Apologies if this is a FAQ ... yadda yadda ... searched wiki, list archive, FAQs, even the documentation :)
I've got some rude users who occasionally cc non-list members on their messages to a restricted list that is actually intended to be private (membership by invitation only). Then, as you might expect, when the non-member replies, that message is rejected or held for approval. This doesn't seem friendly.
The root cause, though, is my users. I'd therefore like to train them :) by rejecting their posts that copy non-members.
A natural spot for such an option would seem to be in Recipient filters, but I don't see anything there, nor in the rest of the options for that matter. The mailing list discussions around non-members seem to have been dominated by discussion of messages from them, not to them.
Is there such an option, to reject messages that are {to,cc} non-members? Or suggestions?
Apologies again if this is obvious or a FAQ that I've somehow missed.
thanks
glen
glen martin wrote:
Actually, the best you can do is Recipient filters. If you set require_explicit_destination to Yes and max_num_recipients to 2, any post which is not explicitly addressed to and only to the list will be held.
I.e. the list (or an acceptable alias) must be an explicit recipient or the post will be held for implicit destination, and if there are 2 or more explicit recipients, the post will be held for too many recipients.
If you want more such as rejecting rather that holding the post and accepting other explicit recipients as long as they are list members, you will need a custom handler (see the FAQ at <http://wiki.list.org/x/l4A9>).
Keep in mind that whatever you do may be futile. If the 'rude' members are insistent, they will quickly learn to Bcc: their non-member recipients, and there's no way you'll even see that, at least until the Bcc'd non-members reply.
Also, list members with more than one email address may legitimately Cc: one of their other addresses that isn't a list member.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
This also has the side effect of "training" (or annoying) your users who don't have "reply to list" buttons in their mail clients. Which may be a reasonable side effect, or a really annoying one, depending on your list members. When we did something similar for related reasons, the cries of joy and the cries of anguish pretty much cancelled each other out, but your mileage may vary.
Terri
On Wed, Nov 25, 2009 at 08:42:50AM -0800, glen martin wrote:
Suspend 'em from posting to the list for a breach of list protocol?
Bit tricky, that one, as presumably, you're not in charge of the sending-mail machine.
what I would do is something like an ACL at SMTP time on the Mailman machine, to the effect of determining: * is the sender a list-member * is there any address that's not the list address in the to/cc header
and if both conditions are true, then send an appropriate SMTP error to the sender, discarding the mail.
Now, as for the first part, how you implement that will probably depend on the size of the list, and which MTA you're using; you might find periodically dumping the output of list_members for that/those lists into a directory and searching through that, or dynamically checking against the list (config/membership info), or using a wrapper or some other method.
The second condition is trivial, with any knowledge of your MTA's ACLs.
As for the not-friendly aspect, one approach might be to test inbound mail, destined for the lists, for the existance of appropriate headers (perhaps In-Reply-To:/Message-ID:), and verify those that *you* use (or, indeed, add an X-Originated-From-FooBaa.com: header), and if that condition is met, and the sender's not a member of the list, to automagically add the Sender/From &c address to the allowed senders array for the list. Spoofing headers won't really help, but we all know that, anyhow, yes?
This last 'idea' ( ^^^ )doesn't necessarily help in user-education, unless your list-members have the "X-Don't-Be-A-Dimwit:" header on display ;)
[ ok, so how many of you went and checked ;) ]
Those said, I do perverse things with mail-servers...
(Exim is my MTA of preference, I think a few others prefer Postfix)
-- "what was asked of the Director in this case was not a statement of prosecuting policy but a proleptic grant of immunity from prosecution. That, I am quite satisfied, the Director had no power to give.” -- Bingham of Cornhill, R (Pretty) v DPP [2002] 1 AC 800
Yah ... and responding to another note in the thread, it wouldn't stop them from using bcc. But I judge these errors to be lazy, not malicious. These users can easily send a note direct to other folks, even forwarding the email they sent to the list if that is what they really want to do. But it is easier for them to just add their other recipient to the one email, so that is what they do. Until this means their email doesn't get to the list at all, at which point the 'easy' solution is a different one. Or so I hope.
