From Newsgroup: alt.privacy.anon-server

A new version of Mail2Dizum is available, the secure web interface
for posting to Usenet via dizum.com mail2news gateway.

What's New in v1.3.0
--------------------

[SECURITY] Anti-Correlation Message-ID Generator
The most significant change in this release addresses the Message-ID

New Message-ID format:
- Fully randomized local part (variable length 16-32 hex chars)
- Fully randomized domain part (variable length 8-16 hex chars)
- Random TLD from realistic list (net, org, com, info, de, fr, etc.)
- Optional random subdomain (33% probability)
- Optional dots inserted at random positions
- Generated using crypto/rand for cryptographic security

Example outputs:
<a7f3.b9c2d1e4f5a6@k9m2n4p7.net>
<8f3a9b2c7d1e4f5a6b7c8d9e@abc123.x7k2m9.org>
<1a2b3c4d5e6f@9f8e7d.info>

[SECURITY] Strict From Field Validation

New validation rules for the From field:
- Username: 1-2 words maximum
- Each word: max 12 characters, alphanumeric only
- Email must be enclosed in <brackets>
- Full injection protection (blocks \r \n ; ' " \ | & $ `)

Valid examples:
John <john@example.com>
John Doe <john.doe@mail.org>
Anonymous99 <anon@privacy.net>

Rejected examples:
John Michael Smith <x@y.com> (3 words)
VeryLongUsername <x@y.com> (>12 chars)
John! <x@y.com> (special char)
John x@y.com (missing brackets)

[SECURITY] Additional Input Validation

- isValidNewsgroup(): validates 1-3 newsgroups separated by comma
- isValidSingleNewsgroup(): validates individual newsgroup format
- isValidMessageID(): validates References field format
- isValidSMTPServer(): validates custom SMTP server input
- All validators include injection character blocking

Newsgroup field examples:
alt.test (single)
alt.test,alt.privacy.anon-server (two)
alt.test,misc.test,alt.anonymous.messages (three - max)

[UI] Template Improvements

- Added format hints below input fields
- Updated placeholder text for clarity
- dizum.com link added to success page

Feedback welcome.
--
Mail2Dizum Project
https://github.com/gabrix73/mail2dizum

Gabx

Victor Hostile Communication Centre
https://yamn.virebent.art http://e2mjj44t3eauxra2rmrlpn7vbd6whziypccfehlrlgnnvgr6xwp5lrad.onion/

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy.anon-server

In article <41e75d5e572c3b7c66.5e91c0ed3f@349276.416dd097e93dce.eu>
Gabx <victor@virebent.invalid> wrote:

A new version of Mail2Dizum is available, the secure web interface
for posting to Usenet via dizum.com mail2news gateway.

What's New in v1.3.0
--------------------

[SECURITY] Anti-Correlation Message-ID Generator
The most significant change in this release addresses the Message-ID

New Message-ID format:
- Fully randomized local part (variable length 16-32 hex chars)
- Fully randomized domain part (variable length 8-16 hex chars)
- Random TLD from realistic list (net, org, com, info, de, fr, etc.)
- Optional random subdomain (33% probability)
- Optional dots inserted at random positions
- Generated using crypto/rand for cryptographic security

Example outputs:
<a7f3.b9c2d1e4f5a6@k9m2n4p7.net>
<8f3a9b2c7d1e4f5a6b7c8d9e@abc123.x7k2m9.org>
<1a2b3c4d5e6f@9f8e7d.info>

[SECURITY] Strict From Field Validation

New validation rules for the From field:
- Username: 1-2 words maximum
- Each word: max 12 characters, alphanumeric only
- Email must be enclosed in <brackets>
- Full injection protection (blocks \r \n ; ' " \ | & $ `)

Valid examples:
John <john@example.com>
John Doe <john.doe@mail.org>
Anonymous99 <anon@privacy.net>

Rejected examples:
John Michael Smith <x@y.com> (3 words)
VeryLongUsername <x@y.com> (>12 chars)
John! <x@y.com> (special char)
John x@y.com (missing brackets)

[SECURITY] Additional Input Validation

- isValidNewsgroup(): validates 1-3 newsgroups separated by comma
- isValidSingleNewsgroup(): validates individual newsgroup format
- isValidMessageID(): validates References field format
- isValidSMTPServer(): validates custom SMTP server input
- All validators include injection character blocking

Newsgroup field examples:
alt.test (single)
alt.test,alt.privacy.anon-server (two)
alt.test,misc.test,alt.anonymous.messages (three - max)

[UI] Template Improvements

- Added format hints below input fields
- Updated placeholder text for clarity
- dizum.com link added to success page

Feedback welcome.

Works great, thanks.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy.anon-server

A new version of Mail2Dizum is available...

Good job!



--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy.anon-server

So why is https://github.com/gabrix73/mail2dizum written in two
languages?

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy.anon-server

because they are two languages!

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy.anon-server

The most significant change in this release addresses the Message-ID

What's the point of your pro-correlation Message-ID?
It has enough bits in it for you to encode identities in it. We must trust that you won't.

Just don't set a Message-ID and let the mail2news set its own. It's already uncorrelatable.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy.anon-server

On Thu, 25 Dec 2025 17:22:41 -0000, Nomen Nescio <nobody@dizum.com> wrote:

The most significant change in this release addresses the Message-ID

What's the point of your pro-correlation Message-ID?
It has enough bits in it for you to encode identities in it. We must trust that you won't.

Just don't set a Message-ID and let the mail2news set its own. It's already uncorrelatable.

You are probable right.
Merci

Gabx

--- Digital Signature --- VrsFp3jfgIImjKLqUqLrZTZkImzGY6PLPRJ1kkF8swuTjZHASFt9SI0mSgjzzb/3XJKhh/TI5d30ISSu1u8zAg==

--- Synchronet 3.21a-Linux NewsLink 1.2