Re: [Mailman-Users] connect to exchange server

[Jeanne Ilchuk]

Thanks, Grant.  My email to the mailman list is taking a long time to get 
through.  Would you mind doing a reply all ?  I'm on vacation and will work on 
this next week.  Needs to be up and running by the end of the year.  

jeanne

>You did not say, do you want your mailing lists to be in the domain
>hosted by Exchange, or in a sub-domain that is hosted by the Solaris
>mail server?
The mailing lists will be on the mailman server [solaris].  I was as little 
contact as possible with the exchange server and the person running it.

>Who is administering Exchange for you?
The microsoft person.

> Also, what version of Exchange are you using?
version 8.1.240.0

Here is some other Exchange server info I get when I'm logged in.  
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET 
CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
Outlook Web Access version: 8.1.311.2
Outlook Web Access host name: mail.wrlc.org
Exchange Client Access server .NET Framework version: 2.0.50727.1433
Client Access server operating system version: Microsoft Windows NT 5.2.3790 
Service Pack 2
Microsoft Exchange Client Access server version: 8.1.240.0
Mailbox server name: w2k-exchange1.wrlc2k.wrlc.org
Mailbox server Microsoft Exchange version: 8.1.240.0
Other Microsoft Exchange server roles currently installed on the Client Access 
server: 
Mailbox, Hub Transport


From: mailman-users-bounces+ilchuk=wrlc@python.org 
[mailman-users-bounces+ilchuk=wrlc@python.org] On Behalf Of Grant Taylor 
[gtay...@riverviewtech.net]
Sent: Friday, December 19, 2008 12:15
To: Mail List - Mailman
Subject: Re: [Mailman-Users] connect to exchange server

On 12/18/08 06:51, Jeanne Ilchuk wrote:
> I was looking thru the archives and found this note from 2004 (below)
> which gave me the impression that it did not work with exchange.

I don't think that it is possible to integrate Mailman with Exchange
like you can with Sendmail / Postfix / Qmail / etc.  But that does not
mean that it can not be made to work.

> Do I need to run again with cgi-gid=mailnull ?  or can I just chgrp?
I have no idea.

> --with-mailhost=mail is the hostname our exchange server
*nod*

If I recall Solaris uses "mail" as sort of a ""magic host name as a
place holder that everything uses and the system is set up so that the
magic name of "mail" resolves to the actual mail server.  Am I any where
close?

> On the mailman server, I changed the mailhost to the hostname of the
> sun server where I installed mailman, then set up the apache server
> with a dedicated IP and dns entry mailman.
Ok.  (I think.)

> I'm kind of struggling here because I've been using ecartis MLM on an
> old FreeBSD server that IT is eliminating.   At the same time we
> moved our mail from the freebsd server (postfix) to MS Exchange.  I
> don't have a clue how the exchange server works.  I'm accessing my
> own email using the WOA Light version, which would have to be imap
> with SMTP [I thought].  Is exchange a pop3 server ?
Exchange is /many/ things, including POP3, IMAP, SMTP, X.400, etc.

> Thanks for all the speedy replies.  I'll be back!  -- Back to the
> drawing board -- suggestions welcome.

Either way, you are going to have to configure Exchange to route some
email to the Solaris mail server, be it individual mail boxes, or a
sub-domain.

Grant. . . .
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/ilchuk%40wrlc.org
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] connect to exchange server

[Jeanne Ilchuk]

Thanks, Mark.  I'm on vac today but will find out if all email is sent to 
exchange (my guess is that it is because of prior problems with ecartis bounced 
messages).  Sendmail doesn't have a user or group.  /etc/group shows smmsp::25: 
 I forgot where I found that information (to use 25)

I'll update you on my progress next week.  I need to finish up by end of year. 
Thanks for the help.  

jeanne

From: Mark Sapiro [m...@msapiro.net]
Sent: Friday, December 19, 2008 10:42
To: Jeanne Ilchuk; Mail List - Mailman
Subject: Re: [Mailman-Users] connect to exchange server

Jeanne Ilchuk wrote:

>I was looking thru the archives and found this note from 2004 (below) which 
>gave me the impression that it did not work with exchange.  That being said, 
>here are more of my details.
>I'm installing on a Solaris sparc (v10), which has a functioning Sendmail that 
>sends job output etc to staff.  I just found "Integrating Mailman with 
>Sendmail" in the mailman docs, so I'm working with that.  I ran the Makefile 
>with these parms-
>$ ./configure --with-mail-gid=25 --with-cgi-gid=nobody --with-python=/usr/bin/
>python --with-mailhost=mail --with-urlhost=mailman


Is 25 the gid under which sendmail will invoke the mail wrapper?

--with-mailhost  and --with-urlhost are fully qualified domain names
for email and web respectively. e.g mail.example.com and
mail...@example.com.

>Do I need to run again with cgi-gid=mailnull ?  or can I just chgrp?


You need to configure with --with-cgi-gid= whatever group apache will
use when invoking Mailman's CGIs and no, you can't just chgrp unless
by that you mean change the group that apache uses.


>--with-mailhost=mail is the hostname our exchange server


and assuming you qualify it, this is the host that Mailman will use in
list addresses, envelope senders, etc.

If it is possible, you could avoid a lot of pain by having incoming
mail to Mailman go directly to sendmail at mailman.example.com, and
skip exchange all together. The only reason this wouldn't work is if
your network route all external port 25 connects to the exchange
server.

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Lindsay Haisley]

On Sat, 2008-12-20 at 14:49 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> 
>  > So if I can't refuse potential spam at the SMTP front door, what
>  > difference does it make whether it gets detected in Mailman or the MTA?
> 
> None.  But one still wonders why anybody would consider *running
> SpamAssassin* anywhere but in the MTA (or in the pipe to the delivery
> agent, if milters aren't supported as is apparently true for Courier)
> an advantage.

Courier doesn't need milters.  Maildrop can be run in what's called
"embedded mode" which is effectively the same thing.  I chose to accept
spam (the 20% or so that makes it past RBL filtering) onto the system
and give users the option to mark it and segregate it according to their
preferences.  Courier could easily be configured to keep reject
identified spam in SMTP, but as it is, people are more comfortable
having the option to examine it and adjust their filtering levels
accordingly.

This is beside the issue, since I have SA and RBL filtering working
well, and exactly the way I want them to, for user mailboxes.  I may
need to do some work to get filtering for lists to work as I want them
to.

>  > What I'd really like is a way to hook SpamAssassin, or a similarly
>  > effective tool, into Mailman
> 
> You can do that with Henstridge's code, but IMO it's an ugly kludge
> compared to running SpamAssassin early and configuring it to report
> special features for use by the SpamDetect Handler in Mailman, etc.
> They could be given default scores of 0.0 if they can't reliably be
> used for scoring except for certain addressees, but they'd still be
> reported if their rules are triggered.

This is an iteresting idea.  I'm not real happy with Henstridge's
solution so I'll give this some thought.

> In your case you'd be running it in maildrop, which presumably means
> you know which addressee(s) is (are) being delivered.  It should be
> possible to give that information to SpamAssassin (SpamAssassin knows
> on which user's behalf it's being run, although I forget the details)
> and configure rules conditional on that information.

I'm doing pretty much exactly this already for user mailboxes.  Lists
are a slightly different matter, for reasons explained elsewhere.

>   I don't see why
> this would be enormously harder than than if SpamAssassin were running
> in Mailman, and it would have the advantage that rule dispatch would

Because I'm feeding Mailman through the forwarding/redirection system in
courier (rather than the delivery agent), mail to lists isn't subject to
SA filtering.  This is by choice, for a variety of reasons.  So if I
want to use SA with Mailman I either have to configure it to run as per
something like Henstridge's code, or I have to re-introduce SA filtering
on a per-domain level for lists in the MTA.  There may be some good
reasons to do this, the main one being that Henstridge's code is
apparently unmaintained and currently broken as posted on his website.

