Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Stephen J. Turnbull 
Nigel Woodley writes:

 > I understand other mailman type products offer this functionality for the
 > very reason that I have outlined.

What you are saying implies that an explicitly untrusted host is
allowed to inject content into a secure network based on the most
easily forged identification on the Internet.  This seems unlikely to
be true to me, and if true, I would say the security policy is broken.

Are you sure you understand the actual rules for mail distribution on
this network?  I have to suspect that even if you got what you say you
want, you still would not be able to distribute posts via a Mailman
based on that host.

There are better methods for identification like DKIM (though they
still have technical problems w.r.t. mailing lists).  Perhaps such a
protocol is in use on your network and you need not munge headers at
all (in fact, you can not munge DKIM-signed headers without breaking
DKIM).

HTH
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Nigel Woodley 
Hi Mark

The problem is that the private network is made up of 50+ large
organisations and the policy is that all emails between these organisations
are routed securely over the private network therefore no whitelisting is
allowed and indeed even if it was it would be very difficult to get 50 large
organisations to agree a change of anti-spam rules.

I really appreciate all your help but I guess it should be a new feature put
on the wish list for the next version of mailman.

I understand other mailman type products offer this functionality for the
very reason that I have outlined.

Kind regards


Nigel
-Original Message-
From: Mark Sapiro [mailto:m...@msapiro.net] 
Sent: 12 June 2011 20:05
To: nigel.wood...@lufty.co.uk
Cc: mailman-users@python.org
Subject: Re: [Mailman-Users] Anonymous emails with the sender information

On 6/12/2011 11:52 AM, Nigel Woodley wrote:
> Hi Geoff and Mark
> 
> Your understanding is correct and unfortunately the mailman server has 
> to be external.
> 
> Also unfortunately it is not possible to whitelist the mailman server 
> on the email servers within the private networks.


OK. I understand the problem now.

When you say "it is not possible to whitelist the mailman server", do you
mean not technically possible or not possible because actual spam is also
relayed via this server (maybe it's also the gateway to the internet).

Assuming you mean the latter, perhaps it would be possible to whitelist the
LISTNAME-bounces@mailman_domain envelope sender.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Mark Sapiro 
On 6/12/2011 11:52 AM, Nigel Woodley wrote:
> Hi Geoff and Mark
> 
> Your understanding is correct and unfortunately the mailman server has to be
> external.
> 
> Also unfortunately it is not possible to whitelist the mailman server on the
> email servers within the private networks.


OK. I understand the problem now.

When you say "it is not possible to whitelist the mailman server", do
you mean not technically possible or not possible because actual spam is
also relayed via this server (maybe it's also the gateway to the internet).

Assuming you mean the latter, perhaps it would be possible to whitelist
the LISTNAME-bounces@mailman_domain envelope sender.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Mark Sapiro 
On 6/12/2011 11:35 AM, Geoff Shang wrote:
> 
> The way I understood it was that the systems that are interconnected via
> the private network expect all traffic that comes from Email addresses
> hosted on the private network to come *via* the private network and not
> from outside.  This interpretation is based on the assumption that
> Mailman is *not* on the private network.


(Sorry for the immediately preceding 'content free' reply)

Thank you for the above Geoff. That actually does make sense to me.


> Sounds like they should just whitelist the Mailman server's IP address
> IMHO.


I agree.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Nigel Woodley 
Hi Geoff and Mark

Your understanding is correct and unfortunately the mailman server has to be
external.

Also unfortunately it is not possible to whitelist the mailman server on the
email servers within the private networks.

Any other ideas ?