Again responding to another suggestion in this thread, the use of recipient counts is an option I hadn't thought of. The potential problem here is I don't set a reply-to header, by and large their clients don't have reply-list, so they use reply-all to respond to the list. if we get a few messages deep into a thread, reply-all will go to the list plus a couple of earlier senders, which will confuse the recipient count. Hmmm, maybe this would work if duplicate addressees are removed earlier than the count filter.
The smtp solution was one I really hadn't considered, and while I'm sure it could work, it seems very brute force. It seems to me that this is something that should be configured for the list, not in postfix where it gets involved in all mail handling.
I'm thinking about a custom handler ... it doesn't look like a hard problem, just loop through the recipient list (recips), and look up whether each of them is a list member. Reject on failure, fall through and pass. The hardest part will be figuring out now python works ...
Thanks to everyone for the responses and suggestions so far, much appreciated.
Geoff Shang wrote:
glen martin wrote:
If you want to do this as a "learn Python and Mailman" exercise, that's great, but if you just want to get it done, I can suggest some code. Let me know.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Glen, as my Lists are behind a cPanel install of MM normally I have nothing to add G<> !!
<<Thanks to everyone for the responses and suggestions so far, much appreciated. >>
However in this case, maybe I can. I have a dozen or so small Lists [all under 100 folks] that are basically private. As I set-up the 4th or 5th I HAD learned of just your sort of problem. Therefore, I ADDED to the "Welcome" mail a paragraph TELLING subscribers what WILL happen when they pull stunts like you are having occur. Also, that Bcc'ing will have similiar results.
Even tho a couple of Lists are 'paying' customers I am VERY strong in my verbage <G> !!!!!
The 'results' are that the problem has become a NON- problem.
Another prob I ran into early on was folks just blindly using the "Reply-All" function therefore if I had made the orginal post I would get TWO replies. I nipped THAT in the bud VERY quickly. LOL If you notice, YOU are only getting this message via the List <G> because I DO know how to Edit the "Reply-All".
Best....
Ed Please visit MY site at: www.justbrits.com
On 26-Nov-2009, at 16:26, Shop at Just Brits wrote:
I'd much rather get two replies than what some lists do which is not send me a copy if they see I 'already got one' in the Cc or To headers. I REALLY hate that.
This list, for example.
-- Over 3,500 gay marriages and, what, no hellfire? I was promise hellfire. And riots. What gives? -- Mark Morford
LuKreme wrote:
I'd much rather get two replies than what some lists do which is not send me a copy if they see I 'already got one' in the Cc or To headers. I REALLY hate that.
This list, for example.
It's a user option (at least on Mailman lists) -
Avoid duplicate copies of messages?
When you are listed explicitly in the To: or Cc: headers of a list message, you can opt to not receive another copy from the mailing list. Select Yes to avoid receiving copies from the mailing list; select No to receive copies.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 27-Nov-2009, at 11:37, Mark Sapiro wrote:
Yep, but I've set it at least twice for this list and I still find it getting set back. But that said, some Mailman lists have a setting that lets you set the Reply-To: on your posts so that when people reply, it goes ONLY to the list, as $DEITY intended.
-- Love seekest only self to please, To bind another to its delight Joys in another's loss of ease And builds a hell in Heaven's despite!
LuKreme wrote:
Yep, but I've set it at least twice for this list and I still find it getting set back.
I don't know why that would happen.
But that said, some Mailman lists have a setting that lets you set the Reply-To: on your posts so that when people reply, it goes ONLY to the list, as $DEITY intended.
Our recommendations are to not strip the poster's Reply-To: if any and to not add any other Reply-To: addresses. This list is set that way so you can add your own Reply-To: and it will be passed through.
