Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
I'm taking this back on list, since I think the principles are relevant to Mailman.
--On 10 August 2006 17:07:48 -0700 Jeff Schnitzer <jeff@infohazard.org> wrote:
Ah, you want to reject /senders/ at SMTP time, not recipients. Ignore my last message.
There's no reason why SubEtha can't bounce mail from unknown senders. It would not be difficult to do*, and may show up in a future release. However, it's not the universally appropriate solution.
Yes, I know. I filed a bug report, and was told it was a feature not a problem. That's when I stopped considering using the s/w. This was a couple of months ago. If the situation changes, then it would be worth considering again.
I see three different solutions to this problem (mail from unknown recipients):
Reject it at SMTP time. Legitimate senders are notified that their mail was not delivered but there is no opportunity to auto-moderate the message or any opportunity for list administrator to moderate the message. Great for spam rejection though.
Hold the message and send the envelope sender instructions to auto-moderate. Very friendly to legitimate users but bad for the recipients of joe-jab attacks. However, using SPF makes this a non-issue.
I'm not anti-spf in principle - unlike Brad. However, it's not widely deployed so it can't be relied on in this case.
Using this on a relatively isolated network or behind heavy spam control makes this a non-issue.
Well, there wouldn't be much point putting an MLM server on an isolated network. Not for us, where inter-institutional collaboration is very important.
- Hold the message silently, sending no instructions for auto-moderation. This is not so friendly for legitimately confused users whose messages go into a vacuum, but the ideal circumstance for announce-only lists which *always* moderate all messages. Of course, this is just fine for spam control.
Yes, that sucks, but that's where we're left with Mailman. In fact, it's one of the main reasons I'm looking for a MLM that does (1). I can't think of any case in which (3) is better than (1).
There are perfectly legitimate reasons to use any of these 3 approaches. We started off with #2, and will probably eventually accommodate all three. I'm sorry if it's not on a schedule that makes you happy, but we certainly do accept patches.
- This depends on what sort of MTA you are using. If SubEtha is directly receiving public input, it's trivial. If inbound mail is being relayed through another MTA, it gets a lot more complicated. The problem is not a design issue in SubEtha, it's the antiquated design of all commonly used MTAs. Anyone who wants to integrate *anything* with Postfix/Exim/Sendmail/Qmail and friends will be frustrated - they just don't provide easy hooks into the SMTP exchange.
No, it's very easy common to do call forwards with Exim. That would tell me when the list won't accept the sender. So, if Brad's right about Postfix and Sendmail, that just leaves Qmail and friends. Never mind.
-- Ian Eiloart IT Services, University of Sussex
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ian, I'm not sure what kind of feedback you're looking for, but this
one comment stood out to me:
On Aug 11, 2006, at 7:14 AM, Ian Eiloart wrote:
- Hold the message and send the envelope sender instructions to auto-moderate. Very friendly to legitimate users but bad for the recipients of joe-jab attacks. However, using SPF makes this a non-issue.
- Hold the message silently, sending no instructions for
auto-moderation. This is not so friendly for legitimately
confused users whose messages go into a vacuum, but the ideal circumstance for announce-only lists which *always* moderate all messages. Of course, this is just fine for spam control.Yes, that sucks, but that's where we're left with Mailman. In fact,
it's one of the main reasons I'm looking for a MLM that does (1). I
can't think of any case in which (3) is better than (1).
Although I have not implemented it yet, Mailman 2.2 will definitely
get auto-moderation. IOW, should a non-member send a message to a
mailing list, and if that mailing list is so configured, Mailman will
hold the message and send a message to the From address asking for
verification of the post. I'm assuming this is what you mean by
"auto-moderation".
I'm not worried about joe-jobbing because Mailman could easily send
just one auto-moderation message per unit of time, or number of posts
to limit any backspamming. There are issues related to how long you
want to hold such auto-moderated posts and such, but I think those
are all manageable. There's also the question of how long you want a
verified non-member to be able to post to a list, but again, this is
doable (hopefully without introducing a bajillion new admin knobs).