Many thanks in advance

 
Nigel
-Original Message-
From: mailman-users-bounces+nigel.woodley=lufty.co...@python.org
[mailto:mailman-users-bounces+nigel.woodley=lufty.co...@python.org] On
Behalf Of Geoff Shang
Sent: 12 June 2011 19:36
To: mailman-users@python.org
Subject: Re: [Mailman-Users] Anonymous emails with the sender information

On Sun, 12 Jun 2011, Mark Sapiro wrote:

> On 6/12/2011 3:03 AM, Nigel Woodley wrote:
>>
>> The spam problem I have is because we have many members from 
>> different organisations linked by a private network.
>>
>> Emails sent from these organisations are sent out to other members 
>> however when they are received by other organisations on the private 
>> network they are rejected because they have not been delivered 
>> internally on the private network.
>
>
> I don't understand. Either the Mailman server is on the private 
> network or not. If other servers on the network are looking at where 
> mail originates in order to determine whether or not to accept the 
> mail, I would expect them to be looking at the IP address of the 
> sending server or possibly things like the domain of the envelope sender
or Received:
> headers in the message. The last thing I would expect them to look at 
> is the From: header of the message. And, even if they are looking at 
> From:, you seem to say that the original sender whose address is in 
> From: is also on the private network.

The way I understood it was that the systems that are interconnected via the
private network expect all traffic that comes from Email addresses hosted on
the private network to come *via* the private network and not from outside.
This interpretation is based on the assumption that Mailman is *not* on the
private network.

Sounds like they should just whitelist the Mailman server's IP address IMHO.

Geoff.

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy:
http://wiki.list.org/x/QIA9 Searchable Archives:
http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/nigel.woodley%40lufty.c
o.uk


--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Mark Sapiro 


- Original Message ---

Subject: Re: [Mailman-Users] Anonymous emails with the sender
information
   From: Geoff Shang 
   Date: Sun, 12 Jun 2011 21:35:49 +0300 (IDT)
 To: mailman-users@python.org

>On Sun, 12 Jun 2011, Mark Sapiro wrote:
>
>> On 6/12/2011 3:03 AM, Nigel Woodley wrote:
>>>
>>> The spam problem I have is because we have many members from different
>>> organisations linked by a private network.
>>>
>>> Emails sent from these organisations are sent out to other members however
>>> when they are received by other organisations on the private network they
>>> are rejected because they have not been delivered internally on the private
>>> network.
>>
>>
>> I don't understand. Either the Mailman server is on the private network
>> or not. If other servers on the network are looking at where mail
>> originates in order to determine whether or not to accept the mail, I
>> would expect them to be looking at the IP address of the sending server
>> or possibly things like the domain of the envelope sender or Received:
>> headers in the message. The last thing I would expect them to look at is
>> the From: header of the message. And, even if they are looking at From:,
>> you seem to say that the original sender whose address is in From: is
>> also on the private network.
>
>The way I understood it was that the systems that are interconnected via 
>the private network expect all traffic that comes from Email addresses 
>hosted on the private network to come *via* the private network and not 
>from outside.  This interpretation is based on the assumption that Mailman 
>is *not* on the private network.
>
>Sounds like they should just whitelist the Mailman server's IP address 
>IMHO.
>
>Geoff.
>
>--
>Mailman-Users mailing list Mailman-Users@python.org
>http://mail.python.org/mailman/listinfo/mailman-users
>Mailman FAQ: http://wiki.list.org/x/AgA3
>Security Policy: http://wiki.list.org/x/QIA9
>Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
>Unsubscribe: 
>http://mail.python.org/mailman/options/mailman-users/mark%40msapiro.net
-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Geoff Shang 

On Sun, 12 Jun 2011, Mark Sapiro wrote:


On 6/12/2011 3:03 AM, Nigel Woodley wrote:


The spam problem I have is because we have many members from different
organisations linked by a private network.

Emails sent from these organisations are sent out to other members however
when they are received by other organisations on the private network they
are rejected because they have not been delivered internally on the private
network.



I don't understand. Either the Mailman server is on the private network
or not. If other servers on the network are looking at where mail
originates in order to determine whether or not to accept the mail, I
would expect them to be looking at the IP address of the sending server
or possibly things like the domain of the envelope sender or Received:
headers in the message. The last thing I would expect them to look at is
the From: header of the message. And, even if they are looking at From:,
you seem to say that the original sender whose address is in From: is
also on the private network.


The way I understood it was that the systems that are interconnected via 
the private network expect all traffic that comes from Email addresses 
hosted on the private network to come *via* the private network and not 
from outside.  This interpretation is based on the assumption that Mailman 
is *not* on the private network.


Sounds like they should just whitelist the Mailman server's IP address 
IMHO.


