> Basically, I most definitely do not want Hypermail to automagically decode
> and save MIME attachements into the archive directory.
There is no general switch-off for this, no.
> People should not be sending them to a list in the first place and I want
> to avoid any potential security issues this might lead to.
I am aware that the current way of storing attachments using the supplied name may offer ways to screw up the web server, such as your .htaccess example. However, instead of disabling the feature I would rather like to hear suggestions on how to avoid the risks.
> The docs offer an "HM_IGNORE_TYPES" variable but unfortunately this
> appears to have no "wild card" option.
The docs aren't really telling the truth here! ;) If you get a recent version, all the type-lists feature wildcard matchings.
-- Daniel Stenberg - http://www.fts.frontec.se/~dast ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`olReceived on Mon 19 Apr 1999 03:48:30 PM GMT
This archive was generated by hypermail 2.3.0 : Sat 13 Mar 2010 03:46:11 AM GMT GMT