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRNzqInEjvBPtnXfVAQIviwP/TtiHJRvZDOgpGjuK5NS6bmugPZajPLfo 6gYWLWB+e6jdCRrlIOfkYN27lR1NovGzhbZwBP8q3l84aDeNCvyMscCOvaZUjv8m sFbYe2zDYzYG4yjeuY1XFlfXl2PVlgAwh1LQZ3PyJSq08JltTxYG4X+wTzDJOEJZ KWDor5pRDJE= =knT6 -----END PGP SIGNATURE-----
At 4:35 PM -0400 2006-08-11, Barry Warsaw wrote:
Although I have not implemented it yet, Mailman 2.2 will definitely get auto-moderation. IOW, should a non-member send a message to a mailing list, and if that mailing list is so configured, Mailman will hold the message and send a message to the From address asking for verification of the post. I'm assuming this is what you mean by "auto-moderation".
I'm confused. Unless I'm misunderstanding what you're talking about, Mailman 2.1.x already does this today. You try to post to a list that is restricted to subscribers only, and then your message may be rejected, or you may get a message saying that the post is being held for moderation, or it may get silently thrown away, etc.... It all depends on how the listowner has configured things, but to this level, this kind of thing works today.
I'm not worried about joe-jobbing because Mailman could easily send just one auto-moderation message per unit of time, or number of posts to limit any backspamming.
Okay, now that's different. This actually clicks in very well with the recent article I wrote on fighting spam for publication on the LOPSA website, because backscatter has become one of my biggest hot buttons lately. Putting an intelligent limiter on the potential causes of backscatter (like no more than one notice per recipient per day, or whatever), brings it down into the realm of what I would consider to be less than ideal but at least below the threshold of "totally unacceptable".
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 11, 2006, at 8:52 PM, Brad Knowles wrote:
At 4:35 PM -0400 2006-08-11, Barry Warsaw wrote:
Although I have not implemented it yet, Mailman 2.2 will definitely get auto-moderation. IOW, should a non-member send a message to a mailing list, and if that mailing list is so configured, Mailman
will hold the message and send a message to the From address asking for verification of the post. I'm assuming this is what you mean by "auto-moderation".I'm confused. Unless I'm misunderstanding what you're talking about, Mailman 2.1.x already does this today. You try to post to a list that is restricted to subscribers only, and then your message may be rejected, or you may get a message saying that the post is being held for moderation, or it may get silently thrown away, etc.... It all depends on how the listowner has configured things, but to this level, this kind of thing works today.
Today, held messages still have to be approved by the moderator.
What I propose is to allow posters to self-moderate, simply by
verifying that their address is real. This probably means a
clickable link and (maybe) a header cookie for replying. Think
Gmane's auto-moderation approach.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROBvmHEjvBPtnXfVAQJogQQAqMF/7HmCBTMmeEnuwwBAjf+4Ny8n7gpG 8IdqTllrfHcdlwD39NIDC9v+DTczk6xoS3AbyOp5oBFvmk3ZZicoNQXaO/FwuXoE v3SZxrC7axBaPAMtssv0qsBCA8XHt5lCmNU+pvKrSw/4y7sKd3erj+309x0kqBDr 8hPgB8eHjK8= =6Qk7 -----END PGP SIGNATURE-----
--On 14 August 2006 08:42:00 -0400 Barry Warsaw <barry@python.org> wrote:
I'm confused. Unless I'm misunderstanding what you're talking about, Mailman 2.1.x already does this today. You try to post to a list that is restricted to subscribers only, and then your message may be rejected, or you may get a message saying that the post is being held for moderation, or it may get silently thrown away, etc.... It all depends on how the listowner has configured things, but to this level, this kind of thing works today.
