On 7/8/21 13:55, Stephen J. Turnbull wrote:
Guillermo Hernandez (Oldno7) via Mailman-users writes:
Yesterday I had a problem with a private list. A spammer sent a mail forging one address that was a non-member (in fact was an "accept this no subscriber mails" from mailman 2.1 import) with very bad intentions and it was distributed.
If you upgrade from Mailman 2 to Mailman 3, the accept_these_nonmembers list for each list is grandfathered into the Mailman 3 list (from rules/moderation.py):
# Check the '*_these_nonmembers' properties first. XXX These are # legacy attributes from MM2.1; their database type is 'pickle' and # they should eventually get replaced. for action_name in ('accept', 'hold', 'reject', 'discard'): legacy_attribute_name = '{}_these_nonmembers'.format( action_name)
> There were no list of "accept this non members" in the Postorius
config
If there is no such list in Postorius, I would guess that some developer thought "OK, this is a legacy feature and I'll get back to it when we move it to the proper database" (unfortunate, but most of us have open-subscription member-posts-only lists, and the current workflow seems to work well, so this feature may not be so salient).
I think it is solved now (deleting all and putting to hold just the non-members addresses that I would want to pass messages on)
This should not be necessary, unless there were pre-approved addresses that are no longer appropriate. But Mailman can't know that!
The fact is that any sender address of mails sent to the list is saved as a "non member", and it make me nervous as it will grow despite it is a legitimate message or not.
As far as I can see there is no other rule except that legacy rule (and the rule that accepts all posts, which is rarely used) that will accept a post from nonmembers.
Anybody knows if there is a per list config to avoid saving all that addresses as non members? o a overall config?
No, there isn't, and there never will be. This is a basic design decision about the representation of "people who participate in any way in mailing lists". The only way to prevent creation of an Address object for the sender of an email is to reject or discard the post (in which case the "create an Address" path isn't entered), and don't set a moderation action on the sender. Obviously if you set a moderation action, that will create an Address in the database.
The problem you encountered is not preventable by any means whatsoever: a malicious actor discovered an address that is allowed to post. The specific case you're worried about, that nonmembers will automatically be allowed to post, is not possible.
Well, as I couldn't locate which legacy accepted to post non-member addresses were permitted, I solved it deleting all of them (thanks again Mark) and adding via Postorius to the list of "hold these non-members messages" that I will examine and decide if it is a legitimate send.
Thanks a lot for your detailed explanation. I can do better decisions now adjusting the configuration as needed.
The only way to get on the list of "accept_these_nonmembers" is to be inherited from accept_these_nonmembers on the parent Mailman 2 list, or an explicit decision by a moderator.
The fact that this list is not exposed in Postorius is a bug, but I can't say when it might be fixed. It appears that the current process (the moderator can set the sender's persistent moderation action separately from approving or rejecting a particular post) works fine, since this is the first time I've heard of this issue, and as you present it, Mailman is doing the best it can since Somebody Authorized put that sender on the approved list in Mailman 2.
If a particular nonmember becomes a problem, you can access that User or Address in Postorius and set them to Hold, Reject, or Discard.
The process of deleting all nonmembers has been more difficult than it should be, but this is being fixed, IIRC in the next release.
Steve
--