Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
On 8/14/06 5:42 AM, Barry Warsaw [EMAIL PROTECTED] wrote: Today, held messages still have to be approved by the moderator. What I propose is to allow posters to self-moderate, simply by verifying that their address is real. This probably means a clickable link and (maybe) a header cookie for replying. Think Gmane's auto-moderation approach. Unfortunately, the would-be posters then have to be notified of the message status. Thus, while you're reducing moderator workload, the backscatter problem isn't solved. Unfortunately, we know MTAs are hard to write (Exim is still evolving; Postfix took much longer to write than the author expected; sendmail will never be finished). Mailing list managers are hard to write (Mailman is still evolving). So an integrated MTA/MLM would be hard to write (it wouldn't need all the bells and whistles of a full MTA, and would simplify some of the MUA's problems, so the difficulty is probably less than the sum of the difficulties, but still probably more than either alone). (And a newly-written thing doing SMTP would be insecure.) So aside from ruining email, the spammers have ruined email mailing lists. Perhaps irretrievably (at my age of 67, certainly irretrievably in my working lifetime). None of which means it shouldn't be tried, although perhaps it should be tried in the world of whatever comes along to provide a working replacement for SMTP. --John ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq01.027.htp
Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
At 10:59 PM -0700 2006-08-14, John W. Baxter wrote: Unfortunately, the would-be posters then have to be notified of the message status. Thus, while you're reducing moderator workload, the backscatter problem isn't solved. No, it's not solved. However, by putting a semi-intelligent time limiter on the thing (i.e., no more than one response per address per day, or somesuch), the backscatter problem is at least contained to a more tolerable level. And this does get back to the balance thing that I was taking about earlier. If doing your best to make sure that people know that their message was rejected, or held for moderation, or whatever, is more important to you (and your community), then you've got the option to make those sorts of things happen. If eliminating all possibility of backscatter is more important, you've got the option to do that, too. The point here is to increase your options available to you, and to also try to help reduce the load on list moderators and list owners to a more tolerable level. At least, that's the idea. I'm hoping that the reality will live up to this theory. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 Founding Individual Sponsor of LOPSA. See http://www.lopsa.org/. ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq01.027.htp
Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Aug 15, 2006, at 1:59 AM, John W. Baxter wrote: On 8/14/06 5:42 AM, Barry Warsaw [EMAIL PROTECTED] wrote: Today, held messages still have to be approved by the moderator. What I propose is to allow posters to self-moderate, simply by verifying that their address is real. This probably means a clickable link and (maybe) a header cookie for replying. Think Gmane's auto-moderation approach. Unfortunately, the would-be posters then have to be notified of the message status. Thus, while you're reducing moderator workload, the backscatter problem isn't solved. But I think it can be mitigated. You simply don't send a verification for every posting your holding. Maybe you send a summary every three days until the messages expire unverified. So an integrated MTA/MLM would be hard to write (it wouldn't need all the bells and whistles of a full MTA, and would simplify some of the MUA's problems, so the difficulty is probably less than the sum of the difficulties, but still probably more than either alone). (And a newly-written thing doing SMTP would be insecure.) Mailman won't be that integrated MTA/MLM, although it may have tools that help integrate Mailman with the most popular MTAs. I have a clear picture of what I see Mailman doing and it's not the MTAs job or SpamAssassin's job. It's only barely doing Hypermail's job (and that's debatable). So aside from ruining email, the spammers have ruined email mailing lists. Perhaps irretrievably (at my age of 67, certainly irretrievably in my working lifetime). None of which means it shouldn't be tried, although perhaps it should be tried in the world of whatever comes along to provide a working replacement for SMTP. I tend to be more sanguine about things. I'm younger than you but I've been around for long enough to have heard about the death of the internet/arpanet for 25 years. It hasn't happened yet and I don't think email and SMTP is going away any time soon. Maybe it should. Maybe all the kids will gravitate toward other modes of communication and leave us dinosaurs to our spam riddled 20th century telegraphs. Or maybe we'll stay just barely ahead of the spammers enough to eek out the benefits of email and mailing lists for another 20 years. - -Barry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBROG73HEjvBPtnXfVAQIKowQApwRs3Q5+pQaDG8W1fMWi2hcum8oYKmhQ jBLONMPnpWJMIdvNLiuMfNmvSAU1MUCU2xVkia1lxSGZOVf/2+grrObh0GfnR/Kk O4+Gnj1W4hIKCzE/hKLYDYzKxFc1liOXZ2XL3rb9Y67V0mJPw9UQokKW40+R01Gn zcGgFDe8cg4= =qasI -END PGP SIGNATURE- ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq01.027.htp
Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
At 8:19 AM -0400 2006-08-15, Barry Warsaw wrote: I tend to be more sanguine about things. I'm younger than you but I've been around for long enough to have heard about the death of the internet/arpanet for 25 years. It hasn't happened yet and I don't think email and SMTP is going away any time soon. We're certainly getting there for some people. I found out the other night that my Mom no longer bothers doing e-mail. Okay, she's 62, retired six months early due to medical problems (terminal cancer), but she's still got a few good months left and she doesn't want to waste them trying to fight spam in her mailbox. So, she just reads most of the time. My own spam load is around 90-99%, depending on how bad the day is. My ISP routes all their mail for their customers through Postini, and they catch 90% of that, but that still leaves a lot for the ISP to deal with. So, they set up their own secondary anti-spam handling system, which is still as large or larger than the entire rest of the mail system put together. And I still get an annoying amount of spam that gets through to my client, which also has anti-spam features integrated. I can certainly see why many people would get to the point where they start feeling like e-mail no longer has any real value. I certainly feel that way about most USENET newsgroups I know of, and for the same reasons. Maybe all the kids will gravitate toward other modes of communication and leave us dinosaurs to our spam riddled 20th century telegraphs. They already have. It's called IM, chat, or txtng -- depending on the exact platform. Many times I've said that e-mail is the only universal mission-critical platform, but I've also said that each organization may have their own mission-critical applications on top of that. AOL is no different. When I was the Sr. Internet Mail Administrator for AOL, we had only two mission-critical applications -- e-mail and chat. If they weren't available, then most customers would just leave, because there wasn't much of anything else that they wanted to do. And spim is already a major problem, or so I hear. I haven't heard of spat or sptxt being much of an issue, but I'm sure that they'll figure out a way to abuse those systems as well. Thanks to Dateline NBC and Stone Phillips, we have certainly seen way more than we ever wanted to know about how predators use IM to lure kids into abusive situations, and I guess that would probably be the worst form of spim. Or maybe we'll stay just barely ahead of the spammers enough to eek out the benefits of email and mailing lists for another 20 years. I think we'll try, and for some people we will succeed, but my fear is that more and more people are going to start giving up on e-mail and will switch to alternative communication methods. Those methods are likely to be less convenient because if it's too convenient for us then it will probably be much too convenient for spammers. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 Founding Individual Sponsor of LOPSA. See http://www.lopsa.org/. ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq01.027.htp
Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce processing
--On 14 August 2006 14:06:06 -0400 Barry Warsaw [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Aug 14, 2006, at 9:49 AM, Ian Eiloart wrote: One thing that would make integration easier, would be a script bin/may_post (or something), which takes a list name (ideally qualified with domain) and sender address, and returns true if the sender address is allowed to post, and false otherwise. Why don't you code something up and submit it here? :) - -Barry I started to write that I've no python coding experience. Well, about 3 lines because php can't do utf-something or other. Then I thought, well it's about time I got some. I had hacked up a shell script using the existing Mailman scripts, but that was far too inefficient. Instead I've hacked up the attached. It started life as list_config, but hopefully I've not left much trace of that. The second issue below ***MUST*** be resolved before using this script with an MTA. The attached script takes these arguments: -o --outputfile FILE_PATH