[Mailman-Users] Mailman and Gmane ?

Stephen J. Turnbull stephen at xemacs.org
Wed Jan 20 03:48:03 CET 2010 

John Fitzsimons writes:

 > >List membership is easy to spoof anyway.  
 > 
 > Umm. I was beginning to wonder about that. I am familiar with usenet
 > spoofing but hadn't thought deeply enough about that situation in
 > email.  :-(
 > 
 > If I understand you correctly then anyone can post to any unmoderated
 > emailing list by simply spoofing someone who is authorised to post ?

Yes.  There are ways that authentication could be made stronger, but
if you allow posting via GMane, you're pretty much done in.

 > >The only way to control traffic to your list is to moderate it.
 > 
 > Okay, of course that is quite impractical.

I wouldn't go so far as to say "of course" in general.  There may be
other ways to do it.  For example my lists are moderated on a round
the clock basis using the device of one moderator in Japan, one in
Germany, and one in California.  Such convenience is unlikely to be
available to you, but perhaps there are trusted members who keep odd
hours, etc.  Be creative!

 > > > As well as to suggest a way to fix it please ?
 > 
 > >Moderate the GMane subscription.
 > 
 > Okay, that however would pretty much kill the mailing list. If someone
 > posted while I was asleep then they would have to wait hours for my
 > "okay".

You'd have to get Mark or Barry to comment (and you supply a copy of
the GMane test post as it arrived at Mailman, it's in the mbox file),
but I suspect that the reason that this works as it does is the
"Sender" check.  So as long as your users always appear in From, you
could disable the Sender check and moderate GMane.

You'd still be subject to member spoofing, so you'd have to do spam
and virus filtering on the front end (it's worth great effort on your
part to doit in the incoming MTA).

 > It is a pity that nobody in the open source community is interested in
 > creating an NNTP server that someone, who isn't a unix expert, could
 > install on a "hosted" web site.  :-(

It's not about the NNTP server or package installation and
configuration.  Any GNU/Linux distro makes that easy enough.  It's
about the hosting services.  This is a job for cPanel, not for the
newsserver developers or Mailman developers. :-(

More information about the Mailman-Users mailing list