[Mailman-Users] spam, spamcop and mailman moderation

[Charles Gregory]

On Fri, 10 Nov 2006, Patrick Bogen wrote:
> > Bouncing back a message which tells a user his original message is held
> > for moderation is now a bad idea if we want to stay out of the black list
> > of spamcop....      Gadi.
> I'm not entirely sure what the point of this message was.

The point *I* got was, even if you successfully filter with every 'safe'
method of spam filtering we can imagine, roughly 5-10% of spam will end up
reaching mailman, and when mailman sends its 'routine' message back to
'sender', it is generating backscatter that is cause for blacklisting.

The only suggestion I can come up with is some simple last-minute
filtering within mailman itself: Only send a 'holding' notice if the
visible 'From' header matches the Envelope Sender, and if the visibile
'To' address contains the mailman list address. The advantage to handling
this within mailman, and not in spamassassin, is that you aren't choosing
to discard the mail based on this criteria. You're just deciding whether
to send a courtesy e-mail warning of moderation.

Of course, you could simply choose not to send any warnings at all. Let
people who try to post figure it out for themselves. A good list home
page, and/or disclaimers at the bottom of list mail should help with this.

- Charles




 > > Bearing that in mind, you shouldn't be using moderation as
a > first-line anti-spam defense. Your MTA should be tagging emails as
> spam (e.g., using Spamassassin, or something better suited to your
> particular configuration), greylisting, etc. With a properly
> configured setup, the spam that actually reaches the moderation
> interface should be minimal; most of it should be discarded (not
> rejected) by mailman, at the very least.
> 
> This is fairly trivial to implement; just set up your MTA to pass mail
> through spamassassin, and then add a check for the headers it adds to
> mailman's list configuration, if nothing else.
> 
> If I'm understanding your concern, the key here is for you to
> configure your mailman installation to discard known spam messages
> rather than rejecting them. This is, in fact, one of the options on
> the moderation screen (you may choose to Accept, Defer, Reject, or
> Discard messages).
> 
> Additionally, as far as I know, you CAN moderate non-members
> differently; although perhaps I don't have the same understanding of
> that phrase as you do. You can set messages from non-members to be
> automatically discarded or rejected, as you wish. See Privacy Options
> > Sender Filters > generic_nonmember_action
> 
> -- 
> - Patrick Bogen
> ------------------------------------------------------
> Mailman-Users mailing list
> Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-users/cgregory%40hwcn.org
> 
> Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
>