Re: it's mailman time again

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 2023-09-01 at 10:16 -0700, Randy Bush wrote: +AD4 and i just have to wonder about sending passords over the net in +AD4 cleartext in 2023.+AKA really? +AD4 +AD4 randy For those that wish to do something about it... +ACQ +AH4-/mailman/debian/patches+ACQ cat 21-mask-mailpasswds.patch +AD0APQA9 modified file 'cron/mailpasswds' - --- cron/mailpasswds 2018-06-04 19:52:31.850899000 +-0000 +-+-+- cron/mailpasswds 2018-04-24 11:14:10.770128000 +-0000 +AEAAQA -141,7 +-141,9 +AEAAQA for host in byhost.keys(): +ACM Site owner is +AGA-mailman+AEA-dom.ain' userinfo +AD0 +AHsAfQ +- virtlist +AD0 +AHsAfQ for mlist in byhost+AFs-host+AF0: +- virtlist +AD0 mlist listaddr +AD0 mlist.GetListEmail() for member in mlist.getMembers(): +ACM The user may have disabled reminders for this list +AEAAQA -184,7 +-186,7 +AEAAQA fmt +AD0 '+ACU-s+AFw-n +ACU--10s+AFw-n+ACU-s+AFw-n' else: fmt +AD0 '+ACU--40s +ACU--10s+AFw-n+ACU-s+AFw-n' - - table.append(fmt +ACU (listaddr, password, optionsurl)) +- table.append(fmt +ACU (listaddr, +ACIAKgAqACoAKgAqACoAKgAqACI, optionsurl)) +ACM Figure out which language to use langcnt +AD0 0 poplang +AD0 None +AEAAQA -218,7 +-220,7 +AEAAQA +ACM Add the table to the end so it doesn't get wrapped/filled text +-+AD0 (header +- '+AFw-n' +- NL.join(table)) msg +AD0 Message.UserNotification( - - addr, siteowner, +- addr, sitebounce, +AF8('+ACU(host)s mailing list memberships reminder'), text.encode(enc, 'replace'), poplang) +ACM Note that text must be encoded into 'enc' because unicode +AEAAQA -228,11 +-230,7 +AEAAQA msg+AFs'X-No-Archive'+AF0 +AD0 'yes' del msg+AFs'auto-submitted'+AF0 msg+AFs'Auto-Submitted'+AF0 +AD0 'auto-generated' - - +ACM We want to make this look like it's coming from the siteowner's - - +ACM list, but we also want to be sure that the apparent host name is - - +ACM the current virtual host. Look in CookHeaders.py for why this - - +ACM trick works. Blarg. - - msg.send(sitelist, +ACoAKgB7'errorsto': sitebounce, +- msg.send(virtlist, +ACoAKgB7'errorsto': sitebounce, '+AF8-nolist' : 1, 'verp' : mm+AF8-cfg.VERP+AF8-PASSWORD+AF8-REMINDERS, +AH0) -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmTyNN0ACgkQPcxbabkK GJ93Kg/49K27NUwr2K7LV69h+UgdzlBbr4tEiIFj/7pVcZGwWnSHaOpPDo40IUMl pPt2KqRlnz6t0b8FnZbQljp8gVVDgWdkbrzY35PSStSzJ3K5z+c6GBfZx37mms9O TROO8ztj95+hEjfjINW/MBtSABAyNbztnZAidNTYJ0SrVqVp8HifoRcN7SIg1uzC EcftLs/jRs8ghC0pSyNcZd8Bjrym+2q37a8bJpQU06vqLNbrjgf+/vaxSu8HurdI 9Iw2+tYHeZ/PyiuqhAK2RBTgsqLv1zawv+khsGndpT6XbhKMJ91ySPMEWvkd8iyb oL4kaYT0pfzXtjaex7Ezxi1qaMUZFZSFSIufkLYDEf31iRiBuuU3TAed6Lh+5UPF nFlGHFzUYvaCOecycVToAx0QfqORGpcWdPs8k0dZOsjTTXAiTwhZU7IY1PxKuN34 shRXG5CL4Y1xc1Sn6ohGO4E1urhDATAqFHwSh39w/aKhI23d4udOZhivTKCk8zlb 7P3795tfA1XFKReXUNwoFnwq2cvSjbusDg5Q2epBsuntMS70ZvJ25wM4uY9Bzg0K 3PLlzmmRNFhUnLMDD450uaGtQmQCgfQtEXIIgPiEQtk0zol2O3Zzx/TW+QmqfrYX 81fegq1UhuyTkNRDqgWjskFd2zUYlW/0u5CLdGYtmTdn6lJ51Q== =jjjM -----END PGP SIGNATURE-----