![](https://secure.gravatar.com/avatar/3a4ce820ebd0d29b257c652a60ef4193.jpg?s=120&d=mm&r=g)
Hello,
I would like my mailing list to have the following configuration: the messages from most of subscribers are rejected, and there are a few subscribers whose messages are hold for moderation. Is there any way to do so without changing the source code? Or maybe there are already some patches?
If I check the moderation checkbox for all subscribers, then I can set only one moderation action, but when I uncheck the box for the "priviledged" subscribers, their messages aren't hold for moderation.
I am using Mailman 2.1.9.
My second question is: does Mailman use any email authorization or it simply checks the From: header of messages?
Regards, Dominika
![](https://secure.gravatar.com/avatar/85e516d12e7b6c3f7b0dba64b53b17ba.jpg?s=120&d=mm&r=g)
On 11/30/06, Dominika Tkaczyk <d.tkaczyk@uw.edu.pl> wrote:
One option that ought to work, however, would be the following: Moderate all users that you want rejected, and set member_moderation_action to reject. Unmoderate the users you want held. Add a header filter rule that matches on everything (something like a single caret ('^') should suffice), and is set to Hold. I haven't tested this, and I don't know if it will work or not.
This does seem like something that should be implemented in a more reasonable manner, though, possibly with the addition of a 'default_member_action,' separate from moderation?
--
- Patrick Bogen
![](https://secure.gravatar.com/avatar/85e516d12e7b6c3f7b0dba64b53b17ba.jpg?s=120&d=mm&r=g)
On 11/30/06, Patrick Bogen <pdbogen@gmail.com> wrote:
I should point out that this *does* bypass any type of member moderation. If a valid 'Approved:' header is included, then the message bypasses any of those filters. I don't know for sure /which/ filters it bypasses, but I would assume it bypasses all of them. (Can someone verify this assumption?)
--
- Patrick Bogen
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Patrick Bogen wrote:
Unfortunately, it looks like, since Moderate.py comes before anything else, there's no really 'correct' way to do this.
It doesn't come before SpamDetect which processes header_filter_rules, so your suggestion below won't work.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Patrick Bogen wrote:
I also wrote in another reply in this thread which seems stuck in a mail queue somewhere that the Approved: password header bypasses all tests except content filtering. This is not correct. It doesn't bypass header_filter_rules (unless you reorder the pipeline).
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/3a4ce820ebd0d29b257c652a60ef4193.jpg?s=120&d=mm&r=g)
Hello,
Mark Sapiro napisał(a):
Thank you both for your answers.
What if I did as you suggested first, but instead of one filter rule that matches everything, there would be one filter rule for each address I want held (I assume that there won't be more than 4-5 such subscribers), and such a rule would match a From: header with that address, and of course action would be Hold? Does it make any sense or you think it would be better to use the energy to write a patch to the source code?
Dominika
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Dominika Tkaczyk wrote:
Yes, I think that would work. You could have a separate rule for each poster or just one rule with a separate regexp for each poster.
In fact, you could then moderate everyone and set default_member_moderation to Yes to simplify maintenance of moderation because the header rule would apply to first hold the message and then when the held message is approved, it wil bypass moderation.
Note however that this wouldn't work if the header rule action was accept because messages which are accepted by such a rule still go through the additional checks. In this case, the posters would need to have their moderate flags off.
Does it make any sense or you think it would be better to use the energy to write a patch to the source code?
I think it always makes sense to use existing configuration options if you can rather that patching the code, unless using the existing features is just too cumbersome which I don't think is the case here.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/85e516d12e7b6c3f7b0dba64b53b17ba.jpg?s=120&d=mm&r=g)
On 11/30/06, Dominika Tkaczyk <d.tkaczyk@uw.edu.pl> wrote:
One option that ought to work, however, would be the following: Moderate all users that you want rejected, and set member_moderation_action to reject. Unmoderate the users you want held. Add a header filter rule that matches on everything (something like a single caret ('^') should suffice), and is set to Hold. I haven't tested this, and I don't know if it will work or not.
This does seem like something that should be implemented in a more reasonable manner, though, possibly with the addition of a 'default_member_action,' separate from moderation?
--
- Patrick Bogen
![](https://secure.gravatar.com/avatar/85e516d12e7b6c3f7b0dba64b53b17ba.jpg?s=120&d=mm&r=g)
On 11/30/06, Patrick Bogen <pdbogen@gmail.com> wrote:
I should point out that this *does* bypass any type of member moderation. If a valid 'Approved:' header is included, then the message bypasses any of those filters. I don't know for sure /which/ filters it bypasses, but I would assume it bypasses all of them. (Can someone verify this assumption?)
--
- Patrick Bogen
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Patrick Bogen wrote:
Unfortunately, it looks like, since Moderate.py comes before anything else, there's no really 'correct' way to do this.
It doesn't come before SpamDetect which processes header_filter_rules, so your suggestion below won't work.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Patrick Bogen wrote:
I also wrote in another reply in this thread which seems stuck in a mail queue somewhere that the Approved: password header bypasses all tests except content filtering. This is not correct. It doesn't bypass header_filter_rules (unless you reorder the pipeline).
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/3a4ce820ebd0d29b257c652a60ef4193.jpg?s=120&d=mm&r=g)
Hello,
Mark Sapiro napisał(a):
Thank you both for your answers.
What if I did as you suggested first, but instead of one filter rule that matches everything, there would be one filter rule for each address I want held (I assume that there won't be more than 4-5 such subscribers), and such a rule would match a From: header with that address, and of course action would be Hold? Does it make any sense or you think it would be better to use the energy to write a patch to the source code?
Dominika
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Dominika Tkaczyk wrote:
Yes, I think that would work. You could have a separate rule for each poster or just one rule with a separate regexp for each poster.
In fact, you could then moderate everyone and set default_member_moderation to Yes to simplify maintenance of moderation because the header rule would apply to first hold the message and then when the held message is approved, it wil bypass moderation.
Note however that this wouldn't work if the header rule action was accept because messages which are accepted by such a rule still go through the additional checks. In this case, the posters would need to have their moderate flags off.
Does it make any sense or you think it would be better to use the energy to write a patch to the source code?
I think it always makes sense to use existing configuration options if you can rather that patching the code, unless using the existing features is just too cumbersome which I don't think is the case here.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Dominika Tkaczyk
-
Mark Sapiro
-
Patrick Bogen