Previously Ian Jackson wrote: > Post arrives, and there are a number of reasons it might be > accepted: > - Poster (`From:') on subscription list (per list[1]) > - Message body is PGP signed[2]; key is in one of several PGP > keyrings[3] (same keyring for all lists) > - Poster's return-path + calling IP address[4] is in whitelist > (same whitelist for all lists)
That looks like a good list. > If none of these apply, the post is bounced to the return-path with an > explanation in the bounce text. The bounce contains a challenge, a > response to which (by email, I suppose) adds return-path + calling IP > address to the whitelist and causes the message to be delivered to the > list. Do you want to store the original message on the server? That might grow to become a large database. It could be pruned daily of course. > [2] A PGP signed message is one which consists _entirely_ of: > - An old-style PGP clearsig message optionally followed by a > `-- ' delimited signature (of specified maximum length and > width). > - A new-style PGP-mime message (Content-Type multipart/signed) Perhaps we should support s/mime as well? > [3] Several keyrings: > - Standard Debian maintainer keyring > - Auxiliary keyring, updates auth'd by maintainer keyring > - Manual override file (we don't expect to use this) Debian maintainer keyring is not a file but tries to grab keys from LDAP. > Regarding performance: am I to take it that running a Perl script on > each message is too slow ? That would be a convenient way to > implement it, but Perl's startup costs are substantial, particularly > when lots of modules are being used. Compared to spamassassin it should be quite low-weight, and we can always throw more hardware at the problem (Debian has plenty of offers). Perhaps it can be done as a daemon to which you submit a message with a little bit of context (name of the list should be enough). That way you only need to work a little tool to submit the post which prevents the startup costs. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.
