"JWB" == John W Baxter <John> writes:
JWB> I see the basic "how do I let the right people post to this
JWB> announce list automatically" question often enough to
JWB> indicate that there is a perceived need.
JWB> Let's put digital signature technology to work.
With MM2.1, this will only be necessary if you don't trust the From: header. I'm not saying I do trust it -- we all know it's easily forged, but I am saying that the basic mechanisms you talk about are already in place. We'd simply need to add a way to manage and consult the PKI.
I'd classify this as a useful feature for MM3.0, once we have a consolidated user database. Then the users could add public keys to their records and Mailman could consult them against the signatures for authentication of the From: address.
JWB> Checkbox: Automatically and silently reject (with logging)
JWB> any message not from a listed sender and properly signed.
JWB> Variations (not silently rejected, etc, if desired...but
JWB> sending a rejection message gives the would-be rogue poster
JWB> information).
This is turning into a common pattern, so it's likely something I'll refactor in future versions. You basically want to do something like this:
see if the message matches some criteria (e.g. from a known non-member, from a moderated member, etc.)
if so, then decide on an action:
approve the message right now; send on without further moderation steps
let pass to subsequent moderation steps; we haven't ruled this message out, but we haven't actively ruled it in either
hold the message for moderator approval
- send a notification to the sender, or
- don't send a notification to the sender
- reject the message outright, bouncing it
- this implies sending a notice to the sender
- discard the message without further notification (but w/ logging probably).
I've really only started to mull over in my mind the way to implement this. As usual, the sticky point is in designing a useable web gui for customization.
"DN" == Dale Newfield <dale@newfield.org> writes:
>> Let's put digital signature technology to work.
DN> I think we'd get quite a bit of bang for the effort just
DN> adding a checkbox to the admindb page saying "and add this
DN> sender to auto-approve list?" So it's easy to moderate a
DN> person's messages as long as you want, and then also easy to
DN> say "yeah--approve this and all future posts from this
DN> person.")
My time machine is working well then! Check out MM2.1's admindb summary page. You can by default turn on the moderation flag for all new members, and decide on an action for a moderated member (see above). If you decide to hold messages from moderated members, you'll see an extra checkbox on the disposition gui asking you if you want to turn off the member's moderation flag.
This will be the way to quarantine new members until they can be trusted. You'll also be able to do things like ban somebody from subscribing from a list.
-Barry