I gotta go fix some supper for my lady and I before I get into trouble.
Thanks for an interesting discussion.

-- 
Lindsay Haisley   |"Fighting against human | PGP public key
FMP Computer Services |   creativity is like   |  available at
512-259-1190  |   trying to eradicate  |
http://www.fmp.com|   dandelions"  |
  | (Pamela Jones) |


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Lindsay Haisley]

On Fri, 2008-12-19 at 23:38 -0600, J.A. Terranson wrote:
> On Fri, 19 Dec 2008, Lindsay Haisley wrote:
> 
> 
> 
> > Mailman already has a SpamDetect module which is reasonably useless, and
> > discards (not rejects) spam internally.  What I'd really like is a way
> 
> Lindsay, you cannot, repeat NOT -reject- after you have accepted a 
> message.  Nonononono!  Go look at the RFC if you have any doubt 
> whatsoever.

Why not?  Mailman does it.  There are many settings in Mailman which
provide the option to silently _discard_ emails such as postings from
non-members of a list.

But I'm being perverse ;-)  I've read the RFCs and understand what
you're saying here.  Basically, in the system I'm using, the _only_ mail
that gets dropped altogether is list requests which are assigned a SA
level over 5.  Everything else for users and lists is quarantined or
segregated, or rejected at the front door.

> > I'm always doing things with my servers which others tell me I shouldn't
> > do, and as long as I'm careful about security and efficiency I often end
> > up with some pretty elegant and flexible solutions.  And then people who
> > told me not to do these things want to know how I got things to work the
> > way I did ;-)
> 
> And then shake their heads that you really did it?



> Please.  Don't reject after an accept: that is de-facto spam.

Well if it's any consolation to you, I don't ever explicitly send a
rejection back to the envelope sender :-)

-- 
Lindsay Haisley   | "In an open world,| PGP public key
FMP Computer Services |who needs Windows  |  available at
512-259-1190  |  or Gates"| http://pubkeys.fmp.com
http://www.fmp.com|   |


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Lindsay Haisley]

On Sat, 2008-12-20 at 13:54 +0900, Stephen J. Turnbull wrote:
> Brad Knowles writes:
>  > Lindsay Haisley wrote:
> 
>  > > The problem with this is that no spam detection method is 100%
>  > > effective, and with SpamAssassin there's some overlap between setting
>  > > the rejection level low enough to be effective and getting false
>  > > positive identification of spam.
> 
> You're missing the point.  If you're going to run SpamAssassin or
> anything else that is able to tag messages as well as simply reject/
> quarantine/accept them, it's really a good idea to do it for *all*
> messages.

The devil is in the details here.  I explicitly exempt email destined
for forwarding/redirection from examination by SpamAssassin.  I do this
for two reasons.

1.  User-settable options for SpamAssassin enable the segregation of
identified spam into separate mailboxes, accessible via IMAP.  Forwarded
email has on mailboxes on the system so this can't be done, and I make
the assumption that if people are setting up mail forwarding directives
for their accounts then filtration for spam will be done on the system
that actually accepts the mail for delivery.  After the RBL filter in
courier rejects about 80% of the incoming spam, redirected email is
simply sent on to the receiving system, spam or no.  It ain't FMP's
responsibility!  I don't run a spam filtering service.  I love my CPU
cycles :-)

2.  The minimum class of email service FMP offers is mail forwarding
only, no mailboxes, and hence no spam filtering other than front door
RBL filtering.  People get what they pay for.

Mailman, and mailing lists at FMP just happen to work using the
redirection/forwarding mechanism in courier, so Mailman doesn't benefit
at all from SpamAssassin in the MTA, and must handle filtering in some
other way.  I really don't see a problem here.  I just wish that
SpamAssassin could be integrated more flexibly into Mailman.

>   You can run SpamAssassin in the MTA, reject some of the
> spam there based on fairly complex (and therefore precise) formulae,
> and then do further filtering later based on the tags that
> SpamAssassin will insert for you as headers.

Arrgh!  This feels ugly, or at least un-elegant.  There's no such thing
as "precise formulae" when it comes to SpamAssassin, so this is
difficult.  And consider this problem:

An email comes in to user A and user B - two recipients, two RCPT TO
exchanges in the SMTP dialog.  The MTA doesn't know what's in the
message yet, but let's say it says "250 Ok." for both recipients.  Then
follows the DATA exchange and the message body is sent.  And let's say
SpamAssassin looks at the message body and determines that, based on the
body content, the email is spam according to user A's settings in the SA
database, but isn't spam according to user B's settings.  What is the
MTA to do?  It has already passed the point of no return in accepting
the recipients, and the only choice it has is to reject the email for
both or reject it for neither.  At this point it can't issue a split
decision and return a reply consistent with RFCs.

>  > > This solution isn't perfect, but it does help cut down on complaints
>  > > from list owners about too much moderator spam.
> 
> If it's not going to get to the moderators/owners, there's no good
> reason not to reject at the MTA stage, using a milter to do so before
> accepting delivery, and so reducing spammer deliverability scores.
> (It's not just your host you're protecting when you do this; you're
> undermining the whole spammer enterprise!  Fight back -- you may not
> have a snowball's chance (etc) of winning, but you'll feel good!)

For years I reported every spam I got to my personal account - looked up
the serving systems, or the systems hosting contact websites, and sent
bucu letters to sysadmins all over the world.  This was effective when a
good portion of spam came from the US, and I know I got a lot of
spammers' resources knocked offline.  I found out later that my email
address was on at least one undercover do-not-spam list used by some
spammers.  So I've done my time in the trenches, and at this point it's
a no-nevermind to me whether I refuse a spam at the SMTP level or dump
it in the cosmic bit bucket at a later stage.

> Here's Brad:
> 
>  > There's nothing you can do with SpamAssassin integrated into Mailman that 
>  > you couldn't do with SpamAssassin integrated into the MTA,
> 
> Not entirely true.  Many installations refuse to permit per-user rules.
> (If you run SA yourself, you can specify the config file, and therefore
> your own rules.)

All FMP customers who have mailboxes on the system can set the
SpamAssasin level at which mail will be identified as spam, what the tag
in the subject line is identifying spam, and whether or not to segregate
said spam into a separate IMAP folder.  They can furthermore provide
both a whitelist and a blacklist of addresses.  So customers can't
exactly write their own SA rules, but they have some control ov

Re: [Mailman-Users] Spam to list-owner

[Stephen J. Turnbull]

Lindsay Haisley writes:

 > So if I can't refuse potential spam at the SMTP front door, what
 > difference does it make whether it gets detected in Mailman or the MTA?

None.  But one still wonders why anybody would consider *running
SpamAssassin* anywhere but in the MTA (or in the pipe to the delivery
agent, if milters aren't supported as is apparently true for Courier)
an advantage.

 > What I'd really like is a way to hook SpamAssassin, or a similarly
 > effective tool, into Mailman

You can do that with Henstridge's code, but IMO it's an ugly kludge
compared to running SpamAssassin early and configuring it to report
special features for use by the SpamDetect Handler in Mailman, etc.
They could be given default scores of 0.0 if they can't reliably be
used for scoring except for certain addressees, but they'd still be
reported if their rules are triggered.

 > so that I can get a lot more fine-grained control and set
 > meaningful parameters on a per-list basis.  The further forward I
 > shove it, the harder it is to exercise this kind of control.

