Attachments= No[,Filter]
Attachments= Yes[,allowed_content_types[,Filter]]
Attachments= All[,allowed_content_types[,Filter]]
Available in LISTSERV 1.8d-2000b (13.2) and following
The Attachments= keyword controls LISTSERV's list-owner-configurable message attachment filter. This feature allows you to control the posting of various types of MIME attachments (images, audio, etc.) to your lists. LISTSERV 1.8e (14.0) added the ability to control the posting of inline uuencoded files to your lists on an on/off basis (off being the default if attachment control is enabled).
NOTE: The ability of LISTSERV to filter or reject messages that contain MIME attachments is completely dependent on the ability of the poster's mail client to properly identify the MIME attachment when the mail is originally sent. Filtering/rejection is done based on the Content-Type headers found in the message--NOT by evaluation of the actual contents of the attachment. If for instance an executable binary (normally Content-Type: application/octet-stream) is sent by the client with a Content-Type of "text/plain", it will not be filtered or rejected by LISTSERV since (as noted below) text attachments are not covered by this keyword setting.
A registry of allowable MIME types for attachments, maintained by the Internet Assigned Numbers Authority (IANA) per RFC2048, can be found at
http://www.iana.org/assignments/media-types/index.html
The options are:
Attachments= Yes All types of attachments are allowed to be posted to the list (the default). Note however that other configuration options may still disallow the posting of certain attachments, and that "Attachments= Yes" does not override them. For instance, if you have "Language= NoHTML", setting "Attachments= Yes" does not override the Language= setting. Or if you have "Sizelim=" set to a value that precludes a file of x number of lines from being posted to the list, setting "Attachments= Yes" will not override the Sizelim= setting if the message with its attachment exceeds the number of lines specified by Sizelim=.
Attachments= No All types of attachments are disallowed, other than plain text (always allowed) and HTML text (which is controlled exculsively by the "Language= NoHTML" keyword setting). With "Attachments= No", LISTSERV rejects messages containing attachments and bounces them back to the poster.
Attachments= No,Filter Same as "Attachments= No", except that LISTSERV simply removes the unwanted material from the message and processes it instead of rejecting it out of hand. The removal of material is a silent operation and the poster is not notified that the attachment was discarded.
In LISTSERV 1.8e (14.0) and later, note that in all three of the above cases, when a message containing one or more uuencoded files is posted to the list, the encoded file(s) is/are stripped from the body of the message and the remainder of the message is passed through to the list. LISTSERV 1.8d (13.0) was unable to recognize or strip inline uuencoded files.
Attachments= All (Requires 1.8e (14.0) or later) This setting tells LISTSERV to allow inline, uuencoded files, such as are generated by Microsoft Outlook, overriding the default.
One important restriction: UUencode filtering is strictly on/off. There is no attempt on the part of LISTSERV to guess file types when filtering is enabled (the default). This would be hazardous to begin with as support for these attachments is usually provided on a legacy basis in mail clients; that is, client A and client B could have a very different opinion on the type of the attachment.
It is also possible to allow certain MIME types to be passed through to the list while rejecting or filtering all others. For instance,
Attachments= Yes,image,application/*msword
allows only the specified attachment types and rejects everything else. If you don't want to reject messages that contain other types of attachments, but just want to remove all other types of attachments, you add the ",Filter" parameter at the end of the line--ie,
Attachments= Yes,image,application/*msword,Filter
This means, "Allow all image and application/*msword attachments, and strip all other attachments". Again, note that plain text ("Content-Type: text/plain") is always allowed and does not need to be included in the list of allowed attachment types. Likewise, HTML text is controlled exclusively by the "Language= NoHTML" keyword setting. Other text subtypes are, however, controlled by "Attachments=", so they need to be listed if you intend to allow them.
Additionally, should it be desired to allow all inline uuencoded files but restrict the list to certain MIME types, you can specify, similar to the above, something like
Attachments= All,image,application/*msword
or
Attachments= All,image,application/*msword,Filter
(In the preceding examples note carefully that "image" by itself is equivalent to "image/*"--in other words, when you code "Attachments= image", you are saying that all MIME image sub-types, for example, "image/jpeg", "image/gif", and so forth, are to be accepted. If only certain sub-types are acceptable, for instance if you want to accept only JPEG graphics and ensure that others don't go through, you must specify the types explicitly--eg "Attachments= image/jpeg".)
Note carefully that simply coding something like "Attachments= image" will not necessarily allow all image files through. This is highly dependent on the client being used by the poster. For instance, if your client attaches all binary files as "Content-Type= application/octet-stream", regardless of whether a given binary is (for instance) an executable image, a Word file, or a compressed archive, and you send a JPEG to a list with "Attachments= image" set in the header, it will be rejected since the image does not have a "Content-Type: image" tag. Specifically this appears to be the case with Eudora 3.x but may not be limited to that particular client.