List owners can set these as they see fit, but I don't see why anyone would choose to strip the poster's Reply-To: if they weren't adding one of their own.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Ed wrote:
In some cases at least, this is a good thing. E.g.,
The poster is not a list member and would not otherwise see the reply.
The poster is a digest member and wouldn't otherwise see the reply for some time.
The typical list member is not able to know whether a poster is a regular or digest member or even a list member at all.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
glen martin wrote:
Actually, the best you can do is Recipient filters. If you set require_explicit_destination to Yes and max_num_recipients to 2, any post which is not explicitly addressed to and only to the list will be held.
I.e. the list (or an acceptable alias) must be an explicit recipient or the post will be held for implicit destination, and if there are 2 or more explicit recipients, the post will be held for too many recipients.
If you want more such as rejecting rather that holding the post and accepting other explicit recipients as long as they are list members, you will need a custom handler (see the FAQ at <http://wiki.list.org/x/l4A9>).
Keep in mind that whatever you do may be futile. If the 'rude' members are insistent, they will quickly learn to Bcc: their non-member recipients, and there's no way you'll even see that, at least until the Bcc'd non-members reply.
Also, list members with more than one email address may legitimately Cc: one of their other addresses that isn't a list member.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
This also has the side effect of "training" (or annoying) your users who don't have "reply to list" buttons in their mail clients. Which may be a reasonable side effect, or a really annoying one, depending on your list members. When we did something similar for related reasons, the cries of joy and the cries of anguish pretty much cancelled each other out, but your mileage may vary.
Terri
On Wed, Nov 25, 2009 at 08:42:50AM -0800, glen martin wrote:
Suspend 'em from posting to the list for a breach of list protocol?
Bit tricky, that one, as presumably, you're not in charge of the sending-mail machine.
what I would do is something like an ACL at SMTP time on the Mailman machine, to the effect of determining: * is the sender a list-member * is there any address that's not the list address in the to/cc header
and if both conditions are true, then send an appropriate SMTP error to the sender, discarding the mail.
Now, as for the first part, how you implement that will probably depend on the size of the list, and which MTA you're using; you might find periodically dumping the output of list_members for that/those lists into a directory and searching through that, or dynamically checking against the list (config/membership info), or using a wrapper or some other method.
The second condition is trivial, with any knowledge of your MTA's ACLs.
As for the not-friendly aspect, one approach might be to test inbound mail, destined for the lists, for the existance of appropriate headers (perhaps In-Reply-To:/Message-ID:), and verify those that *you* use (or, indeed, add an X-Originated-From-FooBaa.com: header), and if that condition is met, and the sender's not a member of the list, to automagically add the Sender/From &c address to the allowed senders array for the list. Spoofing headers won't really help, but we all know that, anyhow, yes?
This last 'idea' ( ^^^ )doesn't necessarily help in user-education, unless your list-members have the "X-Don't-Be-A-Dimwit:" header on display ;)
[ ok, so how many of you went and checked ;) ]
Those said, I do perverse things with mail-servers...
(Exim is my MTA of preference, I think a few others prefer Postfix)
-- "what was asked of the Director in this case was not a statement of prosecuting policy but a proleptic grant of immunity from prosecution. That, I am quite satisfied, the Director had no power to give.” -- Bingham of Cornhill, R (Pretty) v DPP [2002] 1 AC 800
Yah ... and responding to another note in the thread, it wouldn't stop them from using bcc. But I judge these errors to be lazy, not malicious. These users can easily send a note direct to other folks, even forwarding the email they sent to the list if that is what they really want to do. But it is easier for them to just add their other recipient to the one email, so that is what they do. Until this means their email doesn't get to the list at all, at which point the 'easy' solution is a different one. Or so I hope.
Again responding to another suggestion in this thread, the use of recipient counts is an option I hadn't thought of. The potential problem here is I don't set a reply-to header, by and large their clients don't have reply-list, so they use reply-all to respond to the list. if we get a few messages deep into a thread, reply-all will go to the list plus a couple of earlier senders, which will confuse the recipient count. Hmmm, maybe this would work if duplicate addressees are removed earlier than the count filter.