In your case you'd be running it in maildrop, which presumably means
you know which addressee(s) is (are) being delivered.  It should be
possible to give that information to SpamAssassin (SpamAssassin knows
on which user's behalf it's being run, although I forget the details)
and configure rules conditional on that information.  I don't see why
this would be enormously harder than than if SpamAssassin were running
in Mailman, and it would have the advantage that rule dispatch would
be configured in one place.

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[J.A. Terranson]

On Sat, 20 Dec 2008, Stephen J. Turnbull wrote:

> J.A. Terranson writes:
> 
>  > Add option checkboxes to the current request.  You already have an "Allow 
>  > this person to send in the future", add
>  > "Allow this person to ignore future size limits"
> 
> Better phrasing would be
> 
> Do not enforce size limits on this person.

Agreed.

> I don't much like this addition of more options per post, though,
> because these pages are already too big for convenience, spilling over
> to many screens.  I would prefer a more compressed format so I can
> nuke the obvious spam quickly, then go through a pass with more
> detailed treatment of individual posts.

This is a good point, although I still would like a lot more granularity 
in my decision making.  The ability to set an override *once*, will save 
me hundreds of hours a year in listmeister time.

At the same time, I agree the current interface is clunky, fugly, and 
slower that gardenias blossoming under heavy doses of fertilizer. But I 
love it just the same.


> Certainly both can be done, but the option of a highly compressed 
> format is far higher priority on my wishlist.

Interestingly, I would place it at #2 on my list, as getting #1 will 
by definition allow me to enjoy #2, but without #1, #2 doesnt matter.

//Alif

-- 
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother

"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

on 12/19/08 10:54 PM, Stephen J. Turnbull said:


Not entirely true.  Many installations refuse to permit per-user rules.
(If you run SA yourself, you can specify the config file, and therefore
your own rules.)


Fair enough.  Which leads me to what I've said before, which is that the 
only legitimate reason left for providing hooks for integrating tools 
like SpamAssassin or SpamBayes inside of Mailman itself, is for those 
people who don't have full control over their MTA.


It's still better to integrate tools like SpamAssassin and SpamBayes as 
early in the process as possible, but sometimes there are limits as to 
what is possible.



Now, in Lindsey's case, we're both members of a local Unix user group 
here in Austin, and I happen to know that he owns the entire machine. 
So, it's certainly possible for him to install SpamAssassin with the 
full user-level rules incorporated.  Of course, that may be a 
non-trivial task, but it's still an option that is available to him.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[J.A. Terranson]

On Fri, 19 Dec 2008, Lindsay Haisley wrote:



> Mailman already has a SpamDetect module which is reasonably useless, and
> discards (not rejects) spam internally.  What I'd really like is a way

Lindsay, you cannot, repeat NOT -reject- after you have accepted a 
message.  Nonononono!  Go look at the RFC if you have any doubt 
whatsoever.

This is a horrifically BAD practice (which Barracuda and Exchange are 
renowned for) that you should avoid at any and all costs.

> I'm always doing things with my servers which others tell me I shouldn't
> do, and as long as I'm careful about security and efficiency I often end
> up with some pretty elegant and flexible solutions.  And then people who
> told me not to do these things want to know how I got things to work the
> way I did ;-)

And then shake their heads that you really did it?

Please.  Don't reject after an accept: that is de-facto spam.

//Alif

-- 
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother

"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[Brad Knowles]

on 12/19/08 10:32 PM, Stephen J. Turnbull said:


I don't much like this addition of more options per post, though,
because these pages are already too big for convenience, spilling over
to many screens.  I would prefer a more compressed format so I can
nuke the obvious spam quickly, then go through a pass with more
detailed treatment of individual posts.


I believe where we are going is that there will be a greatly simplified 
interface that is exposed by default, and experienced list moderators 
and listowners may be allowed to access an optional, and much more 
complete administration interface, depending on how the site 
administrator has configured the system.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

on 12/19/08 10:31 PM, Lindsay Haisley said:


SpamAssassin has to do a fairly intensive examination of the mail body
and may reject based on this examination, but because of the way SMTP
works, it's a bad practice to wait until after the DATA section of a
mail transaction is complete to reject an email at the front door.


The only real legitimate reason I've ever heard given for why programs 
like SpamAssassin should run after the original message has been 
received is because of the SMTP dialog timeouts listed in RFC 1123 
section 5.3.2, and the fact that certain types of processing might take 
longer than would otherwise be considered reasonable during that SMTP 
dialog process.


However, I think that has long since fallen by the wayside.  These days, 
having a few extra seconds of delay is actually likely to make spammers 
go away and try someone else, which was the entire point of Ken 
Simpson's invited talk at LISA 2007, entitled "Using Throttling and 
Traffic Shaping to Combat Botnet Spam" (see 
).  They 
build commercial tools to intentionally add a delay before the 
connection ever hits your MTA, and they find that a short mandatory 
delay actually results in a significant reduction in spam -- just a few 
seconds is enough.


Moreover, there are lots of things that can only be feasibly done by 
more complex processing systems like SpamAssassin, and you might as well 
hold the sender open while you do that processing.  If the message is 
rejected, then you've spent the same amount of CPU time as you would 
have anyway, you helped slow the spammers down, and you didn't accept 
the message.  If the message is accepted, then the sender probably 
wasn't held open very long.



Speaking as the former chair of the Best Current Practices subgroup of 
the IETF/IRTF Anti-Spam Research Group, I can assure you that running 
SpamAssassin (and similar tools) in this "interactive mode" really is 
Best Current Practice.



One
runs into, at very least, some theoretical logical conundrums, and even
though it might be arguably OK to reject spam for all "rcpt to"
recipients at once, it takes the choice away from individual users re.
how severe they want to filter for spam.  There are other
considerations.


Tools like SpamAssassin can give you per-user controls.  If you're not 
making use of those, then you can't realistically argue the point that 
you need them and therefore the SpamAssassin processing should be done 
elsewhere.



So if I can't refuse potential spam at the SMTP front door, what
difference does it make whether it gets detected in Mailman or the MTA?


If it's done in the MTA, you save a lot of work with re-injecting of the 
message and all the work of starting up the Mailman modules, just to 
have the message rejected at a later stage.


You really, really want to do as much work as you possibly can as early 
as possible in the pipeline.



Mailman already has a SpamDetect module which is reasonably useless, and
discards (not rejects) spam internally.


Once you've accepted a message, if you decide it's spam, then you 
*CANNOT* reject the message.  Your only choices are to tag it and pass 
it on to a later stage, or to drop it.


Anything else makes you a source of "backscatter", a.k.a., "blowback", 
and you are then a tool of the spammers to join in a DDoS attack against 
some poor sucker in a distributed Joe Job attack.  And being a source of 
backscatter will get you blacklisted about as fast as if you were a 
front-line spammer yourself.



 What I'd really like is a way
to hook SpamAssassin, or a similarly effective tool, into Mailman so
that I can get a lot more fine-grained control and set meaningful
parameters on a per-list basis.  The further forward I shove it, the
harder it is to exercise this kind of control.


Take a closer look at the kinds of controls that SpamAssassin gives you.

At this point, the only legitimate reason for providing any kind of 
hooks for tools like SpamAssassin or SpamBayes in the Mailman code is 
for those people who do not have this level of control over their MTA, 
so they simply have no choice -- either it's done inside of Mailman, or 
it's not done at all.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Stephen J. Turnbull]

Brad Knowles writes:
 > Lindsay Haisley wrote:

 > > The problem with this is that no spam detection method is 100%
 > > effective, and with SpamAssassin there's some overlap between setting
 > > the rejection level low enough to be effective and getting false
 > > positive identification of spam.