Today, held messages still have to be approved by the moderator. What I propose is to allow posters to self-moderate, simply by verifying that their address is real. This probably means a clickable link and (maybe) a header cookie for replying. Think Gmane's auto-moderation approach.
So, when someone first posts to a closed list, they're automatically invited to join it if they're not already a member? Provided the list doesn't require moderator approval for joining, I suppose?
-- Ian Eiloart IT Services, University of Sussex
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 14, 2006, at 9:44 AM, Ian Eiloart wrote:
So, when someone first posts to a closed list, they're automatically invited to join it if they're not already a member? Provided the list doesn't require moderator approval for joining, I suppose?
My thought was that you'd have an option to allow non-members to post
to the list after email verification. If verification is via web
page, we can give the poster the option to become a member at the
same time. We probably don't want to do that via mail-back
verification (just because there's no good way to make this optional
in an email message).
Say a non-member poster auto-verified, and chose to join the list at
the same time, then if moderator approval was required for
subscriptions, they'd have to go through that dance in order to
join. But they wouldn't have to do a confirmation dance because
they'd essentially already confirmed their email address.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROC7SnEjvBPtnXfVAQJstwP+KTnTsvwlB1PvM53Vwt35OCg2Ny+aqaOi 5ngbgyfcrtT5sJUUnU17jd5187uwfHWw/mSjll0yWnMJMYmiW/ClwdxUb3nbyf4t TDIyj1srdXfOZkpiM55+fbxptxAkzOcChEqi8VNf4qe3N71depGklHeqpIWZb9RZ laU/2NTI/3E= =7K1n -----END PGP SIGNATURE-----
This should definitely be configurable, if implemented. I don't have any lists that would benefit by this... in fact, this is not desirable on any of my lists.
Bob
---------- Original Message ----------- From: Barry Warsaw <barry@python.org> To: Brad Knowles <brad@stop.mail-abuse.org> Cc: Mailman-Developers@python.org, James Ralston <qralston+ml.mailman-developers@andrew.cmu.edu>, Jon Scott Stevens <jon@latchkey.com>, Jeff Schnitzer <jeff@infohazard.org> Sent: Mon, 14 Aug 2006 08:42:00 -0400 Subject: Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 11, 2006, at 8:52 PM, Brad Knowles wrote:
At 4:35 PM -0400 2006-08-11, Barry Warsaw wrote:
Although I have not implemented it yet, Mailman 2.2 will definitely get auto-moderation. IOW, should a non-member send a message to a mailing list, and if that mailing list is so configured, Mailman
will hold the message and send a message to the From address asking for verification of the post. I'm assuming this is what you mean by "auto-moderation".I'm confused. Unless I'm misunderstanding what you're talking about, Mailman 2.1.x already does this today. You try to post to a list that is restricted to subscribers only, and then your message may be rejected, or you may get a message saying that the post is being held for moderation, or it may get silently thrown away, etc.... It all depends on how the listowner has configured things, but to this level, this kind of thing works today.
Today, held messages still have to be approved by the moderator.
What I propose is to allow posters to self-moderate, simply by
verifying that their address is real. This probably means a
clickable link and (maybe) a header cookie for replying. Think
Gmane's auto-moderation approach.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROBvmHEjvBPtnXfVAQJogQQAqMF/7HmCBTMmeEnuwwBAjf+4Ny8n7gpG 8IdqTllrfHcdlwD39NIDC9v+DTczk6xoS3AbyOp5oBFvmk3ZZicoNQXaO/FwuXoE v3SZxrC7axBaPAMtssv0qsBCA8XHt5lCmNU+pvKrSw/4y7sKd3erj+309x0kqBDr 8hPgB8eHjK8= =6Qk7 -----END PGP SIGNATURE-----
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/bob%40nleaudio.com
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp ------- End of Original Message -------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 14, 2006, at 10:27 AM, Bob Puff wrote:
This should definitely be configurable, if implemented. I don't
have any lists that would benefit by this... in fact, this is not desirable
on any of my lists.