The smtp solution was one I really hadn't considered, and while I'm sure it could work, it seems very brute force. It seems to me that this is something that should be configured for the list, not in postfix where it gets involved in all mail handling.
I'm thinking about a custom handler ... it doesn't look like a hard problem, just loop through the recipient list (recips), and look up whether each of them is a list member. Reject on failure, fall through and pass. The hardest part will be figuring out now python works ...
Thanks to everyone for the responses and suggestions so far, much appreciated.
Geoff Shang wrote:
glen martin wrote:
If you want to do this as a "learn Python and Mailman" exercise, that's great, but if you just want to get it done, I can suggest some code. Let me know.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Glen, as my Lists are behind a cPanel install of MM normally I have nothing to add G<> !!
<<Thanks to everyone for the responses and suggestions so far, much appreciated. >>
However in this case, maybe I can. I have a dozen or so small Lists [all under 100 folks] that are basically private. As I set-up the 4th or 5th I HAD learned of just your sort of problem. Therefore, I ADDED to the "Welcome" mail a paragraph TELLING subscribers what WILL happen when they pull stunts like you are having occur. Also, that Bcc'ing will have similiar results.
Even tho a couple of Lists are 'paying' customers I am VERY strong in my verbage <G> !!!!!
The 'results' are that the problem has become a NON- problem.
Another prob I ran into early on was folks just blindly using the "Reply-All" function therefore if I had made the orginal post I would get TWO replies. I nipped THAT in the bud VERY quickly. LOL If you notice, YOU are only getting this message via the List <G> because I DO know how to Edit the "Reply-All".
Best....
Ed Please visit MY site at: www.justbrits.com
On 26-Nov-2009, at 16:26, Shop at Just Brits wrote:
I'd much rather get two replies than what some lists do which is not send me a copy if they see I 'already got one' in the Cc or To headers. I REALLY hate that.
This list, for example.
-- Over 3,500 gay marriages and, what, no hellfire? I was promise hellfire. And riots. What gives? -- Mark Morford
LuKreme wrote:
I'd much rather get two replies than what some lists do which is not send me a copy if they see I 'already got one' in the Cc or To headers. I REALLY hate that.
This list, for example.
It's a user option (at least on Mailman lists) -
Avoid duplicate copies of messages?
When you are listed explicitly in the To: or Cc: headers of a list message, you can opt to not receive another copy from the mailing list. Select Yes to avoid receiving copies from the mailing list; select No to receive copies.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 27-Nov-2009, at 11:37, Mark Sapiro wrote:
Yep, but I've set it at least twice for this list and I still find it getting set back. But that said, some Mailman lists have a setting that lets you set the Reply-To: on your posts so that when people reply, it goes ONLY to the list, as $DEITY intended.
-- Love seekest only self to please, To bind another to its delight Joys in another's loss of ease And builds a hell in Heaven's despite!
LuKreme wrote:
Yep, but I've set it at least twice for this list and I still find it getting set back.
I don't know why that would happen.
But that said, some Mailman lists have a setting that lets you set the Reply-To: on your posts so that when people reply, it goes ONLY to the list, as $DEITY intended.
Our recommendations are to not strip the poster's Reply-To: if any and to not add any other Reply-To: addresses. This list is set that way so you can add your own Reply-To: and it will be passed through.
List owners can set these as they see fit, but I don't see why anyone would choose to strip the poster's Reply-To: if they weren't adding one of their own.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Ed wrote:
In some cases at least, this is a good thing. E.g.,
The poster is not a list member and would not otherwise see the reply.
The poster is a digest member and wouldn't otherwise see the reply for some time.
The typical list member is not able to know whether a poster is a regular or digest member or even a list member at all.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (7)
-
Adam McGreggor -
Geoff Shang -
glen martin -
LuKreme -
Mark Sapiro -
Shop@" Just Brits " -
Terri Oda