Dale Newfield <Dale@Newfield.org> writes:
On Thu, 23 Oct 2003, Greg Stark wrote:
I like very much that the mail systems reject virus and worm mails.
That's silly. You should instead like very much that mail clients weren't susceptible to such things and the delivery mechanism didn't have to coddle the mail clients.
Mailman should not take any such drastic action purely on the basis of a bounce
That's the whole point of bounce processing. A bounce signifies an invalid email address.
No, bounces can mean various things. Anything from an overfull mailbox, to a message that is too large or otherwise unacceptable. It could be a temporary situation, or it could be because of the particular message.
In any case trusting a message provided from an outside source to serve as a valid test violates security principles. What if i find a message that causes postfix to core dump? I can send it to the mailing list a few times in a row and cause every subscriber of yours using postfix to be unsubscribed from your mailing list.
If you don't want bounces to ever cause people to be removed from your mailing lists, turn off bounce processing.
I'm not the list admin, I'm a poor hapless list subscriber. I get unsubscribed from mailman mailing lists every few months due to this behaviour.
I don't get unsubscribed from ezmlm lists because (as much as I dislike qmail and ezmlm in general) this is one thing it gets right. If ezmlm notices bounces of list messages it doesn't just unsubscribe you summarily, it sends a message of its own with known content and format and only unsubscribes you if that bounces. In fact it does a second iteration of that, which is a good idea but doesn't really seem necessary.
In fact if it weren't for ezmlm's handling of this I would never have figured out why I kept getting dropped from mailman lists. I would have always just assumed it as a bug with mailman.
If you don't want real messages to get bounced
No real messages to me have ever been bounced to my knowledge.
encourage people to use mail clients that aren't so full of holes that the host mail system needs to cause valid email addresses to bounce.
I would love an option to mailman to refuse subscriptions from a list of blacklisted MUAs. I would recommend some lists exclude Outlook on security concerns. It wouldn't reduce the need for proper safe bounce handling. Trusting bounces to messages of unknown content is simply unsafe.
-- greg