You're missing the point.  If you're going to run SpamAssassin or
anything else that is able to tag messages as well as simply reject/
quarantine/accept them, it's really a good idea to do it for *all*
messages.  You can run SpamAssassin in the MTA, reject some of the
spam there based on fairly complex (and therefore precise) formulae,
and then do further filtering later based on the tags that
SpamAssassin will insert for you as headers.

 > > This solution isn't perfect, but it does help cut down on complaints
 > > from list owners about too much moderator spam.

If it's not going to get to the moderators/owners, there's no good
reason not to reject at the MTA stage, using a milter to do so before
accepting delivery, and so reducing spammer deliverability scores.
(It's not just your host you're protecting when you do this; you're
undermining the whole spammer enterprise!  Fight back -- you may not
have a snowball's chance (etc) of winning, but you'll feel good!)

Here's Brad:

 > There's nothing you can do with SpamAssassin integrated into Mailman that 
 > you couldn't do with SpamAssassin integrated into the MTA,

Not entirely true.  Many installations refuse to permit per-user rules.
(If you run SA yourself, you can specify the config file, and therefore
your own rules.)

If we let Brad be Brad :-), he'll probably reply that in his book that's
a firing offense and you should be shopping for a new host.  But YMMV.

 > The only thing that implementing anti-spam rules in Mailman would get you 
 > (beyond the anti-spam features that Mailman has today), is if the anti-spam 
 > processing system that was integrated was *different* from the one that was 
 > integrated into your MTA,

But if that buys *you* something, why not share the costs and benefits
with all users on that system?  I don't think this is actually a
reason to do it at the Mailman level, *unless* you've got host-level
constraints.

Any spam analysis (other than human moderation) done at the Mailman
level should be considered a thumb-in-dike technology, to be replaced
with analysis and (at least some) filtering at the MTA level, with
filtering at post-MTA levels to be moved to the MTA level as soon as
accurate discrimination is possible.  (Obviously this "ASAP"
recommendation depends on admin talent and time availability, but note
that a lot of it is done simply by upgrading your filters' rule
databases regularly.)

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Lindsay Haisley]

On Fri, 2008-12-19 at 12:09 -0600, Brad Knowles wrote:
> That's certainly true, but that's no reason to push anti-spam processing 
> back to the point where you can't use SpamAssassin to refuse to accept the 
> message.  Even if you can't get 100% accuracy and 100% precision, you should 
> do all the anti-spam processing as early in the pipeline as you can, which 
> means putting them in the MTA and not Mailman.

I don't know, Brad.  I'm using courier for my MTA, which I like a great
deal, and it's extremely well engineered.  It comes with a mail
processing program called maildrop, kind of like procmail for adults,
which is very capable.  SpamAssassin is implemented for user accounts
using a global maildroprc, and this might be possible for lists as well
on a per-domain basis, but I don't know how useful that would be, and
I'd lose the advantage that SpamAssassin.py gives me in allowing a
"moderation margin" - a nice feature.  I'm sure you familiar with
Hentstridge's implementation for Mailman.
 
SpamAssassin has to do a fairly intensive examination of the mail body
and may reject based on this examination, but because of the way SMTP
works, it's a bad practice to wait until after the DATA section of a
mail transaction is complete to reject an email at the front door.  One
runs into, at very least, some theoretical logical conundrums, and even
though it might be arguably OK to reject spam for all "rcpt to"
recipients at once, it takes the choice away from individual users re.
how severe they want to filter for spam.  There are other
considerations.

So if I can't refuse potential spam at the SMTP front door, what
difference does it make whether it gets detected in Mailman or the MTA?
Mailman already has a SpamDetect module which is reasonably useless, and
discards (not rejects) spam internally.  What I'd really like is a way
to hook SpamAssassin, or a similarly effective tool, into Mailman so
that I can get a lot more fine-grained control and set meaningful
parameters on a per-list basis.  The further forward I shove it, the
harder it is to exercise this kind of control.

I'm always doing things with my servers which others tell me I shouldn't
do, and as long as I'm careful about security and efficiency I often end
up with some pretty elegant and flexible solutions.  And then people who
told me not to do these things want to know how I got things to work the
way I did ;-)

-- 
Lindsay Haisley   | "The difference between | PGP public key
FMP Computer Services |  a duck is because one  |  available at
512-259-1190  |  leg is both the same"  | http://pubkeys.fmp.com
http://www.fmp.com|   - Anonymous   |

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[Stephen J. Turnbull]

J.A. Terranson writes:

 > Add option checkboxes to the current request.  You already have an "Allow 
 > this person to send in the future", add
 > "Allow this person to ignore future size limits"

Better phrasing would be

Do not enforce size limits on this person.

("in the future" is implied, although I guess some people will assume
that if they check that box they don't need to check the Accept box).

I don't much like this addition of more options per post, though,
because these pages are already too big for convenience, spilling over
to many screens.  I would prefer a more compressed format so I can
nuke the obvious spam quickly, then go through a pass with more
detailed treatment of individual posts.

Certainly both can be done, but the option of a highly compressed
format is far higher priority on my wishlist.

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Stephen J. Turnbull]

Brad Knowles writes:

 > Just like they boost their deliverability numbers by intentionally
 > targeting postmaster@ addresses (because the RFCs require that
 > address will always accept mail no matter what).

Sad that their customers can be fooled by this
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Questions About 2.1.9 to 2.1.11 Upgrade

[Mark Sapiro]

Barry Finkel wrote:

>When I upgraded my test Ubuntu system from Mailman 2.1.9 to 2.1.11
>I saw messages for each list:
>
> Updating mailing list: mailman 
> Updating the held requests database.
> - updating old private mbox file
>looks like you have a really recent CVS installation...
>you're either one brave soul, or you already ran me
> - updating old public mbox file
>looks like you have a really recent CVS installation...
>you're either one brave soul, or you already ran me
> Fixing language templates: mailman 
>
>What is updated in the "private mbox file" and the "public mbox file"?
>I need to know if I need to backup the
>
> /var/lib/mailman/archives
>
>directory before I convert.  I would prefer not to, as the archives
>are VERY large.


Over the years (pre Mailman 2.1) the mbox file has been located in
different places in the hiereachy and had different names. bin/update
(run as the final step of 'make install') is figuring out whether the
mbox is in the place where the current release expects it to be, and
if it isn't, will move it there. The 'private'

   looks like you have a really recent CVS installation...
   you're either one brave soul, or you already ran me

message (admitedly not a very good message at this point) says that it
found archives/private/LISTNAME.mbox/LISTNAME.mbox and didn't find any
of the prior (pre 2.1) files so it didn't need to do anything. The
'public' message says it didn't find an actual file (as opposed to a
symlink to a directory) at archives/public/LISTNAME and didn't need to
do anything there either.

In any case, it doesn't touch the contents of these files at all. It
just renames them.


>I assume that if something drastic goes wrong with the update, then
>the only recourse is to restore all of the Mailman directories from
>a tar backup taken just before the conversion.  I assume that just
>re-installing the Mailman 2.1.9 package (that I am currently running)
>over the 2.1.11 package will not work.  Note that these packages are
>ones I built from the SourceForge source, not the Ubuntu/Debian
>packages.  Thanks.


