[Mailman-Developers] anti-spam filter

Ian Eiloart iane at sussex.ac.uk
Mon Apr 22 17:44:25 CEST 2013 

On 19 Apr 2013, at 15:39, Barry Warsaw <barry at list.org> wrote:

> On Apr 19, 2013, at 11:48 AM, Ian Eiloart wrote:
> 
>> I think Mailman supports SMTP/LMTP calls to discover whether a sender is
>> permitted to post to a list, doesn't it?
> 
> MM3's LMTP server currently only does a limited sanity check on the messages.
> E.g. does the To: field name an existing mailing list[1]

The "To: field"? Does that mean the argument of the "RCPT TO" command in the LMTP session? Or does it mean the "To:" message header? The two aren't necessarily related.

And, does it not also check the argument of the "MAIL FROM" command? To ensure that the sender is permitted to send to the list specified in RCPT TO. That check is hugely important. It's what keeps mailing lists spam free.


>> Exim doesn't handle Milters, but can do the calls forward. Provided Mailman
>> is making the judgement, and issuing L/SMTP rejects at L/SMTP time before
>> accepting the message, Exim is fine.
> 
> As a side note, right now only Postfix is officially supported, mostly because
> that's what I use so I can easily debug it.  I would love to have
> contributions to support at least Exim and Sendmail out of the box.  If you're
> an expert willing to contribute that code, please get in touch.
> 
>> Content filtering *could* also be done at L/SMTP time. I think that where the
>> Mailman and the MTA installations are managed by the same person or
>> organisation, then the better place to have content filtering performed is at
>> the MTA, but there might be exceptions to this.
> 
> Currently, I'm trying to keep the processing that the LMTP server does at
> acceptance time to a minimum, just because I'm concerned about its single
> threaded performance.

That's a very good argument for limiting the checks to the RCPT TO phase. Exim can call forward at MAIL FROM, and reject the message if necessary without ever seeing the message body.

>  While it does async I/O, and it runs in a separate
> process, time consuming processing for a single message will still block
> acceptance of all other messages.
> 
> The answer to this is to somehow multiplex the LMTP server, but ideally
> without using multiple threads (MM3 is currently single threaded everywhere).
> In any case, this would also be interesting to work on.
> 
> -Barry
> 
> [1] I just noticed https://bugs.launchpad.net/mailman/+bug/1170726
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.ac.uk
> 
> Security Policy: http://wiki.list.org/x/QIA9

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

More information about the Mailman-Developers mailing list