[Mailman-Users] Spam to list-owner
brad at shub-internet.org
Fri Dec 19 09:03:55 CET 2008
on 12/18/08 6:15 PM, Marvin Humphrey said:
> I run a couple software support mailing lists on a site that's been around for
> a decade or so. I'm the only admin, and an avalanche of spam crashes down on
> me every day.
Welcome to the club.
> Ideally, I'd like to simply turn off the list-owner addresses and get internal
> notifications (such as oversize moderation messages) sent to a private
> address. However, I understand that it is not possible to configure Mailman
> that way.
One thing to keep in mind is that you're also looking at long-standing
Internet tradition here. RFC 2142 only says that you MUST have a
list-request address for each list, but having a list-owner address goes
back about as far. And this list-owner address is not just for the
convenience of you and your users, it's also for other admins at other
sites who may have reason to try to contact you.
So, you run the risk that you may wind up with some very ticked off
postmasters out there at other sites, if you eliminate this address.
And I say this as the co-author of the booklet "Internet Postmaster:
Duties and Responsibilities".
> Therefore, I would like to know the easiest way to accomplish these two goals:
> 1) Eliminate any public reference to the list-owner address, so that there is
> no implied offer of support. There's the MM-Mailman-Footer for the three
> public html pages, which I can hand-edit. I think that does it, right?
That doesn't really solve the problem. Anyone, anywhere can easily
guess list-owner and list-request and list-bounces, etc... for any given
> 2) Create a filter for messages sent to list-owner that only passes mail
> generated by Mailman itself.
Mailman will never generate mail to the list-owner address. It will
receive mail that is addressed to list-owner and will re-route that
internally as appropriate, but it will never itself send e-mail to the
actual list-owner address.
That would be like you using your right hand to shake your own left hand.
> In a perfect world, I would offer a higher level of support, but my users are
> sophisticated enough to handle a certain amount of troubleshooting, and my
> contact information isn't hard for humans to discover. Indeed, those very
> users would *want* me to lighten my administrative burden so that I can spend
> more time adding features and fixing bugs.
Generally speaking, one of the best things you can do to lighten your
burden is to have a good anti-spam system incorporated into your MTA, so
that you block that ~95% of e-mail that is actually spam from ever being
accepted by your machine in the first place. If it's never accepted by
the MTA, then it can't get through to Mailman, and then passed on to you.
From there, you need good content filters on your own personal e-mail
system, so even if spam gets through the MTA on the server and through
Mailman to list-owner, there's a good chance it will get caught by the
downstream filters protecting your personal e-mail and you won't have to
see or deal with it.
Speaking as one of the members of the python.org postmaster team, and as
the primary active listowner for all the official mailman-* mailing
lists hosted on python.org, I can tell you that another really useful
thing is to bring in more people to help you do your work.
In your case, you might want to have more than one person helping with
the list moderator work, and take most of that burden off your shoulders
for having to deal with spam. That would leave you with just the
listowner work, although as listowner you could always choose to take on
some of the list moderator work, if you want.
I also help with postmaster and listmaster duties on another site, which
is much smaller than python.org. But I wind up doing way, way more work
over there, simply because I'm really the only guy doing any of it.
We've got a new guy we're bringing onboard, and I'm hoping he can help
offload some of this work in addition to the other stuff we're asking
him to do. But in the meanwhile, I'm really the only guy dealing with
the deluge on a daily basis.
<brad at shub-internet.org> If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
More information about the Mailman-Users