That's more or less correct. You can 'force' a downgrade, but it won't
undo various config.pck, etc. changes. In many cases including
downgrading from 2.1.11 to 2.1.9, the only changes would have been the
addition of a couple of list attributes that wouldn't be referenced in
2.1.9 anyway, so a downgrade would be safe, BUT "if something drastic
goes wrong with the update", there's no telling what might have been
corrupted. It's always a good idea to have a backup.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] Questions About 2.1.9 to 2.1.11 Upgrade

[Barry Finkel]

When I upgraded my test Ubuntu system from Mailman 2.1.9 to 2.1.11
I saw messages for each list:

 Updating mailing list: mailman 
 Updating the held requests database.
 - updating old private mbox file
 looks like you have a really recent CVS installation...
 you're either one brave soul, or you already ran me
 - updating old public mbox file
 looks like you have a really recent CVS installation...
 you're either one brave soul, or you already ran me
 Fixing language templates: mailman 

What is updated in the "private mbox file" and the "public mbox file"?
I need to know if I need to backup the

 /var/lib/mailman/archives

directory before I convert.  I would prefer not to, as the archives
are VERY large.

I assume that if something drastic goes wrong with the update, then
the only recourse is to restore all of the Mailman directories from
a tar backup taken just before the conversion.  I assume that just
re-installing the Mailman 2.1.9 package (that I am currently running)
over the 2.1.11 package will not work.  Note that these packages are
ones I built from the SourceForge source, not the Ubuntu/Debian
packages.  Thanks.
--
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory  Phone:+1 (630) 252-7277
9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
Building 222, Room D209  Internet: bsfin...@anl.gov
Argonne, IL   60439-4828 IBMMAIL:  I1004994

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[J.A. Terranson]

On Fri, 19 Dec 2008, Brad Knowles wrote:

> J.A. Terranson wrote:
> 
> > OK.  If it's reasonable, here's my "wish list":
> > 
> > Add option checkboxes to the current request.  You already have an "Allow
> > this person to send in the future", add an "Allow this person to ignore
> > future size limits" and an "Allow this person to use implicit addresses".
> 
> I'd suggest adding these to the list at
> .

Will do.

Thank you1

//Alif

-- 
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother

"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

Lindsay Haisley wrote:


The problem with this is that no spam detection method is 100%
effective, and with SpamAssassin there's some overlap between setting
the rejection level low enough to be effective and getting false
positive identification of spam.


That's certainly true, but that's no reason to push anti-spam processing 
back to the point where you can't use SpamAssassin to refuse to accept the 
message.  Even if you can't get 100% accuracy and 100% precision, you should 
do all the anti-spam processing as early in the pipeline as you can, which 
means putting them in the MTA and not Mailman.



This solution isn't perfect, but it does help cut down on complaints
from list owners about too much moderator spam.


There's nothing you can do with SpamAssassin integrated into Mailman that 
you couldn't do with SpamAssassin integrated into the MTA, and there's lots 
of stuff that you can do with SpamAssassin when it is integrated into the 
MTA which you cannot do if SpamAssassin is further down the queue.


So, there's every reason to integrate it into the MTA, and every reason to 
*NOT* integrate it into Mailman.


The only thing that implementing anti-spam rules in Mailman would get you 
(beyond the anti-spam features that Mailman has today), is if the anti-spam 
processing system that was integrated was *different* from the one that was 
integrated into your MTA, so that you had an additional level of 
functionality and filtering with a different approach that would hopefully 
help fill some of the gaps in the approaches used earlier in the pipeline.


So, for example, if we integrated SpamBayes into Mailman, that could be a 
benefit for sites that use something other than SpamBayes earlier in the 
pipeline.  However, it wouldn't do us any good on python.org, since we 
already use SpamBayes integrated into our MTA.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Lindsay Haisley]

On Fri, 2008-12-19 at 11:23 -0600, Brad Knowles wrote:
> Lindsay Haisley wrote:
> 
> > I note that Brad doesn't mention this solution in his reply to you, so
> > it may be frowned upon officially, but I've found it helpful.
> 
> SpamAssassin is one good anti-spam tool, but IMO it should be integrated 
> into the MTA, because that's the only place where you can make these kinds 
> of decisions before you actually accept the message.  Once you accept a 
> piece of spam, you've already lost.  Even if you throw it away, the spammer 
> was able to increase their deliverability count.

The problem with this is that no spam detection method is 100%
effective, and with SpamAssassin there's some overlap between setting
the rejection level low enough to be effective and getting false
positive identification of spam.  I use RBL filtering from several
carefully selected RBL lists to eliminate about 80% of incoming spam "at
the front door" (it never makes it onto the system) and the rest gets
analyzed by SpamAssassin and identified spam tagged accordingly for
subsequent segregation, if the user wants it.  The RBL filtering here is
probably well in excess of 99.99% accurate in its identification.  The
SA marking/segregation mechanism isn't in place for Henstridge's
integration of SpamAssassin into Mailman, but the global rejection level
can be set per list server.

This solution isn't perfect, but it does help cut down on complaints
from list owners about too much moderator spam.

-- 
Lindsay Haisley   | "In an open world,| PGP public key
FMP Computer Services |who needs Windows  |  available at
512-259-1190  |  or Gates"| http://pubkeys.fmp.com
http://www.fmp.com|   |


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[Brad Knowles]

J.A. Terranson wrote:


OK.  If it's reasonable, here's my "wish list":

Add option checkboxes to the current request.  You already have an "Allow 
this person to send in the future", add an "Allow this person to ignore 
future size limits" and an "Allow this person to use implicit addresses".


I'd suggest adding these to the list at 
.


I also have a question.  When I allow people through in the future, am I 
actually subscribing them with no-mail, or adding them to some kind of 
allow list?


You're adding them to a white list.

--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[J.A. Terranson]

On Fri, 19 Dec 2008, Brad Knowles wrote:

> This is the first I'm hearing in this conversation as a request for more
> granularity in terms of what certain users are allowed to do.  More
> granularity with regards to what they can do when sending messages to the list
> is a perfectly reasonable request.

OK.  If it's reasonable, here's my "wish list":

Add option checkboxes to the current request.  You already have an "Allow 
this person to send in the future", add an "Allow this person to ignore 
future size limits" and an "Allow this person to use implicit addresses".

I also have a question.  When I allow people through in the future, am I 
actually subscribing them with no-mail, or adding them to some kind of 
allow list?

//Alif

-- 
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother

"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] On Manageability

[Brad Knowles]

J.A. Terranson wrote:

	The listowner you are comparing notes with (and correctly 
asserting to split the work to) is more likely to be someone like me, 
playing the role of listowner for non-technical people who use mailman 
like it was IRC.  Sadly, this is a not uncommon application for mailman, 
and one where a few management tweaks would make this already fantastic 
work even better.


Believe me, we get plenty of that on the non mailman-* mailing lists.  The 
only thing is that I don't have to deal with most of that stuff, because all 
those other lists have other listowners.


And I get plenty of this kind of stuff at ntp.org, too.  But at that site, 
I'm the primary listowner for all the lists on the system, and that's why it 
is so much more work for me than what I do for python.org.


This is a key reason behind my recommendation that you really need to get 
other people to help share the burden.


	The ability to flag certain users as being able to ignore certain 
rules would be a godsend: you would remove many hours a month of listowner 
work.  Yes, I realize that the current design of mailman doesnt lend 
itself well to this idea, and I am not holding my breath (I would never go 
back to a majordomo or listserv format again anyway - there's no 
comparison!).


This is the first I'm hearing in this conversation as a request for more 
granularity in terms of what certain users are allowed to do.  More 
granularity with regards to what they can do when sending messages to the 
list is a perfectly reasonable request.


Up until now, this conversation has been about someone wanting to completely 
eliminate the -owners address for a list, so that they didn't have to deal 
with that aspect of the administrative overhead of managing the list.


These are two separate and distinct issues.  One is a reasonable request 
that we might be able to address in Mailman3, the other ... not so much, 
although I do recognize the pain from which the request is being made.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

Lindsay Haisley wrote:


I note that Brad doesn't mention this solution in his reply to you, so
it may be frowned upon officially, but I've found it helpful.