Geoff.

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Mark Sapiro 
On 6/12/2011 3:03 AM, Nigel Woodley wrote:
> 
> The spam problem I have is because we have many members from different
> organisations linked by a private network.
> 
> Emails sent from these organisations are sent out to other members however
> when they are received by other organisations on the private network they
> are rejected because they have not been delivered internally on the private
> network.


I don't understand. Either the Mailman server is on the private network
or not. If other servers on the network are looking at where mail
originates in order to determine whether or not to accept the mail, I
would expect them to be looking at the IP address of the sending server
or possibly things like the domain of the envelope sender or Received:
headers in the message. The last thing I would expect them to look at is
the From: header of the message. And, even if they are looking at From:,
you seem to say that the original sender whose address is in From: is
also on the private network.


> I do not have access to change the configuration files unfortunately so
> custom handlers will not work for me.
> 
> It is a real shame that mailman does not allow you the option of setting up
> anonymous mode with separate options for the email address name and reply to
> fields.


What you seem to want is not anonymizing, but rather just From: address
munging plus perhaps putting the original From: address in Reply-To: in
order to accommodate your specific network configuration. Aside from the
fact that I am skeptical that this will accomplish your goal, this is
not something that anyone else is asking for. Others have asked for the
ability to mung the From: address while preserving the identity but not
the email address of the poster, but these requests are generally
motivated by a desire to prevent replies going to the poster, which is
apparently not what you want.

I suggest you figure out exactly what criteria these private network
servers are using to reject mail, and if it is in fact based on the
From: address, you try to convince the admins of these servers that
making accept/reject decisions based on something so easily and often
spoofed in spam as the From: address is not an effective anti-spam measure.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-12 Thread Nigel Woodley 
Dear Mark

Many thanks for the reply which is much appreciated.

The spam problem I have is because we have many members from different
organisations linked by a private network.

Emails sent from these organisations are sent out to other members however
when they are received by other organisations on the private network they
are rejected because they have not been delivered internally on the private
network.

I do not have access to change the configuration files unfortunately so
custom handlers will not work for me.

It is a real shame that mailman does not allow you the option of setting up
anonymous mode with separate options for the email address name and reply to
fields.

Are there any other possibilities ?

Many thanks in advance


Nigel
-Original Message-
From: Mark Sapiro [mailto:m...@msapiro.net] 
Sent: 12 June 2011 06:37
To: nigel.wood...@lufty.co.uk; mailman-users@python.org
Subject: Re: [Mailman-Users] Anonymous emails with the sender information

Nigel Woodley wrote:
>
>Is there a way to use the anonymous emails feature but retain the 
>sender information in the name and reply to fields ?


No. The anonymous list feature is designed to remove all information that
could identify the sender.


>To get around spam protection systems I want all emails to come from 
>the list email address but that list members reply to the poster.


All list posts are sent with the envelope from and the Sender: header equal
to the LISTNAME-bounces@... address. I'm sure it depends on the spam filter,
but whitelisting this address may work.

If you need to modify the From: header and perhaps put the original
From: in a Reply-To:, you can do that with a custom handler. See
<http://wiki.list.org/x/l4A9>.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Anonymous emails with the sender information

2011-06-11 Thread Mark Sapiro 
Nigel Woodley wrote:
>
>Is there a way to use the anonymous emails feature but retain the sender
>information in the name and reply to fields ?


No. The anonymous list feature is designed to remove all information
that could identify the sender.


>To get around spam protection systems I want all emails to come from the
>list email address but that list members reply to the poster.


All list posts are sent with the envelope from and the Sender: header
equal to the LISTNAME-bounces@... address. I'm sure it depends on the
spam filter, but whitelisting this address may work.

If you need to modify the From: header and perhaps put the original
From: in a Reply-To:, you can do that with a custom handler. See
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Anonymous emails with the sender information

2011-06-11 Thread Nigel Woodley 
Dear All

 

Is there a way to use the anonymous emails feature but retain the sender
information in the name and reply to fields ?

 

To get around spam protection systems I want all emails to come from the
list email address but that list members reply to the poster.

 

Many thanks in advance

 

 

Nigel 

 

 

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org