[Mailman-Users] Subscribe command doesn't check for spam?

[Mark Sapiro]

Martin Hagelin wrote:
>
>I've set up spam filtering rules in Mailman that will throw away messages
>that match ^X-Spam: YES in the headers. This works fine with most of the
>spam but messages that are sent to the *-subscribe address are accepted
>and not rejected.
>
>This means that mailman sends out confirmation requests to the spammers
>mail address, which most often is not valid or goes to some bogus address.
>I'm also adding to the flow of unwanted mail messages on the net...
>
>Is this a bug or a feature or have I gotten the things backwards?


It is a problem.


>Shouldn't postings to the subscribe address be checked in the spam filter?


Mailman's spam filters are designed to prevent unwanted mail from being
delivered to the list or the list owner (i.e. humans). Thus only mail
to the posting address and the -owner address is processed through
Mailman's SpamDetect module.

As you note above and I acknowledge, sending autoresponses and/or
subscription confirmation requests to spoofed addresses is a problem.
We intend to mitigate this somewhat in Mailman 2.1.10 by optionally
not including the original message in autoresponses, thus not relaying
the spam itself, but this doesn't affect subscription confirmations.

The real question here is why aren't you just rejecting the spam at the
MTA level instead of flagging and forwarding it, and then wanting to
discard it in Mailman?

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan