[Mailman-Users] Administrivia Messages

Beau Barnhart beau at lookmedia.com
Sun Jan 30 20:43:17 CET 2011


We have been asked by mail-abuse.org to make changes to the configuration
to one of our servers.  The following this their request...

-- message from mail-abuse.org ----------

Currently, when messages arrive at your mail server it runs them through
SpamAssassin, which checks for spam and tags them. Your mail server then
passes this tagged message to mailman.

Because it is to a -request address, mailman "knows" that these messages
should contain commands.  It ignores the fact that SpamAssassin has
already tagged it (Subject: {Definitely Spam?}), and looks through every
line looking for a "subscribe", "unsubscribe" or other command.

Of course, it doesn't find one.  So, it builds up a helpful reply, sets
the X-Administrivia header to yes, and appends the original message, and
forwards this to the From: address.

Except that the From: address is forged, so the message, and its spam
payload, get sent to an innocent third party.

Please properly configure your mailing list software to send list
administrivia _only_ to a local administrator, or configure it not to send
to forged From: addresses.  In general, there is no need for "list
administrivia" - it was an artifact of some of the original list
management software.  It does not serve a useful purpose today.


Actually we use administrivia in custom scripts and don't want to disable
it.  We even have members that still use the request commands.

I’ve searched the mailman wiki as well as the mailman-users archive and
have not been able to find how to configure the administrivia recipient.

Any help would be appreciated.

Beau Barnhart
Look Media

More information about the Mailman-Users mailing list