I'm currently the admin of a few Mailman lists. There used to be lots of spam and viruses, so we added Spamassassin to our procmail configuration, which dumps flagged messages to a designed file. Obviously, it does not catch everything, such as messages *totally* unrelated with the list subject comming from lost people, or some viruses/worms. So we decided to moderate the lists. Even subscribers see their posts moderated, because some worms spread by sending messages with a forged sender, which would get through anyway.

The traffic of "real" messages is currently below 10 messages per day, so it's quite manageable. However, even though there are 4 moderadors, it can take many hours for a message to get moderated.

We would like to be able to let known people post to the list without having their message delivery delayed by the moderation.

My proposal is to have Mailman manage a whitelist consisting of PGP keys. Messages signed with a "white" key would skip moderation.

Subscribers willing to use this feature would only have to submit their key to a specific PGP key server. When a message that is signed but whose PGP key is not in the whitelist comes in, it would be dropped in the moderation queue. When the moderator looks at the list of messages, he would be given an extra option: "Add key 0x00000000 to whitelist". When submitting the form with this option selected, Mailman would fetch the key from its configured keyserver, and add it to its whitelist. That way, the next message signed with that key would not get moderated.

If you change your key (new identity, or because it has expired), you simply have to submit it to the keyserver, and only your "first" message would be moderated. Note that the moderator does not have to verify your new key, his job is only to make sure the content of your mail is appropriate. It's up the each subscriber to get your key, verify it, possibly sign it, and verify the messages you send.

Most key servers also have a web interface for adding, updating and searching for keys. A simple link to this web interface from the list info page would be a good-enough integration, in my opinion.

I have searched the archives for discussions of PGP and Mailman, and found an interesting post[1] from Phil Stracchino, who describes an "Accept signed posts only" option, but which lacked a good description of how keys would get to the whitelist. My proposal does not allow spammers to automatically add their key and then post their crap, because a first signed message has to be approved by the moderator, who will discover the spam, and reject the message without adding the key to the whitelist.

I also found two[2] patches[3] for adding PGP support to Mailman, but only adding *encryption* support, not simple signatures. However, because those two patches have already integrated GnuPG into Mailman, it would be a good base for going further by implementing my idea.

I don't know Mailman's code a lot, but I have hacked it a bit recently to add the "approved" header for posting to usenet, and made the same Message-Id appear in both regular mail and usenet deliveries. I am willing to spend some time implementing the feature I described, and I was even contacted by an other person offering help.

I found two messages stating we should wait until 2.1 is released, which seems to be done now. I'd like to know the status of the PGP support, mainly to figure out which of the two patches to build on. Is anybody planning to apply an existing patch for adding PGP support?

As for those that might ask "why bother implementing this if 95% of the planet don't know what PGP is?" I answer that I know enough people on the list I administer that know how to use PGP, and would actually be very happy if that was implemented :)

Thanks for your help,

Nicolas Marchildon

[1]http://www.mail-archive.com/mailman-developers@python.org/msg05055.html [2] https://sourceforge.net/tracker/?func=detail&atid=300103&aid=645297&group_id=103 [3] http://www.nah6.com/products/secure-list/

-- OpenPGP public key: http://nicolas.marchildon.net/pubkey.txt Key fingerprint: 5E84 1089 0036 BB63 6997 232C 8FFB 777D 39D4 B2D4 Jabber ID: nicolas@marchildon.net http://www.jabber.org What have you done for freedom today? http://www.gnu.org