In the 1.8d (13.0) version of the attachment filter, attachments sent by Microsoft Outlook cannot be blocked by LISTSERV as they do not follow MIME standards (at least not up to and including Outlook 97; this writer has not installed Outlook 2000). Outlook sends attachments as imbedded uuencoded files and does not use the MIME Content-Type: header. LISTSERV 1.8e (14.0) and later are able to recognize and filter inline uuencoded "attachments" as noted above.
The rejection message sent by LISTSERV when ",Filter" is not specified is found in the BAD_ATTACHMENT mail template form. Note that the BAD_ATTACHMENT template form is a linear template and as such does not allow text formatting commands to be used.
The reason HTML text is not subject to "Attachments=" filtering is to allow you to reject (bounce) messages with attachments, while silently suppressing HTML text in multi-part messages which also contain a plain-text alternative. Some mail programs send both HTML and plain-text versions of messages, and, even if you do not want HTML text on your list, there is little point in keeping out people who use it (who are often new to the Internet and aren't aware that their mail programs are sending HTML text) when you can simply remove the HTML part. At the same time, you may want to reject postings containing images out of hand, rather than removing the images and continuing. The same applies to Exchange attachments, which are filtered by default (see "Language= Exchange").
Files=Yes | No
This keyword is not available in LISTSERV Lite.
(NJE only; obsolete in other versions) Indicates whether NJE files can be sent to the list or not. The default value is "No". "Files= No" may prevent some non-RFC822 mailer users from posting to lists.
Files= has absolutely no effect under the non-NJE versions of LISTSERV. Specifically it will not prevent users from sending "attached" (MIME-encoded) files to lists. It is provided under all versions for backwards compatibility only (i.e., for lists being migrated from NJE servers). See the Attachments= keyword for attachment blocking.
Filter= Only,net-address1,net-address2,...[Allow],net-addressn,... |
Filter= Also,net-address1,net-address2,...[Allow],net-addressn,... |
Filter= Safe,net-address1,net-address2,...[Allow],net-addressn,... |
"Filter=" is checked when a user attempts to post or subscribe to a list (but not when the list owner issues an ADD command). The first parameter of this keyword is either "Only", "Also" or "Safe", and it is followed by a list of patterns such as 'X400MAIL@*' or '*@*.XYZ.EDU' (without the quotes).
· If "Filter= Also..." is specified, your filter is used in addition to the standard LISTSERV filter; this is useful to register additional looping mailers, to prevent users behind broken gateways from subscribing until the problem is addressed, or to ban anonymous posters.
· If "Filter= Only..." is specified, the addresses you specify are the only ones which LISTSERV prevents from posting to the list. CAUTION: You should not use this option unless you also code "Safe= Yes", and even then you will want to ask your LISTSERV maintainer for permission. This option has been added mostly for LISTSERV maintainers with very specific problems to solve. The minimal filter is very small and you should never need to override it.
· If "Filter= Safe" is specified, LISTSERV uses the "more safe" of its two built-in filters. These built-in filters are (1) a "minimal" one, which is used for safe lists; and (2) a "safe" one which is used for lists running with "Safe= No". That is, the unsafe lists need a safe filter to avoid mailing loops; safe lists only need the minimal filter, but can be made even safer by selecting "Filter= Safe". This, however, prevents usernames such as 'root' from posting to the list, because they are included in the safe filter.
Messages sent to the LISTSERV userid for execution are always checked with the minimal filter, as people with userids such as 'root' would otherwise not be allowed to subscribe to lists which were set up to allow them.
In all cases, LISTSERV extracts as many e-mail addresses as it can from the userid being checked and runs them all through the filter. For instance if your list receives mail from 'searn.sunet.se!mailer@xyz.edu', LISTSERV will check 'searn.sunet.se!mailer@xyz.edu', 'mailer@searn.sunet.se' and 'mailer@searn' (via the ':internet.' tag in BITEARN NODES).
LISTSERV 1.8d (13.0) and later provide the ability to "exempt" certain addresses (or wildcards) from the default filters. You can combine "Filter= ...,Allow,..." with the forms documented above as long as you put the "allow" information last. That is, the first word must be ONLY, SAFE or ALSO as before, and you can then have ALLOW anywhere (including as the second word) followed by a list of addresses that should be allowed even if present in the filter. The default for ALLOW is the empty string. Examples of ALLOW usage follow:
Filter= Also,userid@host1.com,*@host2.edu
Filter= Allow,niceguy@host2.edu
The first example stops everyone from host2.edu from posting to the list, but since we've determined that niceguy@host2.edu is a considerate human being and should be allowed to post, we've defined him as an exception to the general rule by including him in the "Allow" part of the filter.
