[Mailman-Developers] Users, Bounces, and Virtual Domains (was (no subject))

Chuq Von Rospach chuqui@plaidworks.com
Sun, 17 Dec 2000 22:56:50 -0800 

(sorry for being slow to respond. I spent the weekend upgrading the 
powerbook to a 20 gig disk and setting it up to dual boot linux, so 
it's been in pieces for various large hunks o' weekend...)

>
>
>Okay, let's split this out.  There are five levels and a
>pseudonymous sixth:
>
>   1) Site owner     -- SysAdm for the host
>   2) Group owner    -- Sets group defaults

If the group owner manages a virtual site , why not call it that?

If we want to get technical, you have the owner of the mailman 
instance (since a given machine can have multple ones), the owner of 
the virtual host (which may be the only user of the mailman, or may 
share it), the list owner, the list moderator, and the list user. I 
don't see any advantage to breaking it out into finer gradiations, or 
generalizing the functionality beyond that.

>The Group owner runs, say, a
>vhost and defines the default for a class of lists as well as
>handling creation of lists within that class.

Also UI and graphic definitions for the site, since each site is 
going to wrap a different (do I dare use the term? I dare) skin over 
mailman, and we need to make sure we support that properly.

>But, this is slightly confusing and deceptive.  A list moderator in
>the course of their normal duties may do the following (among other
>things):

true, although at the discretion of the list owner. It may be the 
owner reserves these functions to himself, or to a subset of 
moderators. You shouldn't assume that a moderator WILL have these 
abilities. the moderator MAY have them.

>   -- Write an arbitrary note that is then associated with a member
>      such that any moderator for that list will see that note when
>      presented with data concerning that member (eg a post held for
>      moderation).

you know, you just wandered down something I've played with in the 
past but keep forgetting about (mostly, i want it while I'm dealing 
with a problem, but not enough to create it the rest of the time) -- 
the problem/case book. Needs to be list-specific for privacy reasons, 
but there needs to be a way for admins to track users and issues, and 
a generalized note-taking/history-keeping function attached to a 
user_ID and a list would be great for this. ("what do you mean you 
never start fights, last January, you...")

>There are of course exceptions:
>
>   I want to hand moderate all his posts from his work address
>   because they auto-append legal cruft I want to delete.
>
>   He only posts from Yahoo when he's drunk -- unsubscribe that
>   address.

I expect these situations rare enough I wonder if it's worth even 
considering in the design. I'm trying to think the last time I might 
have used something like this, and I can't think of one. they're a 
nice addition, but I think it's solving a problem I'm not convinced 
shows up often enough to worry about.

>
>While there is a data leak, yes, there isn't in the general case,
>and should that fact be of sufficient concern the admin command
>processing ionterface (which I'm looking at in exactly the same
>replaceable compnonent manner as members, and everything else) can
>be replaced with something that will *ONLY* process addresses (and
>which quite likely removes all concept of member accounts in the
>first place.

hmm. Okay, for now. I think.

>I'm not arguing against mailback validation.  I consider that's
>actually a very good thing (as it demonstrates control of the
>address and some level of ackknowledgemnt of the change).

Neither am I. we need it.

>There is nothing we can do about this because the forwarding
>decision is outside of our control or purview.

true. nor should we. but if we allow un-validated accounts into 
mailman, we create the same environment within mailman, because they 
can config up the same general thing inside mailman, albeit possibly 
on a smaller scale (depending on the size of the mailman 
installation). And we can (and should) fix it.

I'm not trying to fix the hotmail-forward problem. Im' trying to keep 
mailman from allowing the same attack vector.

but the hotmail attack thing is an indication of just how complex and 
gnarly email is on the net these days, because there really isn't 
much of an easy way to stop something like that. Fortunately, it's 
fairly rare.

-- 
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com)
Apple Mail List Gnome (mailto:chuq@apple.com)

We're visiting the relatives. Cover us.