Yes, absolutely. It would probably be used on most public discussion
lists I'm involved with.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROC7uHEjvBPtnXfVAQJTAgQAhl0LU/3nS6XLCCFhIlQ7NW3r5LLKJpwN bZ+ZdlsNj3sQvu/cGDALic7ACil9HPCOkXaO+mCKeKbLzHdF/UMCMmueX7/z29KS y/MbZDV+2qlB1s3kl6q/7tCKJis64Th555tcCT6yVCxmIMeVeb2z64hUc14tDlZJ 0E12ellRne4= =NvZv -----END PGP SIGNATURE-----
On 8/14/06 5:42 AM, "Barry Warsaw" <barry@python.org> wrote:
Today, held messages still have to be approved by the moderator. What I propose is to allow posters to self-moderate, simply by verifying that their address is real. This probably means a clickable link and (maybe) a header cookie for replying. Think Gmane's auto-moderation approach.
Unfortunately, the would-be posters then have to be notified of the message status. Thus, while you're reducing moderator workload, the backscatter problem isn't solved.
Unfortunately, we know MTAs are hard to write (Exim is still evolving; Postfix took much longer to write than the author expected; sendmail will never be finished). Mailing list managers are hard to write (Mailman is still evolving).
So an integrated MTA/MLM would be hard to write (it wouldn't need all the bells and whistles of a full MTA, and would simplify some of the MUA's problems, so the difficulty is probably less than the sum of the difficulties, but still probably more than either alone). (And a newly-written thing doing SMTP would be insecure.)
So aside from ruining email, the spammers have ruined email mailing lists. Perhaps irretrievably (at my age of 67, certainly irretrievably in my working lifetime).
None of which means it shouldn't be tried, although perhaps it should be tried in the world of whatever comes along to provide a working replacement for SMTP.
--John
At 10:59 PM -0700 2006-08-14, John W. Baxter wrote:
Unfortunately, the would-be posters then have to be notified of the message status. Thus, while you're reducing moderator workload, the backscatter problem isn't solved.
No, it's not solved. However, by putting a semi-intelligent time limiter on the thing (i.e., no more than one response per address per day, or somesuch), the backscatter problem is at least contained to a more tolerable level.
And this does get back to the balance thing that I was taking about earlier. If doing your best to make sure that people know that their message was rejected, or held for moderation, or whatever, is more important to you (and your community), then you've got the option to make those sorts of things happen. If eliminating all possibility of backscatter is more important, you've got the option to do that, too.
The point here is to increase your options available to you, and to also try to help reduce the load on list moderators and list owners to a more tolerable level.
At least, that's the idea. I'm hoping that the reality will live up to this theory.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 15, 2006, at 1:59 AM, John W. Baxter wrote:
On 8/14/06 5:42 AM, "Barry Warsaw" <barry@python.org> wrote:
Today, held messages still have to be approved by the moderator. What I propose is to allow posters to self-moderate, simply by verifying that their address is real. This probably means a clickable link and (maybe) a header cookie for replying. Think Gmane's auto-moderation approach.
Unfortunately, the would-be posters then have to be notified of the
message status. Thus, while you're reducing moderator workload, the
backscatter problem isn't solved.
But I think it can be mitigated. You simply don't send a
verification for every posting your holding. Maybe you send a
summary every three days until the messages expire unverified.
So an integrated MTA/MLM would be hard to write (it wouldn't need
all the bells and whistles of a full MTA, and would simplify some of the MUA's problems, so the difficulty is probably less than the sum of the difficulties, but still probably more than either alone). (And a newly-written thing doing SMTP would be insecure.)
Mailman won't be that integrated MTA/MLM, although it may have tools
that help integrate Mailman with the most popular MTAs. I have a
clear picture of what I see Mailman doing and it's not the MTAs job
or SpamAssassin's job. It's only barely doing Hypermail's job (and
that's debatable).
