Bill Catambay writes:
Correct. The From: header should always be a member of the list (but a member whose "mod" flag is turned off). The envelope sender would be me, the moderator.
Aha. The mod flag means that the member's posts will be held for moderation, *not* that the member *is* a moderator. Moderators are identified by having the list moderator password, and in Mailman 2.1, that is the only identification of moderators. They need not be members of the lists they moderate.
The list *owner* is known to Mailman by email address. If the list owner is also the only moderator, it would be easy to make this work (but does require additional code not in Mailman 2.1.11 or 2.1.12 AFAICS).
[I don't understand the random moderation behavior, so I'm going to skip it for now.]
What I'm really looking for is something to tell Mailman to look at envelope sender first, and if it's a privileged member (aka, "mod" is true), immediately deliver.
This a plausible design, but it simply isn't the way Mailman looks at this. The idea of the mod bit in Mailman is that mostly the members should post without hindrance, but if somebody gets too obstreperous, we flip the mod bit to slow them down for a few days. (There's also a mechanism to flip everybody on, or off, at once; this allows configuring announce lists, or doing "emergency moderation" in case of a flame war or somebody's contact list getting scarfed by a spammer.)
However, as long as "moderate everybody but me" is an acceptable usage for you, it would be possible to abuse the mod bit this way, with a little extra code. (I say "abuse" because (1) it will confuse the heck out of experienced Mailman admins trying to help you in the future, and (2) because it may conflict with your attempts to use other Mailman features in the future. (2) isn't all that likely, but we *are* talking about something outside of the design parameters.)
IMO, it would be better to use list owner in this role if that would work for you.
PS: Yes, I realize that those who understand their email clients and understand how the list works would be able to spoof the envelope sender if they wanted to, but this is not a realistic concern. In 15 years of moderating this list, no one has ever done that.
The real worry is somebody getting "owned", and the rootkit sending their contact list to a spammer. Not that this should worry you very much, but you should be prepared to slam on the brakes. Here, to protect your members, you just moderate yourself, then call mailman-users to learn how to handle huge moderation queues, and reconfigure to weed out the spam before it gets to Mailman. :-)