Filter= Safe,Allow,root@host1.edu
The second example would invoke the "safe" filter mentioned above, but would allow root@host1.edu to subscribe to and post to the list, instead of bouncing his mail because it matches one of the entries in the "safe" filter. All other "root" users' mail will be caught by the "safe" filter and transferred to the list owner as an error.
See also Safe= and Loopcheck=.
Review= access-level
This keyword defines the categories of users who are allowed to review the (non-concealed) Internet addresses and names of the persons subscribed to a list. Beginning with version 1.8c, the default value is "Review= Private".
Send= Public[,Confirm][,Non-Member]
Send= Private[,Confirm]
Send= Editor[,Hold][,Confirm[,Non-Member | All]][,Semi-Moderated][,NoMIME]
Send= other-access-level[,Confirm]
(Note: The "Non-Member" option is available only in LISTSERV 14.3 and later, and only with "Send= Public,Confirm" or "Send= Editor,Confirm...". Similarly, the "All" option is available only in LISTSERV 14.3 and later, and only with "Send= Editor,Confirm...". Please see below for full details.)
Defines the categories of users who can mail or send files to the list. Possibly puts the list under control of an editor. The default value is "Public". Other access-levels for use with Send= would include "Private", "Editor", "Owner", etc. (see the beginning of this document for the definition of an access-level). A literal Internet e-mail address may also be used in place of the access-level, for example, Send=joe@foo.bar.com. Using a literal address is one way to ensure that only an authorized person can post to the list, for instance, if the list is an "announce-only" list rather than a discussion list.
Requiring confirmation: When the "Confirm" option is enabled, the sender is required to confirm the posting. When LISTSERV receives mail for the list, it sends an e-mail to the sender requesting a confirmation. The confirmation can be accomplished by replying to the confirmation with another e-mail containing the text "OK" (the subject of the confirmation e-mail contains a validation "cookie") or by clicking on the confirmation URL provided in the e-mail.
List owners can require that non-subscribers actively confirm their messages to the list, while allowing subscribers to post without confirmation. This can dramatically cut down on spam for lists accepting postings from non-subscribers. When "Send=Public,Confirm" is used, the "Non-Member" setting can be specified to limit the confirmation requirements to non-members. When "Send=Editor,Confirm" is used, the "Non-Member" setting can be specified to limit the confirmations to non-members and to require editors to confirm their own posts (see below).
Moderated/Edited lists: When the list is controlled by an editor (Send= Editor), any file or piece of mail sent to the list is forwarded to the editor, who is the only person (with the list owner) to be able to actually mail or send files to the list. The network address of the editor is defined by the "Editor=" keyword (see below under "List Maintenance and Moderation").
When the "Hold" option is enabled (Send= Editor,Hold), the moderator(s) may approve postings using the "OK" mechanism rather than forwarding the posts back to the list. "Hold" is valid only with "Editor".
When the "Confirm" option is enabled on a moderated list (for instance, Send=Editor,Confirm), mail sent by any editor or moderator requires confirmation by that editor or moderator. This is to prevent a user from forging mail to the list under an editor's or moderator's return address. The confirmation request is validated with the "OK" mechanism. Please note that this does not mean that a double validation is required when an editor approves other peoples' postings, but only that the editor's own postings to the list and any reposts he does on others' behalf require a confirmation from him that he actually submitted them. In other words if the editor simply "OK"s a posting, he doesn't have to "OK" his own "OK".
It is also possible to set a list to
* Send= Editor,Hold,Confirm
This allows you to "OK" both subscriber submissions and editor/moderator approvals, as described above.
"Non-Member" and "All" options with "Confirm" (14.3 and later): List owners can require that non-subscribers actively confirm their messages to the list, while allowing subscribers to post without confirmation. This can dramatically cut down on spam for lists that accept postings from non-subscribers. To activate this feature, you would set:
* Send= Public,Confirm,Non-Member
or either
* Send= Editor,Confirm,Non-Member
or
* Send= Editor,Hold,Confirm,Non-Member
in the list header.
It should be noted that, although LISTSERV will accept “Send= Private,Confirm,Non-Member” when the header is stored, that setting is equivalent to just “Send= Private,Confirm” since by definition only subscribers are allowed to post to a list coded "Send= Private".
The intent is to help list owners cut down spam on public discussion lists, without inconveniencing normal list subscribers. For public lists, it works like "Send= Public,Confirm" if you are not a member of the list, otherwise it works as "Send= Public" (no confirmation required from subscribed users). List owners and editors are considered to be members of the list even if they are not subscribed to it, and are thus not subjected to the confirmation requirement.
