[Mailman-Developers] Future: Safe Auto-moderated Announce List

Barry A. Warsaw barry@zope.com
Tue, 19 Feb 2002 23:47:05 -0500 

>>>>> "JWB" == John W Baxter <John> writes:

    JWB> I see the basic "how do I let the right people post to this
    JWB> announce list automatically" question often enough to
    JWB> indicate that there is a perceived need.

    JWB> Let's put digital signature technology to work.

With MM2.1, this will only be necessary if you don't trust the From:
header.  I'm not saying I do trust it -- we all know it's easily
forged, but I am saying that the basic mechanisms you talk about are
already in place.  We'd simply need to add a way to manage and consult
the PKI.

I'd classify this as a useful feature for MM3.0, once we have a
consolidated user database.  Then the users could add public keys to
their records and Mailman could consult them against the signatures
for authentication of the From: address.

    JWB> Checkbox: Automatically and silently reject (with logging)
    JWB> any message not from a listed sender and properly signed.

    JWB> Variations (not silently rejected, etc, if desired...but
    JWB> sending a rejection message gives the would-be rogue poster
    JWB> information).

This is turning into a common pattern, so it's likely something I'll
refactor in future versions.  You basically want to do something like
this:

- see if the message matches some criteria (e.g. from a known
  non-member, from a moderated member, etc.)

- if so, then decide on an action:

    1. approve the message right now; send on without further
       moderation steps

    2. let pass to subsequent moderation steps; we haven't ruled this
       message out, but we haven't actively ruled it in either

    3. hold the message for moderator approval
	- send a notification to the sender, or
	- don't send a notification to the sender

    4. reject the message outright, bouncing it
	- this implies sending a notice to the sender

    5. discard the message without further notification (but w/
       logging probably).
       
I've really only started to mull over in my mind the way to implement
this.  As usual, the sticky point is in designing a useable web gui
for customization.

>>>>> "DN" == Dale Newfield <dale@newfield.org> writes:

    >> Let's put digital signature technology to work.

    DN> I think we'd get quite a bit of bang for the effort just
    DN> adding a checkbox to the admindb page saying "and add this
    DN> sender to auto-approve list?"  So it's easy to moderate a
    DN> person's messages as long as you want, and then also easy to
    DN> say "yeah--approve this and all future posts from this
    DN> person.")

My time machine is working well then!  Check out MM2.1's admindb
summary page.  You can by default turn on the moderation flag for all
new members, and decide on an action for a moderated member (see
above).  If you decide to hold messages from moderated members, you'll
see an extra checkbox on the disposition gui asking you if you want to
turn off the member's moderation flag.

This will be the way to quarantine new members until they can be
trusted.  You'll also be able to do things like ban somebody from
subscribing from a list.

-Barry