So aside from ruining email, the spammers have ruined email mailing
lists. Perhaps irretrievably (at my age of 67, certainly irretrievably in my working lifetime).None of which means it shouldn't be tried, although perhaps it
should be tried in the world of whatever comes along to provide a working
replacement for SMTP.
I tend to be more sanguine about things. I'm younger than you but
I've been around for long enough to have heard about the death of the
internet/arpanet for 25 years. It hasn't happened yet and I don't
think email and SMTP is going away any time soon. Maybe it should.
Maybe all the kids will gravitate toward other modes of communication
and leave us dinosaurs to our spam riddled 20th century telegraphs.
Or maybe we'll stay just barely ahead of the spammers enough to eek
out the benefits of email and mailing lists for another 20 years.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROG73HEjvBPtnXfVAQIKowQApwRs3Q5+pQaDG8W1fMWi2hcum8oYKmhQ jBLONMPnpWJMIdvNLiuMfNmvSAU1MUCU2xVkia1lxSGZOVf/2+grrObh0GfnR/Kk O4+Gnj1W4hIKCzE/hKLYDYzKxFc1liOXZ2XL3rb9Y67V0mJPw9UQokKW40+R01Gn zcGgFDe8cg4= =qasI -----END PGP SIGNATURE-----
At 8:19 AM -0400 2006-08-15, Barry Warsaw wrote:
I tend to be more sanguine about things. I'm younger than you but I've been around for long enough to have heard about the death of the internet/arpanet for 25 years. It hasn't happened yet and I don't think email and SMTP is going away any time soon.
We're certainly getting there for some people. I found out the other night that my Mom no longer bothers doing e-mail. Okay, she's 62, retired six months early due to medical problems (terminal cancer), but she's still got a few good months left and she doesn't want to waste them trying to fight spam in her mailbox. So, she just reads most of the time.
My own spam load is around 90-99%, depending on how bad the day is. My ISP routes all their mail for their customers through Postini, and they catch 90% of that, but that still leaves a lot for the ISP to deal with. So, they set up their own secondary anti-spam handling system, which is still as large or larger than the entire rest of the mail system put together. And I still get an annoying amount of spam that gets through to my client, which also has anti-spam features integrated.
I can certainly see why many people would get to the point where they start feeling like e-mail no longer has any real value. I certainly feel that way about most USENET newsgroups I know of, and for the same reasons.
Maybe all the kids will gravitate toward other modes of communication and leave us dinosaurs to our spam riddled 20th century telegraphs.
They already have. It's called IM, chat, or txtng -- depending on the exact platform.
Many times I've said that e-mail is the only universal mission-critical platform, but I've also said that each organization may have their own mission-critical applications on top of that. AOL is no different.
When I was the Sr. Internet Mail Administrator for AOL, we had only two mission-critical applications -- e-mail and chat. If they weren't available, then most customers would just leave, because there wasn't much of anything else that they wanted to do.
And "spim" is already a major problem, or so I hear. I haven't heard of "spat" or "sptxt" being much of an issue, but I'm sure that they'll figure out a way to abuse those systems as well.
Thanks to Dateline NBC and Stone Phillips, we have certainly seen way more than we ever wanted to know about how predators use IM to lure kids into abusive situations, and I guess that would probably be the worst form of "spim".
Or maybe we'll stay just barely ahead of the spammers enough to eek out the benefits of email and mailing lists for another 20 years.
I think we'll try, and for some people we will succeed, but my fear is that more and more people are going to start giving up on e-mail and will switch to alternative communication methods.
Those methods are likely to be less convenient because if it's too convenient for us then it will probably be much too convenient for spammers.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
--On 11 August 2006 16:35:41 -0400 Barry Warsaw <barry@python.org> wrote:
Although I have not implemented it yet, Mailman 2.2 will definitely get auto-moderation. IOW, should a non-member send a message to a mailing list, and if that mailing list is so configured, Mailman will hold the message and send a message to the From address asking for verification of the post. I'm assuming this is what you mean by "auto-moderation".
