[Mailman-Users] spam coming through ultra important list

Brad Knowles brad at shub-internet.org
Tue Apr 15 17:15:50 CEST 2008 

Quoting Luke Daly <Luke.Daly at newcastle.edu.au>:

> We currently run a hundred or so lists at a university our biggest   
> one (22000 students at a university) is obviously moderated.

As a side note, I work at a public research University with ~50,000  
students and ~20,000 faculty and staff.

> bringing the membership up in the web interface doesnt work it just   
> times out as it does randomly when trying to apply changes, but   
> thats not the biggest problem.

Mailman was not designed to handle large lists through the WebUI.  I  
hope some of that will be improving with Mailman3, but there's no way  
to tell if that's the case or when Mailman3 will be shipping.

In the meanwhile, you need to make use of the command-line moderation  
& administration tools that are outlined in the FAQ.

>                                 even with users moderated and action  
>  to take when a moderated user is set to reject and action to take   
> when a non member posts is set to reject we got some spam t go   
> through.

I'm not surprised.  If the spammers have access to your archives, then  
they can probably figure out who the authorized users are and forge  
e-mail claiming to be from them.

>                          we couldnt get into the web interface so we  
>  turned emergency moderation on at the box.

In a case like this, that's a good first step.

>                                            is this a known issue or   
> does anyone suspect what it may be/ is it because the list is so   
> large? or that we have so many lists? or is the box under resourced?  
>  I have no idea what is happening here. any help would be appreciated.

Well, you really haven't given us any specifics at all regarding the  
nature of the box, how the mail server is configured, etc....  So,  
it's really hard to make any specific comments that may be helpful to  
you.

I can tell you to go read FAQ 3.11 at  
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.011.htp>, and  
decide if you want to continue using a moderation-based mechanism like  
you have now (so that all messages have to be approved by the  
moderator, regardless of who the sender is), or if you want to use a  
password-enabled system and an "Approved:" header.

If the former, then you're already doing everything you want, and you  
just need to use the system you have.

If the latter, then pay special attention to the instructions on how  
to use the "Approved:" header, otherwise you'll be posting that header  
(and password) to the entire list for everyone to see, at which point  
you'll need to change the password again.

-- 
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the Mailman-Users mailing list