[License-review] New settings for license-review

Rick Moen rick at linuxmafia.com
Wed Jun 1 20:53:40 UTC 2016


Quoting Richard Fontana (fontana at opensource.org):

> No, this is actually what is being changed. Postings from nonsubscribers
> will no longer be held in the admin queue, because the situation today
> was that several thousand spam messages could accumulate in the queue
> over a period of just a few days.

I don't want to seem critical of much-appreciated volunteer efforts, but 
this seems to suggest the need for much better spam autorejection /
autodetection within the receiving MTA.  (At the same time, SMTP
antispam is an art form, and one of the hardest problems we sysadmins
contend with.)

My Internet hosts typically use the Debian exim4-daemon-heavy package
with J.P. Boggis's 'Eximconfig' set of canned antispam configurations as
a good starting point ('Eximconfig' on http://linuxmafia.com/kb/Mail/ ).
And of course many people do good antispam work with various tweaks and
additions to Postfix.  The result in my Mailman queues is maybe a dozen
spams in each held queue per day, and I set queue retention to 3 days
(General Options) so the spam expires itself out.

Anyway, with the present set (as clarified -- thank you), you'll be
choosing between two disagreeable alternatives:  

1.  You can set non-subscribed posts to be autorejected.  This increases
the problem of backscatter spam sent by OSI's MTA back to innocent forged
(alleged) senders.

2.  You can set non-subscribed posts to be autodiscarded.  This
efficently makes spam vanish that Mailman would otherwise queue, but 
violates the Principle of Least Surprise for non-spammer senders.

Personally, I do everything possible to implement antispam primarily in
the receiving MTA, such that almost all spam is autorejected at SMTP 
time; thus, no backscatter generation (no collateral damage to innocents
whose addresses were forged).  IMO, if you're trying to deal with spam
in the MLM (mailing list manager), you're solving the wrong problem, and 
fighting the spam war on the wrong battlefield.






More information about the License-review mailing list