I'm not worried about joe-jobbing because Mailman could easily send just one auto-moderation message per unit of time, or number of posts to limit any backspamming.
Each mailman installation may be able to do this, and that will help a lot. It won't be able to co-ordinate between installations, but this will certainly be better than the current situation where bounces are unrestricted. Maybe SubEtha permits the same, but I've not heard that.
I'm not all that bothered about Mailman doing this, because there's a clear way that the MTA can get the information about what Mailman would bounce - by running a python script at STMP time. At least that's true for Exim.
This thread arose because someone claimed that SubEtha didn't suck. My comment was that the developers choice of auto-moderation instead of SMTP time rejection was a missed opportunity. It's probably easier to implement, and more frequently the desired behaviour for a closed list. The developers' didn't seem to think SMTP time rejection was desireable, and I think that sucks.
There are issues related to how long you want to hold such auto-moderated posts and such, but I think those are all manageable. There's also the question of how long you want a verified non-member to be able to post to a list, but again, this is doable (hopefully without introducing a bajillion new admin knobs).
- -Barry
-- Ian Eiloart IT Services, University of Sussex
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 14, 2006, at 5:44 AM, Ian Eiloart wrote:
This thread arose because someone claimed that SubEtha didn't suck. My comment was that the developers choice of auto-moderation instead
of SMTP time rejection was a missed opportunity. It's probably easier to
implement, and more frequently the desired behaviour for a closed list. The developers' didn't seem to think SMTP time rejection was
desireable, and I think that sucks.
Certainly given sufficient hooks in the MTA, you might be able to
make various decisions about the acceptability of a message at SMTP
time, although it depends on where in the SMTP dialog you want to
hook in. There's no magic in Mailman that would prevent that -- a
bit of Python would do the trick.
It's not something I'd personally develop because by definition,
integration is highly MTA dependent, but I'd accept contributions and
would be willing to improve the Mailman infrastructure to make things
easier (e.g. see some of the re-org I'm doing in the 2.2 branch to
move functionality out of scripts and into the Mailman package so
that 3rd party Python code can get to it).
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROBwmnEjvBPtnXfVAQINwAQAgrRAw/HFT3XaX2NlnFLwUm9xyXtSGE5m UBb+uHOPynDZyLjQq4DLM/nHOQ0QNN3a2mOIxYZlJpvcvy11HQEKudhpRoVDxbET WHau682F+KFMH/QBHN7vK9MJlHT7h+G+ZwnBteP/AQuxEPG58TmKtDgLGGMaEKem 97fL4Xos250= =g+pK -----END PGP SIGNATURE-----
--On 14 August 2006 08:46:18 -0400 Barry Warsaw <barry@python.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 14, 2006, at 5:44 AM, Ian Eiloart wrote:
This thread arose because someone claimed that SubEtha didn't suck. My comment was that the developers choice of auto-moderation instead of SMTP time rejection was a missed opportunity. It's probably easier to implement, and more frequently the desired behaviour for a closed list. The developers' didn't seem to think SMTP time rejection was desireable, and I think that sucks.
Certainly given sufficient hooks in the MTA, you might be able to make various decisions about the acceptability of a message at SMTP time, although it depends on where in the SMTP dialog you want to hook in.
After "RCPT TO". At that point, if a person isn't allowed to post to the list, the best thing to do is to reject the message. Of the lists I manage, 99% of attempts to post to the list by non-members are spam. Auto-moderation, as you've described, would make sense for some of the lists that I host.
There's no magic in Mailman that would prevent that -- a bit of Python would do the trick.
It's not something I'd personally develop because by definition, integration is highly MTA dependent, but I'd accept contributions and would be willing to improve the Mailman infrastructure to make things easier (e.g. see some of the re-org I'm doing in the 2.2 branch to move functionality out of scripts and into the Mailman package so that 3rd party Python code can get to it).