SpamAssassin is one good anti-spam tool, but IMO it should be integrated 
into the MTA, because that's the only place where you can make these kinds 
of decisions before you actually accept the message.  Once you accept a 
piece of spam, you've already lost.  Even if you throw it away, the spammer 
was able to increase their deliverability count.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] connect to exchange server

[Grant Taylor]

On 12/18/08 06:51, Jeanne Ilchuk wrote:
I was looking thru the archives and found this note from 2004 (below) 
which gave me the impression that it did not work with exchange. 


I don't think that it is possible to integrate Mailman with Exchange 
like you can with Sendmail / Postfix / Qmail / etc.  But that does not 
mean that it can not be made to work.



Do I need to run again with cgi-gid=mailnull ?  or can I just chgrp?


I have no idea.


--with-mailhost=mail is the hostname our exchange server


*nod*

If I recall Solaris uses "mail" as sort of a ""magic host name as a 
place holder that everything uses and the system is set up so that the 
magic name of "mail" resolves to the actual mail server.  Am I any where 
close?


On the mailman server, I changed the mailhost to the hostname of the 
sun server where I installed mailman, then set up the apache server 
with a dedicated IP and dns entry mailman.


Ok.  (I think.)

I'm kind of struggling here because I've been using ecartis MLM on an 
old FreeBSD server that IT is eliminating.   At the same time we 
moved our mail from the freebsd server (postfix) to MS Exchange.  I 
don't have a clue how the exchange server works.  I'm accessing my 
own email using the WOA Light version, which would have to be imap 
with SMTP [I thought].  Is exchange a pop3 server ?


Who is administering Exchange for you?

Exchange is /many/ things, including POP3, IMAP, SMTP, X.400, etc.

Thanks for all the speedy replies.  I'll be back!  -- Back to the 
drawing board -- suggestions welcome.


You did not say, do you want your mailing lists to be in the domain 
hosted by Exchange, or in a sub-domain that is hosted by the Solaris 
mail server?


Either way, you are going to have to configure Exchange to route some 
email to the Solaris mail server, be it individual mail boxes, or a 
sub-domain.


Also, what version of Exchange are you using?



Grant. . . .
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Security consequences of adding www user to mailmangroup

[Mark Sapiro]

James Riendeau wrote:
>
>I need to run bin/add_member in our Mailman 2.1.11 list server  
>installation from a cgi/perl script.  Normally, it has to run as  
>root.   The easy solution was to add the www user to the mailman  
>group.  You can then:
>
>open(LISTSERVER, '|/usr/local/mailman/bin/add_members -r- '.$list_name);
>print LISTSERVER $email;
>close(LISTSERVER);
>
>My question is are there any security consequences from adding the  
>Apache2 user to the mailman group I should be aware of.


It potentially allows the web server to access the Mailman installation
without going through the CGIs. This could potentially allow retrieval
of private archives and config.pck files which contain member
addresses and their list passwords.

Instead of doing this, you could make a compiled executable wrapper
which is SETGID mailman and which calls add_members.

You can also add members to a list by posting to or getting
 with
appropriate query fragments. See, e.g.,
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] On Manageability (was: Re: Spam to list-owner)

[J.A. Terranson]

Good Morning Everyone.

I think I see something in this "debate" that may be lost on the 
mailman listowners.  While you may have 14k++ users, they are well behaved 
useers on a technical list.

The listowner you are comparing notes with (and correctly 
asserting to split the work to) is more likely to be someone like me, 
playing the role of listowner for non-technical people who use mailman 
like it was IRC.  Sadly, this is a not uncommon application for mailman, 
and one where a few management tweaks would make this already fantastic 
work even better.

I, and I suspect the other listowner as well, get ton of implicit 
address requests (members who bcc one item to every list they've ever 
found, for every item that meets their fancy), over-size posting requests, 
and non-member postings that should get let through (this last is already 
dealt with).

The ability to flag certain users as being able to ignore certain 
rules would be a godsend: you would remove many hours a month of listowner 
work.  Yes, I realize that the current design of mailman doesnt lend 
itself well to this idea, and I am not holding my breath (I would never go 
back to a majordomo or listserv format again anyway - there's no 
comparison!).

All the very best, and thanks again for all of the great work the mailman 
team has done on our behalf!

//Alif

-- 
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother

"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Lindsay Haisley]

On Fri, 2008-12-19 at 02:03 -0600, Brad Knowles wrote:
> on 12/18/08 6:15 PM, Marvin Humphrey said:
> 
> > I run a couple software support mailing lists on a site that's been around 
> > for
> > a decade or so.  I'm the only admin, and an avalanche of spam crashes down 
> > on
> > me every day.  
> 
> Welcome to the club.

It's possible to use SpamAssassin with Mailman to cut down on the spam
making it through the list to you.  See James Henstridge's solution at
 for one method
of doing this.  Please note, though, that Henstridge's SpamAssassin.py
is out of date and requires a small patch to work with current versions
of Mailman.  Mark Sapiro posted the one-line patch on Dec. 16 to this
list in the thread with a subject of "Anomalies since upgrading to
2.1.11".  See the list archive.  I use SpamAssassin in this way and cut
down substantially on the volume of spam reaching list moderators.

I note that Brad doesn't mention this solution in his reply to you, so
it may be frowned upon officially, but I've found it helpful.

-- 
Lindsay Haisley   |"Fighting against human | PGP public key
FMP Computer Services |   creativity is like   |  available at
512-259-1190  |   trying to eradicate  |
http://www.fmp.com|   dandelions"  |
  | (Pamela Jones) |


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

Stephen J. Turnbull wrote:


Brad, do you think spammers really do that just to increase their
address count?  I've always assumed that they were just harvested in
the usual way.


I am convinced that spammers do this, yes.

Just like they boost their deliverability numbers by intentionally targeting 
postmaster@ addresses (because the RFCs require that address will always 
accept mail no matter what).


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Mark Sapiro]

Brad Knowles wrote:

>on 12/18/08 6:15 PM, Marvin Humphrey said:
>
>
>> 2) Create a filter for messages sent to list-owner that only passes mail
>>generated by Mailman itself.
>
>Mailman will never generate mail to the list-owner address.  It will 
>receive mail that is addressed to list-owner and will re-route that 
>internally as appropriate, but it will never itself send e-mail to the 
>actual list-owner address.


Actually, that's not true. A lot of Mailman generated notices are
actually sent to list-owner, received and re-sent to the actual
owner/moderator addresses.

Note you may be able to accomplish 2) with header_filter_rules. It's
tricky because the same rules are applied to both list mail and
list-owner mail, so you have to be able to distinguish between them.

If you aren't concerned about "implicit destination" list mail, you
could do something like

Rule 1 regexps:

^to:.*(\s|<)LISTNAME@
^cc:.*(\s|<)LISTNAME@

action = accept

Rule 2 regexp:

^message-id: $

action = accept

Rule 3 regexp = . Action = discard

The idea being that rule 1 passes mail destined for the list, rule 2
accepts mail with a mailman generated message-id and rule 3 discards
the rest.

Of course, as others have pointed out, discarding mail addressed to
list-owner may not be a good idea.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

Attila Kinali wrote:


Moin,


Is this meant in the French version of the word, or the Northern Germanic 
interpretation?  Or is there another interpretation I should be aware of?



IMHO mailman should allow to filter all mailman related adresses
seperately, w/o requiring any changes in the MTA settings. This is
because, if you have normal users on a certain domain, who do not
want the MTA messing with their mail, no matter whether it's spam
or not, you cannot filter the mails at that level anymore.


