[Mailman-Developers] Google Summer of Code - Spam Defense

Barry Warsaw barry at list.org
Wed Apr 2 13:32:30 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 27, 2008, at 12:29 PM, Jo Rhett wrote:

> For example, the sites I am aware of run amavisd+SA in front of  
> mailman.
>  They aren't going to disable amavis to have mailman run SA directly.
> Nor are sites with barrucudas likely to do so, etc etc.  My opinion
> entirely, but I think it would be better to make mailman aware of the
> headers inserted by these solutions.

There should definitely be a handler to do this recognition.  It's  
easy to do and as you say, if the site is already running SA in the  
MTA, this would be a useful addition to Mailman.

However, not all sites run thing this way, and I think it would be  
helpful if people could run SA scanning in Mailman, though we should  
not recommend it or enable it by default.

One other place to scan, which an MTA-embedded SA doesn't cover, is  
gating messages from NNTP.  I know that it's not a common use case  
these days, but many sites still pull messages from NNTP to their  
mailing list, and in this case, there is currently /no/ scanning for  
spam.  It's a pretty common vector that would be useful to close off.

- -Barry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkfzbs8ACgkQ2YZpQepbvXEkfgCdFcOdyursgpmIR4b2Cec2kVeu
0voAoJKRaUVj6u+Ynuz+6YknDWbbBgVU
=OWHn
-----END PGP SIGNATURE-----


More information about the Mailman-Developers mailing list