫ웉ꔅ㓪懲㖺﾿붬劻쇮귒
9Iw2떁�諪ꄀ궑ԸⲨ믵춬⿺䡬᩷楏ꗛ蒣৷岒㳁ᚾ䝼謦
oL4kaYT0pfzXtjaex7Ezxi1qaMUZFZSFSIufkLYDEf31iRiBuuU3TAed6Lh
nFlGHFzUYvaCOecycVToAx0QfqORGpcWdPs8k0dZOsjTTXAiTwhZU7IY1PxKuN34
shRXG5CL4Y1xc1Sn6ohGO4E1urhDATAqFHwSh39w/aKhI23d4udOZhivTKCk8zlb
7P3795tfA1XFKReXUNwoFnwq2cvSjbusDg5Q2epBsuntMS70ZvJ25wM4uY9Bzg0K
3PLlzmmRNFhUnLMDD450uaGtQmQCgfQtEXIIgPiEQtk0zol2O3Zzx/TW䉪龭
81fegq1UhuyTkNRDqgWjskFd2zUYlW/0u5CLdGYtmTdn6lJ51Q==
=jjjM
-----END PGP SIGNATURE-----

Current thread:

it's mailman time again Randy Bush (Sep 01)
- Re: it's mailman time again Grant Taylor via NANOG (Sep 01)
- Re: it's mailman time again Rubens Kuhl (Sep 01)
- Re: it's mailman time again Jim Popovitch via NANOG (Sep 01)
- Re: it's mailman time again Rich Kulawiec (Sep 02)
  - Re: it's mailman time again Aaron de Bruyn via NANOG (Sep 02)
    - Re: it's mailman time again John Levine (Sep 02)
  - Re: it's mailman time again John Levine (Sep 02)
    - Re: it's mailman time again Jim Popovitch via NANOG (Sep 02)
    - Re: it's mailman time again Randy Bush (Sep 02)
    - Re: it's mailman time again Richard Porter (Sep 02)
    - Re: it's mailman time again J. Hellenthal via NANOG (Sep 03)