[Mailman-Developers] PGP whitelist to skip moderation

Nicolas Marchildon nicolas at marchildon.net
Thu Feb 6 02:30:33 EST 2003 

I'm currently the admin of a few Mailman lists. There used to be lots of
spam and viruses, so we added Spamassassin to our procmail
configuration, which dumps flagged messages to a designed file.
Obviously, it does not catch everything, such as messages *totally*
unrelated with the list subject comming from lost people, or some
viruses/worms. So we decided to moderate the lists. Even subscribers see
their posts moderated, because some worms spread by sending messages
with a forged sender, which would get through anyway.

The traffic of "real" messages is currently below 10 messages per day,
so it's quite manageable. However, even though there are 4 moderadors,
it can take many hours for a message to get moderated.

We would like to be able to let known people post to the list without
having their message delivery delayed by the moderation.

My proposal is to have Mailman manage a whitelist consisting of PGP
keys. Messages signed with a "white" key would skip moderation. 

Subscribers willing to use this feature would only have to submit their
key to a specific PGP key server. When a message that is signed but
whose PGP key is not in the whitelist comes in, it would be dropped in
the moderation queue. When the moderator looks at the list of messages,
he would be given an extra option: "Add key 0x00000000 to whitelist".
When submitting the form with this option selected, Mailman would fetch
the key from its configured keyserver, and add it to its whitelist. That
way, the next message signed with that key would not get moderated.

If you change your key (new identity, or because it has expired), you
simply have to submit it to the keyserver, and only your "first" message
would be moderated. Note that the moderator does not have to verify your
new key, his job is only to make sure the content of your mail is
appropriate. It's up the each subscriber to get your key, verify it,
possibly sign it, and verify the messages you send.

Most key servers also have a web interface for adding, updating and
searching for keys. A simple link to this web interface from the list
info page would be a good-enough integration, in my opinion.

I have searched the archives for discussions of PGP and Mailman, and
found an interesting post[1] from Phil Stracchino, who describes an
"Accept signed posts only" option, but which lacked a good description
of how keys would get to the whitelist. My proposal does not allow
spammers to automatically add their key and then post their crap,
because a first signed message has to be approved by the moderator, who
will discover the spam, and reject the message without adding the key to
the whitelist.

I also found two[2] patches[3] for adding PGP support to Mailman, but
only adding *encryption* support, not simple signatures. However,
because those two patches have already integrated GnuPG into Mailman, it
would be a good base for going further by implementing my idea.

I don't know Mailman's code a lot, but I have hacked it a bit recently
to add the "approved" header for posting to usenet, and made the same
Message-Id appear in both regular mail and usenet deliveries. I am
willing to spend some time implementing the feature I described, and I
was even contacted by an other person offering help.

I found two messages stating we should wait until 2.1 is released, which
seems to be done now. I'd like to know the status of the PGP support,
mainly to figure out which of the two patches to build on. Is anybody
planning to apply an existing patch for adding PGP support?

As for those that might ask "why bother implementing this if 95% of the
planet don't know what PGP is?" I answer that I know enough people on
the list I administer that know how to use PGP, and would actually be
very happy if that was implemented :)

Thanks for your help,

Nicolas Marchildon


[1]http://www.mail-archive.com/mailman-developers@python.org/msg05055.html
[2]
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=645297&group_id=103
[3] http://www.nah6.com/products/secure-list/

-- 
OpenPGP public key:         http://nicolas.marchildon.net/pubkey.txt
Key fingerprint:  5E84 1089 0036 BB63 6997  232C 8FFB 777D 39D4 B2D4
Jabber ID: nicolas at marchildon.net              http://www.jabber.org
What have you done for freedom today?             http://www.gnu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20030206/efb50dc1/attachment.bin

More information about the Mailman-Developers mailing list