[Mailman-Developers] before next release: disable backscatter in default installation

Stephen J. Turnbull stephen at xemacs.org
Tue Mar 25 06:49:47 CET 2008


Jo Rhett writes:

 > On Mar 4, 2008, at 6:00 PM, Stephen J. Turnbull wrote:
 > > In any case, it's hard to sympathize with your claim of urgency.
 > > Mark's intention to release 2.1.10 has been known for many months.
 > > This proposal comes on the eve of release.  Code changes to implement
 > > it can, and should, wait for the next release.
 > 
 > What?  I'm sorry, but Mailman has been blamed for backscatter for  
 > like 3 years going now.

If you say so.  I first heard of the issue within the last year, and
that in the context of bouncing back whole messages.  And it wasn't
from you.

 > This problem has been well known for long before 2.1.10 was even
 > dreamed of.  I am asking that the developers start paying attention
 > *NOW*.

Nobody has said they should ignore the problem, just that *you* are
*way* too late in the process to expect them to stop the release of
2.1.10 for this major change in behavior (I almost certainly would
stick with 2.1.9 + patches if this goes in hastily; my users do use
those features).

I don't speak for them; they might decide this *is* a showstopper.
However, I have to wonder how your Mailman users will feel if you
change your AUP, and they discover that the *only* post you've made
(according to archive search) before going into BOFH mode is this one:

    Fri, 04 May 2007 13:06:34 -0700

    I remember a number of threads about backscatter prevention, but I  
    don't remember the result.  Perusing the archives isn't much more  
    enlightening.   Where are we on this?

    In particular, other than removing all but one of the aliases, have  
    we made it easier for people to run a backscatter proof list?   
    Meaning that all subscribe, unsubscribe, etc are done on the web ui  
    and nothing in the server automatically responds to e-mail other than
    legitimate list mail sent by subscribers?

    I also remember discussions about honoring SpamAssassin headers to  
    detect spam.  Status of this?

I see no urgency from you there, it got no response from the
developers (shame on them, but these things happen), and you dropped
the topic for almost a year.



More information about the Mailman-Developers mailing list