can be used to specify logging of denies. use '-' to log to stdout -v --verbose causes logging of all results, allows as well as denies. -h --help prints help -s --sender EMAIL_ADDRESS is required The script applies these tests, printing 'allow' or 'deny' to std out on the first match. allow list owners allow list moderators allow members of accept_these_nonmembers deny members of reject_these_nonmembers if generic_nonmember_action is 'reject': allow members to post deny non-members allow by default These issues are outstanding: On allow, I say return 1 on deny I say return 0. I'm not sure whether that's correct. Actually, I think I want the script to succeed every time, so it can't be. I've not figured out how to do a pattern match so accept_these_nonmembers and reject_these_nonmembers are only tested for exact string matches. This *needs to be fixed* for accept_these_nonmembers, otherwise some won't be permitted to post. It'd be nice to log to syslog, but the MTA could take care of that. It might be nice to say 'hold' or 'discard' where appropriate. It's often sensible to reject rather than discard a message, for example. The list's nonmember_rejection_notice isn't used here. It could be returned instead of 'deny' for the MTA to construct a rejection string with. I've hard-coded '2' as the 'reject' key to generic_nonmember_action, which is sinful. -- Ian Eiloart IT Services, University of Sussex#! /local/bin/python # # Copyright (C) 1998-2003 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Find out whether list will reject a message from sender. Usage: check_sender.py [options] -s sender listname Options: --outputfile filename -o filename optionally log denys to list file. --sender sender -s sender check whether the sender is allowed to post to the list. --verbose -v log allows as well as denys. --help -h Print this help message and exit. The option -s is required. import sys import re import time import getopt from types import TupleType import paths from Mailman import mm_cfg from Mailman import MailList from Mailman import Utils from Mailman import Errors from Mailman.i18n import _ NL = '\n' def usage(code, msg=''): if code: fd = sys.stderr else: fd = sys.stdout print fd, _(__doc__) if msg: print fd, msg sys.exit(code) def do_check(listname, sender, outfile, verbose): closep = 0 try: if outfile == '-': outfp = sys.stdout else: outfp = open(outfile, 'a') closep = 1 # Open the specified list unlocked, since we're only reading it. try: mlist = MailList.MailList(listname, lock=0) except Errors.MMListError: usage(1, _('No such list: %(listname)s')) # get all the list config info. all this stuff is accessible via the # web interface when = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime()) # always allow the owner to post if sender in mlist.owner : if verbose: print outfp, _('''%(when)s %(listname)s owner %(sender)s allowed''')
Re: [Mailman-Developers] Fwd: suggested improvement for Mailman's bounce pro
I can certainly see why many people would get to the point where they start feeling like e-mail no longer has any real value. I certainly feel that way about most USENET newsgroups I know of, and for the same reasons. Brad Knowles, [EMAIL PROTECTED] Eamil has indeed become very frustrating lately, my email client is currently fried and hopefully the guy coming over tonight can figure out how to retrieve it, i've tried all i know and can't get it to open at all. I also get all the spam you've talked about, and the current software we're using to host a list on sends me every piece of spam received for any imaginary address the spam folks make for the domain on top of my more than healthy dose of personal spam of course. Its very annoying and at times its been a good thing I can't quite reach the computer to throw it out into oncoming traffic, however, I work at home so its a vital part of what allows me to do the various jobs from home. Now, I've noticed a marked decrease in the viruses circulating in recent months, and a huge increase in spam at about the same time. A very senior tech guy I respect a great deal has told me that the virus writing jerks have now been hired to write software that spreads spam like they used to spread viruses and I believe it. I told him i was getting the same sort of sinking feeling about the internet hanging on by a thread like i used to get when the major finanacial services applications i worked with were about to crash and he brought that up in response. I used to say, about the virus jerks, that if only they'd put their talents to some good use they could change or rule the world and make a fortune doing it, unfortunately it appears they've now figured out how to make that fortune doing spam instead of something 'good' for the world. Sad isn't it? Gail ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showfile=faq01.027.htp