RE: mod_security and Dada Mail
-----Original Message----- From: Dada Mail (Justin Simoni) [mailto:dada@skazat com] Sent: May 25, 2006 5:01 PM To: bruno@digi-land com Subject: [dadadev] mod_security and Dada Mail
Hello all,
I've been working on a client's install, and we've found that the
apache plugin, "mod_security" -> http://www modsecurity org/ seems to
hose Dada Mail's mailing list message sending You'll receive lines
in the apache error log that say things like:[Thu May 25 07:51:21 2006] [error] [client 12 345 123 341] mod_security: Warning Pattern match "([0-9a-zA-Z]+[- +&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[ ])+[a-zA-Z ]{2,6}" at POSTPAYLOAD [hostname "example com"] [uri "/cgi-bin/dada/mail cgi"]
That I'm not quite sure what the pattern is matching, but it looks
like an email address (I think?!)Turning mod_security, off seems to relieve the problem You may
have luck turning mod_security off using an htaccess file in the cgi- bin/dada directory, with this as its contents:SecFilterEngine Off
I'll let you guys know more information, when I find out more
information myselfIf anyone seems to have similar problems, please, let me know,
-- Justin Simoni
[snip]
mod_security is an open source firewall As such it implements rules such as the one you are seeing where it check POST values agains this pattern (email validation) Presumably to detect and cut down on spam :) For the paranoid there is no need to turn of mod_security, just ditch the rule
Bruno Cantieni
#
Digital Landscape - Cyboretum com Web Applications * Web Hosting * e-Commerce http://www digi-land com http://www cyboretum com bruno@digi-land com Phone/Fax: 1+905 668 2255 Toll free: 1+877 668 2345
Digital Landscape and Cyboretum com are divisions of CBF Productions Inc
- This mailing list is a public mailing list - anyone may join or leave, at any time.
- This mailing list is a group discussion list (unmoderated)
-
Start a new thread, email: dadadev@dadamailproject.com
This is the developer discussion mailing list for Dada Mail.
If you are just looking for support Dada Mail, consult the message boards at:
https://forum.dadamailproject.com
Documentation for Dada Mail:
Specifically, see the Error FAQ:
https://dadamailproject.com/d/FAQ-errors.pod.html
To post to this list, send a message to:
mailto:dadadev@dadamailproject.com
All subscribers of this list may post to the list itself.
Topics that are welcome:
- Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
- Bug/Error reports
- Bug fixes
- Request For Comments on any changes to the program
- Help customizing Dada Mail for your own needs
- Patches
- Language Translations
- Support Documentation/Doc editing, FAQ's, etc.
- Discussion of any changes that you would like to be committed to the next version of Dada Mail -
Dada Mail is on Github:
https://github.com/justingit/dada-mail/
If you would like to fork, branch, send over PRs, open up issues, etc.
Privacy Policy:
This Privacy Policy is for this mailing list, and this mailing list only.
Email addresses collection through this mailing list are used explicitly to work within this email discussion list.
We only collect email addresses through our Closed-Loop Opt-In system.
We don't use your email address for any other purpose.
We won't be sharing your email address with any other entity.
Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.
All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.
All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.