[Mailman-Users] Mailman - a few questions

Stephen J. Turnbull stephen at xemacs.org
Fri Aug 14 10:02:26 CEST 2009

Bill Catambay writes:

 > Correct.  The From: header should always be a member of the list (but 
 > a member whose "mod" flag is turned off).   The envelope sender would 
 > be me, the moderator.

Aha.  The mod flag means that the member's posts will be held for
moderation, *not* that the member *is* a moderator.  Moderators are
identified by having the list moderator password, and in Mailman 2.1,
that is the only identification of moderators.  They need not be
members of the lists they moderate.

The list *owner* is known to Mailman by email address.  If the list
owner is also the only moderator, it would be easy to make this work
(but does require additional code not in Mailman 2.1.11 or 2.1.12

[I don't understand the random moderation behavior, so I'm going to
skip it for now.]

 > What I'm really looking for is something to tell Mailman to look at 
 > envelope sender first, and if it's a privileged member (aka, "mod" is 
 > true), immediately deliver.

This a plausible design, but it simply isn't the way Mailman looks at
this.  The idea of the mod bit in Mailman is that mostly the members
should post without hindrance, but if somebody gets too obstreperous,
we flip the mod bit to slow them down for a few days.  (There's also a
mechanism to flip everybody on, or off, at once; this allows
configuring announce lists, or doing "emergency moderation" in case of
a flame war or somebody's contact list getting scarfed by a spammer.)

However, as long as "moderate everybody but me" is an acceptable usage
for you, it would be possible to abuse the mod bit this way, with a
little extra code.  (I say "abuse" because (1) it will confuse the
heck out of experienced Mailman admins trying to help you in the
future, and (2) because it may conflict with your attempts to use
other Mailman features in the future.  (2) isn't all that likely, but
we *are* talking about something outside of the design parameters.)

IMO, it would be better to use list owner in this role if that would
work for you.

 > PS: Yes, I realize that those who understand their email clients and 
 > understand how the list works would be able to spoof the envelope 
 > sender if they wanted to, but this is not a realistic concern.  In 15 
 > years of moderating this list, no one has ever done that.

The real worry is somebody getting "owned", and the rootkit sending
their contact list to a spammer.  Not that this should worry you very
much, but you should be prepared to slam on the brakes.  Here, to
protect your members, you just moderate yourself, then call
mailman-users to learn how to handle huge moderation queues, and
reconfigure to weed out the spam before it gets to Mailman. :-)

More information about the Mailman-Users mailing list