If you've got a half-way decent MTA, it should allow you to make these kinds 
of decisions on a per-recipient basis.  There shouldn't be any system-wide 
settings, except for those users who do not have any personalized settings.


If your MTA does not allow this kind of functionality, then you should throw 
it out and replace it with something that does.


Speaking as one of the members of the python.org postmaster team, and as 
the primary active listowner for all the official mailman-* mailing 
lists hosted on python.org, I can tell you that another really useful 
thing is to bring in more people to help you do your work.


This is not always possible and IMHO also not desirable.


I will agree that it's not always possible.  I strongly disagree that it is 
not desirable.  There may be limited circumstances in which it is not 
desirable, but only in very limited circumstances.



  Things that
can be automated should be automated as much as possible. And spam
handling should be pretty easy to automate up to a certain degree.


To a certain degree, yes.  Beyond that, you need to get humans involved.

And when it comes to spam, you need to keep as much of that processing 
outside of Mailman as possible.



Speaking as the postmaster of mplayerhq.hu and being the ex-listowner
of all mailinglists on that domain, i can tell you, that having enough
people helping with administrative tasks can become a problem if the
domain you're dealing with has a few high subscriber count, high traffic
mailinglists.


We don't have those kinds of problems on python.org.  We've got over 150 
lists, of which seven have more than a thousand subscribers, and two lists 
have over three thousand subscribers.  I've also talked to the site admins 
for lists.apple.com and lists.freebsd.org, and neither of them have ever 
said anything like this.


Sure, if you're one guy and you're running everything on a big site, that's 
going to become unmanageable.  That's where you need to bring in other 
people to help take over some of that work.



Actually, i must say that mailman doesn't scale very well with the size
of the mailinglist in terms of administrative burden. The time needed
for administrative tasks increases overproportionally with the number
of subscribers.


As the primary active listowner for all the official mailman-* lists, I can 
tell you that we have two of the top five in terms of number of subscribers 
(mailman-announce and mailman-users), both of which have over two thousand 
addresses on the list.  There are a total of more than six thousand 
addresses on all the fourteen combined mailman-* lists.


In terms of managing the lists themselves, I don't really put in that much 
work.  The only two lists where I have to put in any list moderator work are 
mailman-developers and mailman-users, and that's no more than a few minutes 
per day.  All the lists are configured to reject postings from addresses 
that are not subscribed, and only mailman-users and mailman-developers get 
any moderation traffic from new subscribers.  I don't recall ever getting 
any spam to any of the -owners addresses, although that could just be a 
result of the multiple layers of anti-spam filtering that I have for all my 
mail.


The traffic we do get to the -owners addresses tends to be mostly clueless 
idiots who think we're responsible for administering all mailing lists on 
the entire Internet, and that it's our responsibility to fix their broken 
mailing list.  We disabuse them of that notion pretty rapidly.



 While it took me maybe half an hour to an hour per month
to handle all mailinglist on mplayerhq.hu in 2002 (which i did alone), 
it took me several hours per week to handle everything in 2005, although

the burden was splitt to three people. In the end, it took so much time,
that i had to give up on being listowner completely, to be able to do
anything else beside it.


In other words, you brought in other people to take over that work, which is 
basically what I suggested.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.lis

Re: [Mailman-Users] connect to exchange server

[Mark Sapiro]

Jeanne Ilchuk wrote:

>I was looking thru the archives and found this note from 2004 (below) which 
>gave me the impression that it did not work with exchange.  That being said, 
>here are more of my details.
>I'm installing on a Solaris sparc (v10), which has a functioning Sendmail on 
>it.  I just found "Integrating Mailman with Sendmail" in the mailman docs, so 
>I'm working with that.  I ran the Makefile with these parms-
>$ ./configure --with-mail-gid=25 --with-cgi-gid=nobody --with-python=/usr/bin/
>python --with-mailhost=mail --with-urlhost=mailman


Is 25 the gid under which sendmail will invoke the mail wrapper?

--with-mailhost  and --with-urlhost are fully qualified domain names
for email and web respectively. e.g mail.example.com and
mail...@example.com.

>Do I need to run again with cgi-gid=mailnull ?  or can I just chgrp?


You need to configure with --with-cgi-gid= whatever group apache will
use when invoking Mailman's CGIs and no, you can't just chgrp unless
by that you mean change the group that apache uses.


>--with-mailhost=mail is the hostname our exchange server


and assuming you qualify it, this is the host that Mailman will use in
list addresses, envelope senders, etc.

If it is possible, you could avoid a lot of pain by having incoming
mail to Mailman go directly to sendmail at mailman.example.com, and
skip exchange all together. The only reason this wouldn't work is if
your network route all external port 25 connects to the exchange
server.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Adam McGreggor]

On Thu, Dec 18, 2008 at 04:15:18PM -0800, Marvin Humphrey wrote:
> Greets,
> 
> I run a couple software support mailing lists on a site that's been around for
> a decade or so.  I'm the only admin, and an avalanche of spam crashes down on
> me every day.  

Are they all coming from the same address? 

If you're in the same boat as I was, this little hack might help -- it's 
certainly reduced spams going to the lists I run:

#!/bin/sh
/var/lib/mailman/bin/list_lists  2>&1 | grep -i "REGEXP" | awk '{print 
$1;}' | while read L 
do
echo tweaking ${L} | tee -a scripted-hold-list-mail
# make a config file for each list.
echo dynamically creating config file for ${L}...
echo "hold_these_nonmembers = ['$...@$list_uri']" > 
hold-list-mail-python-${L}
/var/lib/mailman/bin/config_list -i hold-list-mail-python-${L} ${L} | 
tee -a scripted-hold-list-mail
rm hold-list-mail-python-${L}
done

(if you do use it, a credit to a...@amyl.org.uk would be lovely, for
short tidbits of code, i really don't bother with licensing, although,
my preference is Creative Commons UK Non-Commercial Attribution
Share-Alike)

You'd need to change "REGEXP", and $LIST_URI to be values appropriate to
your lists (if you don't want to do it on a selection of lists, lose the
'grep -i "REGEXP"' pipe; if you don't want the logfile, too, ditch the
tee(1) pipes; obv. if your Mailman locus isn't /var/lib/mailman, change
that too.

> Only subscribers are allowed to post and non-subscriber post attempts are
> silently discarded, which allows me to avoid the burden of moderating spam
> addressed to the list.  But it's not enough, because I get tons of spam going
> to the list-owner addresses.

You could expand the echo line to include an -owner expansion.

> Ideally, I'd like to simply turn off the list-owner addresses and get internal
> notifications (such as oversize moderation messages) sent to a private
> address.  However, I understand that it is not possible to configure Mailman
> that way.
> 
> Therefore, I would like to know the easiest way to accomplish these two goals:
> 
> 1) Eliminate any public reference to the list-owner address, so that there is
>no implied offer of support.  There's the MM-Mailman-Footer for the three
>public html pages, which I can hand-edit.  I think that does it, right?
> 2) Create a filter for messages sent to list-owner that only passes mail
>generated by Mailman itself.

It may be frowned on, but I've wanted to over-ride Mailman's -owner 
on a list, and found that my Exim config will allow this (given the
processing order): perhaps use a more fierce mail-filter on those
addresses that you would ordinarily?
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Stephen J. Turnbull]

Brad Knowles writes:
 > > 1) Eliminate any public reference to the list-owner address
 > 
 > That doesn't really solve the problem.  Anyone, anywhere can easily 
 > guess list-owner and list-request and list-bounces, etc... for any given 
 > list address.

Brad, do you think spammers really do that just to increase their
address count?  I've always assumed that they were just harvested in
the usual way.

