[Mailman-Users] Spam filtering

Stephen J. Turnbull stephen at xemacs.org
Thu Feb 18 11:27:15 CET 2010

Brad Knowles writes:

 > IMO, Mailman should not re-sign.  If there was anything that would
 > sign the outgoing messages, that would be the MTA and not Mailman.

But isn't that the problem?  In the situation these methods are
designed for, the MTA is signing mail for a trusted party, presumably
a user (perhaps a system user such as "root" or "cron") in the domain.
(When forwarding, the origin's signature can just be passed on.)  But
in the case of a mailing list, the list manager has trust information
that the MTA doesn't (list membership, for a leading example).  So
even if the MTA actually does the signing, it's Mailman's

 > Or, if Mailman is going to re-sign, then it should rename all but
 > the minimum set of headers and then sign only the minimal set, in
 > effect saying "I scanned the message on inbound and it didn't look
 > like spam to me, and the users requested that these messages be
 > sent on to them, so here's the minimal stuff I trust about this
 > message".

It should also sign RFC 2369 headers, etc, too.  (I assume that that's
what you meant, but minimal could also mean "as little as possible".)

More information about the Mailman-Users mailing list