[Mailman-Developers] Re: Bounce removal parameters default values

Greg Stark gsstark at mit.edu
Thu Oct 23 13:41:49 EDT 2003 

Dale Newfield <Dale at Newfield.org> writes:

> On Thu, 23 Oct 2003, Greg Stark wrote:
> > I like very much that the mail systems reject virus and worm mails.
> 
> That's silly.  You should instead like very much that mail clients weren't
> susceptible to such things and the delivery mechanism didn't have to
> coddle the mail clients.
> 
> > Mailman should not take any such drastic action purely on the basis of a
> > bounce
> 
> That's the whole point of bounce processing.  A bounce signifies an
> invalid email address.  

No, bounces can mean various things. Anything from an overfull mailbox, to a
message that is too large or otherwise unacceptable. It could be a temporary
situation, or it could be because of the particular message.

In any case trusting a message provided from an outside source to serve as a
valid test violates security principles. What if i find a message that causes
postfix to core dump? I can send it to the mailing list a few times in a row
and cause every subscriber of yours using postfix to be unsubscribed from your
mailing list.

> If you don't want bounces to ever cause people to be removed from your
> mailing lists, turn off bounce processing.

I'm not the list admin, I'm a poor hapless list subscriber. I get unsubscribed
from mailman mailing lists every few months due to this behaviour. 

I don't get unsubscribed from ezmlm lists because (as much as I dislike qmail
and ezmlm in general) this is one thing it gets right. If ezmlm notices
bounces of list messages it doesn't just unsubscribe you summarily, it sends a
message of its own with known content and format and only unsubscribes you if
that bounces. In fact it does a second iteration of that, which is a good idea
but doesn't really seem necessary.

In fact if it weren't for ezmlm's handling of this I would never have figured
out why I kept getting dropped from mailman lists. I would have always just
assumed it as a bug with mailman.

> If you don't want real messages to get bounced

No real messages to me have ever been bounced to my knowledge.

> encourage people to use mail clients that aren't so full of holes that the
> host mail system needs to cause valid email addresses to bounce.

I would love an option to mailman to refuse subscriptions from a list of
blacklisted MUAs. I would recommend some lists exclude Outlook on security
concerns. It wouldn't reduce the need for proper safe bounce handling.
Trusting bounces to messages of unknown content is simply unsafe.

-- 
greg

More information about the Mailman-Developers mailing list