 > > In a perfect world, I would offer a higher level of support, but
 > > my users are sophisticated enough to handle a certain amount of
 > > troubleshooting, and my contact information isn't hard for humans
 > > to discover.

It is if, for example, the problem is that somebody is using fake
bounces with a spoofed from address to beam spam at somebody via your
site (one aspect of the so-called backscatter problem).  In that case
all the recipient has is the list-owner address (and of course
postmas...@your.dom, but if that isn't you personally, you probably
don't want that person getting upset with you!)

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Users] Strange address handling

[Stephen J. Turnbull]

NFN Smith writes:

 > (Note - you are subscribing to a list of mailing lists, so the
 > password notice will be sent to the admin address for your
 > membership, myaddress-ow...@example.com)

This is a feature oriented to "umbrella lists".  For example, suppose
you have two departments, "Support" and "Marketing".  Some messages
need to go to Support, some to Marketing, and some to both.  The
obvious thing to do is to create a third list "SupportAndMarketing".
But this is administratively annoying because users need to deal with
two lists to get all their mail, and two sets of archives as well.

An umbrella list handles this by having SupportAndMarketing be
subscribed to not by members, but by the Support list and the
Marketing list.  Shut off SupportAndMarketing archiving, and now (1)
human users only need to worry about their departmental list and (2)
all posts relevant to each group are archived in a single place (of
course there will be duplication of archived posts in this case, but
diskspace is cheap...).

There remains one problem: passwords and other administrivia for the
members of the umbrella list.  If you treat them as ordinary list
members, then all such administrivia will get broadcast to all the
list members of the Support and Marketing lists!  If you mark it as an
"umbrella list", however, administrivia will get sent, not to the
members of the Support and Marketing lists, but to support-owner and
marketing-owner, which is what you observe here.

Why this particular list is marked as an umbrella list, I can't
guess.  Presumably you (the owner) did that, perhaps inadvertantly.

What you can do: (1) turn off the umbrella list feature, with the
possible bad effect of sublist-members getting useless administrivia,
or (2) "hide" the umbrella list from ordinary users in the web
interface by unchecking the "advertise this list" box, unsubscribe any
members who aren't sublists and resubscribe them to an appropriate
sublist.

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Attila Kinali]

Moin,

On Fri, 19 Dec 2008 02:03:55 -0600
Brad Knowles  wrote:

> Generally speaking, one of the best things you can do to lighten your 
> burden is to have a good anti-spam system incorporated into your MTA, so 
> that you block that ~95% of e-mail that is actually spam from ever being 
> accepted by your machine in the first place.  If it's never accepted by 
> the MTA, then it can't get through to Mailman, and then passed on to you.

IMHO mailman should allow to filter all mailman related adresses
seperately, w/o requiring any changes in the MTA settings. This is
because, if you have normal users on a certain domain, who do not
want the MTA messing with their mail, no matter whether it's spam
or not, you cannot filter the mails at that level anymore.

Currently, i only know about a straight forward way to filter
mailinglist mails, but none for the -owner, -bounces, etc adresses.
 
> Speaking as one of the members of the python.org postmaster team, and as 
> the primary active listowner for all the official mailman-* mailing 
> lists hosted on python.org, I can tell you that another really useful 
> thing is to bring in more people to help you do your work.

This is not always possible and IMHO also not desirable. Things that
can be automated should be automated as much as possible. And spam
handling should be pretty easy to automate up to a certain degree.
Speaking as the postmaster of mplayerhq.hu and being the ex-listowner
of all mailinglists on that domain, i can tell you, that having enough
people helping with administrative tasks can become a problem if the
domain you're dealing with has a few high subscriber count, high traffic
mailinglists.

Actually, i must say that mailman doesn't scale very well with the size
of the mailinglist in terms of administrative burden. The time needed
for administrative tasks increases overproportionally with the number
of subscribers. While it took me maybe half an hour to an hour per month
to handle all mailinglist on mplayerhq.hu in 2002 (which i did alone), 
it took me several hours per week to handle everything in 2005, although
the burden was splitt to three people. In the end, it took so much time,
that i had to give up on being listowner completely, to be able to do
anything else beside it.


Attila Kinali
-- 
If you want to walk fast, walk alone.
If you want to walk far, walk together.
-- African proverb
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Spam to list-owner

[Brad Knowles]

on 12/18/08 6:15 PM, Marvin Humphrey said:


I run a couple software support mailing lists on a site that's been around for
a decade or so.  I'm the only admin, and an avalanche of spam crashes down on
me every day.  


Welcome to the club.


Ideally, I'd like to simply turn off the list-owner addresses and get internal
notifications (such as oversize moderation messages) sent to a private
address.  However, I understand that it is not possible to configure Mailman
that way.


One thing to keep in mind is that you're also looking at long-standing 
Internet tradition here.  RFC 2142 only says that you MUST have a 
list-request address for each list, but having a list-owner address goes 
back about as far.  And this list-owner address is not just for the 
convenience of you and your users, it's also for other admins at other 
sites who may have reason to try to contact you.


So, you run the risk that you may wind up with some very ticked off 
postmasters out there at other sites, if you eliminate this address. 
And I say this as the co-author of the booklet "Internet Postmaster: 
Duties and Responsibilities".



Therefore, I would like to know the easiest way to accomplish these two goals:

1) Eliminate any public reference to the list-owner address, so that there is
   no implied offer of support.  There's the MM-Mailman-Footer for the three
   public html pages, which I can hand-edit.  I think that does it, right?


That doesn't really solve the problem.  Anyone, anywhere can easily 
guess list-owner and list-request and list-bounces, etc... for any given 
list address.



2) Create a filter for messages sent to list-owner that only passes mail
   generated by Mailman itself.


Mailman will never generate mail to the list-owner address.  It will 
receive mail that is addressed to list-owner and will re-route that 
internally as appropriate, but it will never itself send e-mail to the 
actual list-owner address.


That would be like you using your right hand to shake your own left hand.


In a perfect world, I would offer a higher level of support, but my users are
sophisticated enough to handle a certain amount of troubleshooting, and my
contact information isn't hard for humans to discover.  Indeed, those very
users would *want* me to lighten my administrative burden so that I can spend
more time adding features and fixing bugs.


Generally speaking, one of the best things you can do to lighten your 
burden is to have a good anti-spam system incorporated into your MTA, so 
that you block that ~95% of e-mail that is actually spam from ever being 
accepted by your machine in the first place.  If it's never accepted by 
the MTA, then it can't get through to Mailman, and then passed on to you.


From there, you need good content filters on your own personal e-mail 
system, so even if spam gets through the MTA on the server and through 
Mailman to list-owner, there's a good chance it will get caught by the 
downstream filters protecting your personal e-mail and you won't have to 
see or deal with it.



Speaking as one of the members of the python.org postmaster team, and as 
the primary active listowner for all the official mailman-* mailing 
lists hosted on python.org, I can tell you that another really useful 
thing is to bring in more people to help you do your work.


In your case, you might want to have more than one person helping with 
the list moderator work, and take most of that burden off your shoulders 
for having to deal with spam.  That would leave you with just the 
listowner work, although as listowner you could always choose to take on 
some of the list moderator work, if you want.


I also help with postmaster and listmaster duties on another site, which 
is much smaller than python.org.  But I wind up doing way, way more work 
over there, simply because I'm really the only guy doing any of it. 
We've got a new guy we're bringing onboard, and I'm hoping he can help 
offload some of this work in addition to the other stuff we're asking 
him to do.  But in the meanwhile, I'm really the only guy dealing with 
the deluge on a daily basis.


--
Brad Knowles
If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
http://preview.tinyurl.com/bigsbytracks
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9