For edited lists, the behavior is similar -- non-members must confirm their own postings before they are submitted to the editor for approval, whereas members' postings go directly to the editor for approval without the intermediary step. It should be noted that ",Confirm" still activates the anti-spoofing feature that already existed, which requires that the editor must approve his own postings.
Please note carefully: On an edited list, if it is desired for all posters to confirm their own postings regardless of their subscription status, substitute "All" for "Non-Member", that is
* Send= Editor,Hold,Confirm,All
forces all posters to validate their own postings before they are submitted to the editor for final approval.
IMPORTANT: "Non-Member" or "All" must always be specified in conjunction with "Confirm". For instance, setting "Send= Public,Non-Member" or "Send= Editor,All" will not activate the feature.
Semi-Moderated option for Send= Editor: When the "Semi-Moderated" option is enabled (Send= Editor,Semi-Moderated), mail sent to the list will be treated in one of two different ways, depending on the contents of its "Subject:" field. If the subject starts with "Urgent:" (case-independent), the list is treated as a non-moderated one, which means that the message will be immediately distributed provided that the sender matches the access-level description. If the subject does not start with "Urgent:", the message is forwarded to the primary list editor (unless it came from someone defined as an editor). A "Subject:" field beginning with "Re: Urgent:" is treated identically, so that replies to urgent messages are by default considered urgent.
Documented Restriction: In order to be able to override moderation, the sender must be subscribed to the list. This prevents the unintended distribution of random spam with "Urgent:" in the subject line. Note that such messages sent by non-subscribers will be rejected rather than forwarded to the moderator.
Note that
* Send= Public,Semi-Moderated
is a contradiction. If Send= Public, no Editor is involved and anyone can post to the list, so Semi-Moderated is ignored.
"Send= Private,Semi-Moderated" was supported in Revised LISTSERV prior to approximately 1994, and, while previously documented in this space, was never actually available in L-Soft LISTSERV (that is, from version 1.8a and following).
A usage example:
* Send= Editor,Semi-Moderated
* Editor=NATHAN@EXAMPLE.COM,ERIC@EXAMPLE.COM
In this example, a message sent to the list would be:
· Processed, if the sender used the "Urgent:" subject
· Forwarded to the moderator if the sender didnuse the "Urgent:" subject.
Note that in the above example, messages donget discarded if the sender isnsubscribed.
Moderation "OK" requests and MIME attachment display: In versions previous to LISTSERV 1.8e, an OK confirmation request for a message coming to a moderated list displayed the message to be approved in its "raw" format, i.e., there was no attempt made to display/decode MIME attachments that might be present in the message to be approved. LISTSERV 1.8e addresses the problem by including a copy of the first text/plain part (if one exists in the message) for the purpose of quick screening. The following restrictions apply:
1. This is only done for MIME messages (even simple single-part ones, but they must have MIME headers).
2. The text part in question is sent pretty much 'as is', that is, as an extra text/plain part in the message, with all the options and encoding and what not supplied in the original message. The reason is quite simply that it would be a lot of work and, in some extreme cases (incompatible code page, etc), completely impossible, to embed it into the first text/plain part with the LISTSERV message. The drawback is that some mail agents might conceivably only show the first part until you take some kind of clicking action.
It is important to understand that only the first text/plain part is extracted in this fashion. The goal was to make it easier to approve or reject simple text messages, not to build a factory around a simple problem. The ENTIRE message is available at an extra click.
Where security is a concern, it is important to review the ENTIRE original message and not just the plain text part. There could be an obscene GIF or another text part or a text/html part not matching the contents of the text/plain part or whatever. This is why, again, you are given the ENTIRE original message.
List owners using certain email clients (specifically Pine, which handles attachments in a secondary viewing area) may find the new format difficult to use. If preferred, the pre-1.8e behavior may be reverted to by specifying "NOMIME" in the Send= list header keyword; for instance,
* Send= Editor,Hold,NoMIME
"Hold" now forced for multi-part moderated messages: LISTSERV 14.3 and following will force ",Hold" if it is not specified with "Send= Editor" for multi-part messages, in order to generate an approval request that can display the multi-part message correctly.
Stats= Normal | None,access-level
This keyword is not available in LISTSERV Lite.
This keyword is obsolete and has absolutely no effect on all ports of the software except for VM. On non-VM servers it is provided for backwards compatibility only (i.e., for lists being migrated from VM) in order that any existing "Stats=" keyword setting in a migrated list header does not trigger a command parser error.
UNDER VM ONLY, indicates whether or not statistics are to be maintained for the list and if yes, which level of statistics is desired and who is able to retrieve the statistics reports. The default value is "Normal,Private".
Normal statistics include number of mailings for each user on the list, and similar information for file distribution.