[Mailman-Developers] Google Summer of Code - Spam Defense

Sun Mar 30 05:17:04 CEST 2008

Cristóbal Palmer writes:

 > Part of this involves the backstory. 500+ lists that have never been
 > in any way filtered, and many vocal list administrators concerned that
 > having something imposed on them that they can't control will break
 > things.

"Beggars can't be choosers."  

 > Personally, I think it's the MTA's job to reject malformed (eg. bad
 > HELO) mail, it's SA's job to *tag* mail, and whatever the MTA hands
 > off to should make the decision about whether to drop, quarantine, or
 > deliver. That's a philosophical stance, and if it's impractical and I
 > shouldn't think that way, then so be it.

That is the stance I take personally.  It's also the one described
here:

http://mayfirst.org/?q=node/180

(this URL is from Ian Eiloart, but I don't know if he endorses the
stance himself).

I know no other list-admins (not Mailman site admins or postmasters,
list-admins) who take that stance.  They simply want as little in
their moderation queues as possible, and many ignore those until
somebody complains.  Don't you get the "I have 1000 spams in my queue
and need to find one held message that's a real post, but
lists.ibiblio.org times out and the page never gets done" FAQ from
some of your admins?  I haven't heard it from other list admins at my
site, but I know two have 500 and 1200 pending in the mod queue!  They
certainly won't care if my site goes to a "shoot first, moderate
later" policy.

There is a technical problem with our stance, which is that there is a
difference between an SMTP reject (permanent failure status) and a
bounce message.  The SMTP reject *will* be heard by the spammer, and
it is in his interest to prune such addresses from the list, at least
the one he uses personally.  (Not all are smart enough to recognize
that, of course.)

Bounce messages, if sent, will almost certainly go to a forged address
as backscatter :-(, and will not be heard by the spammer.  In fact,
since the spam was accepted, he is likely to consider the address to
have been validated, whether you try to send a bounce or not.

For this reason I am looking forward to a way to issue SMTP rejects
based on content.  Eg, for sendmail and postfix, this could be
implemented via a Mailman-provided milter.

 > I'd like to hear some arguments before I change that view,
 > though. My current solution has the advantage that for any
 > complaining list admin, I can point that administrator to her/his
 > own admin panel and say, "Play with these settings."

Unfortunately, tuning list settings that have to do with filtering is
not and never really was something that you want people who have never
even set up an MTA to do.  Understanding what happens is quite complex.

 > >From a sysadmin perspective, I currently have three SA installs that
 > have nearly-identical configs and one repeatedly-tweaked and
 > well-documented mailman install. I'd rather not make one of my SA
 > instances an oddball and drop that on my successor.

I don't see why that would be needed.  If you have list-specific
tweaks, then either all the SAs are feeding Mailman, or the ones that
aren't won't care.  I do this all the time.