On 18 Jun 2003, Barry Warsaw wrote:
> > Couldn't mailman redirect bounce/moderation notifications in the case
> > where the FROM address is a mailman list and send it to the site/list
> > administrator instead (or maybe drop it completely??)? I think this would
> > avoid spamming the list subscribers while adding a minor load to the
> > administrator's work.
> >
> > Does mailman 2.1.x already do this? If not, would this break something in
> > mailman? Is it unreasonably restrictive on the site/list administrator(s)?
>
> Mailman doesn't do this, and it's not a bad idea. Of course, the best
> you can do is prevent indirect spam within the same Mailman instance.
> Another approach would be to set up a "suspicious header" hold on
> "Message-ID: <mailman." which is always added by the routines that
> Mailman uses to send out mail. IWBNI you could actually configure
> Mailman to drop such messages.
>
> -Barry
Would the hold be activated on the notification arriving at the spoofed
mailing list, or would it be activated on the post to the moderated list?
i.e:
1)
-spam-> [EMAIL PROTECTED] -notification-> *HOLD* [EMAIL PROTECTED]
or would it be:
2)
-spam-> [EMAIL PROTECTED] *HOLD* -notification-> [EMAIL PROTECTED]
I guess part of the issue is which list admin (assuming they are separate
admins) should have to deal with this problem? I'd say you want the
moderated list admin to deal with it because they were the immediate
recipient (their policy should not cause others to suffer :), plus they
may somehow have better information with which to analyze the spam).
OTOH, knowledge of a spammer who intentionally uses this technique to spam
[EMAIL PROTECTED] may be something the admin of list foo should know
about...
I tend to favor #2 (moderated list admin)
Cheers,
-Matt Helsley
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