One thing that would make integration easier, would be a script bin/may_post (or something), which takes a list name (ideally qualified with domain) and sender address, and returns true if the sender address is allowed to post, and false otherwise.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROBwmnEjvBPtnXfVAQINwAQAgrRAw/HFT3XaX2NlnFLwUm9xyXtSGE5m UBb+uHOPynDZyLjQq4DLM/nHOQ0QNN3a2mOIxYZlJpvcvy11HQEKudhpRoVDxbET WHau682F+KFMH/QBHN7vK9MJlHT7h+G+ZwnBteP/AQuxEPG58TmKtDgLGGMaEKem 97fL4Xos250= =g+pK -----END PGP SIGNATURE-----
-- Ian Eiloart IT Services, University of Sussex
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 14, 2006, at 9:49 AM, Ian Eiloart wrote:
One thing that would make integration easier, would be a script bin/may_post (or something), which takes a list name (ideally
qualified with domain) and sender address, and returns true if the sender
address is allowed to post, and false otherwise.
Why don't you code something up and submit it here? :)
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBROC7jnEjvBPtnXfVAQI9iwP+JfVMfCZFfd5+cZ6sShF4qXv5YPlwwsTL SmIgCy59P8n39CtJrw/trc1iRB2eLNO/5vKO4ulUXaim1E1CukBr3QaPvMjzQMNH hlmPQliZOwirBQb865RGVr3VQSD28QklAfMNavsbzP+js8skEbz50wGeHGVyayKP wr/2v+is4Lw= =XFWU -----END PGP SIGNATURE-----
--On 14 August 2006 14:06:06 -0400 Barry Warsaw <barry@python.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Aug 14, 2006, at 9:49 AM, Ian Eiloart wrote:
One thing that would make integration easier, would be a script bin/may_post (or something), which takes a list name (ideally qualified with domain) and sender address, and returns true if the sender address is allowed to post, and false otherwise.
Why don't you code something up and submit it here? :)
- -Barry
I started to write that I've no python coding experience. Well, about 3 lines because php can't do "utf-something or other". Then I thought, well it's about time I got some. I had hacked up a shell script using the existing Mailman scripts, but that was far too inefficient. Instead I've hacked up the attached. It started life as list_config, but hopefully I've not left much trace of that. The second issue below ***MUST*** be resolved before using this script with an MTA. The attached script takes these arguments: -o --outputfile FILE_PATH can be used to specify logging of denies. use '-' to log to stdout -v --verbose causes logging of all results, allows as well as denies. -h --help prints help -s --sender EMAIL_ADDRESS is required The script applies these tests, printing 'allow' or 'deny' to std out on the first match. allow list owners allow list moderators allow members of accept_these_nonmembers deny members of reject_these_nonmembers if generic_nonmember_action is 'reject': allow members to post deny non-members allow by default These issues are outstanding: ---------------------------- On allow, I say "return 1" on deny I say "return 0". I'm not sure whether that's correct. Actually, I think I want the script to succeed every time, so it can't be. I've not figured out how to do a pattern match so accept_these_nonmembers and reject_these_nonmembers are only tested for exact string matches. This *****needs to be fixed***** for accept_these_nonmembers, otherwise some won't be permitted to post. It'd be nice to log to syslog, but the MTA could take care of that. It might be nice to say 'hold' or 'discard' where appropriate. It's often sensible to reject rather than discard a message, for example. The list's nonmember_rejection_notice isn't used here. It could be returned instead of 'deny' for the MTA to construct a rejection string with. I've hard-coded '2' as the 'reject' key to generic_nonmember_action, which is sinful. -- Ian Eiloart IT Services, University of Sussex
participants (5)
-
Barry Warsaw -
Bob Puff -
Brad Knowles -
Ian Eiloart -
John W. Baxter