[Mailman-Developers] Re: Bounce removal parameters default values
gsstark at mit.edu
Thu Oct 23 13:41:49 EDT 2003
Dale Newfield <Dale at Newfield.org> writes:
> On Thu, 23 Oct 2003, Greg Stark wrote:
> > I like very much that the mail systems reject virus and worm mails.
> That's silly. You should instead like very much that mail clients weren't
> susceptible to such things and the delivery mechanism didn't have to
> coddle the mail clients.
> > Mailman should not take any such drastic action purely on the basis of a
> > bounce
> That's the whole point of bounce processing. A bounce signifies an
> invalid email address.
No, bounces can mean various things. Anything from an overfull mailbox, to a
message that is too large or otherwise unacceptable. It could be a temporary
situation, or it could be because of the particular message.
In any case trusting a message provided from an outside source to serve as a
valid test violates security principles. What if i find a message that causes
postfix to core dump? I can send it to the mailing list a few times in a row
and cause every subscriber of yours using postfix to be unsubscribed from your
> If you don't want bounces to ever cause people to be removed from your
> mailing lists, turn off bounce processing.
I'm not the list admin, I'm a poor hapless list subscriber. I get unsubscribed
from mailman mailing lists every few months due to this behaviour.
I don't get unsubscribed from ezmlm lists because (as much as I dislike qmail
and ezmlm in general) this is one thing it gets right. If ezmlm notices
bounces of list messages it doesn't just unsubscribe you summarily, it sends a
message of its own with known content and format and only unsubscribes you if
that bounces. In fact it does a second iteration of that, which is a good idea
but doesn't really seem necessary.
In fact if it weren't for ezmlm's handling of this I would never have figured
out why I kept getting dropped from mailman lists. I would have always just
assumed it as a bug with mailman.
> If you don't want real messages to get bounced
No real messages to me have ever been bounced to my knowledge.
> encourage people to use mail clients that aren't so full of holes that the
> host mail system needs to cause valid email addresses to bounce.
I would love an option to mailman to refuse subscriptions from a list of
blacklisted MUAs. I would recommend some lists exclude Outlook on security
concerns. It wouldn't reduce the need for proper safe bounce handling.
Trusting bounces to messages of unknown content is simply unsafe.
More information about the Mailman-Developers