Re: [Mailman-Developers] [ mailman-Bugs-1416853 ] Jan 14 change toHandlers/SpamDetect.pyisincomplete
Dan Astoorian wrote:
Personally, I'm of the opinion that it's wrong ever to use a reject rule for spam filtering in the first place, since so much spam has forged sender information anyway, but debating that is well beyond the scope of how this bug should be fixed.
I think we all agree that 'spam' should be discarded or maybe held for examination by a human, but never rejected.
The problem I see is that while header_filter_rules are in the Spam filters section of the admin interface and enforced by a module named SpamDetect, they can actually be used in other ways to reject messages which are not 'spam' per se.
However, I agree with Mark that discarding instead of rejecting feels wrong.
Would checking the x-beenthere: headers to avoid the loop not be a far cleaner solution, or is there some reason I've overlooked why that wouldn't work?
X-Been-There: won't work because it's never added in messages to -owner.
Perhaps we could test if msg.get_sender() == mlist.GetOwnerEmail(), and discard in that case only, but I'd want a somewhat different test in case the sender's domain were not identical - something like
if msg.get_sender().split('@')[0] == \
mlist.GetOwnerEmail().split('@')[0]:-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
Perhaps we could test if msg.get_sender() == mlist.GetOwnerEmail(), and discard in that case only, but I'd want a somewhat different test in case the sender's domain were not identical - something like
if msg.get_sender().split('@')[0] ==
mlist.GetOwnerEmail().split('@')[0]:
Nope. This won't do either. Consider that someone spoofs a message from list1-owner to list2-owner and this matches a list2 reject rule. Reject is sent from list2-owner (rejects come from -owner) to list1-owner and this matches a list1 reject rule. Reject is sent from list1-owner to list2-owner and we have a ping-pong loop.
If we're going to test sender, it would have to be something like
if msg.get_sender().split('@')[0].endswith('-owner'):-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
"Mark" == Mark Sapiro <msapiro@value.net> writes:
Mark> The problem I see is that while header_filter_rules are in
Mark> the Spam filters section of the admin interface and enforced
Mark> by a module named SpamDetect, they can actually be used in
Mark> other ways to reject messages which are not 'spam' per se.I'm tempted to say that in that case the logic should be moved to a separate module, which is imported to SpamDetect with the restriction that REJECT is not available, while another Handler is created for PolicyFilters. They maintain separate rule lists etc.
Sound like a lot of work when simply documenting that spam should _never_ be rejected should be enough.<wink>
-- School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software.
participants (2)
-
Mark Sapiro -
Stephen J. Turnbull