Hi Folks, Running a shiny new instance of mailman3, as per the Debian package (version 3.2.2) but the moderation doesn't seem to work. WE got hit by a heap of spammers overnight, even though the 'hold for moderation' bit is set for non-members (and now for members too).
Emails seem just to get straight through.
Any advice on how to debug this? Would upgrading to a later version using pip help?
Peter C
On 11/24/20 12:30 PM, peter@chubb.wattle.id.au wrote:
Hi Folks, Running a shiny new instance of mailman3, as per the Debian package (version 3.2.2) but the moderation doesn't seem to work. WE got hit by a heap of spammers overnight, even though the 'hold for moderation' bit is set for non-members (and now for members too).
If the action for member posts was accept ot default processing at the time, perhaps the spam spoofed a member address in one of From:, Reply-To:, Sender: or the envelope sender,
Emails seem just to get straight through.
Even now with both member and non-member actions set to hold?
Any advice on how to debug this? Would upgrading to a later version using pip help?
An upgrade probably won't help. This should work in your version.
For one of the mail's, check all 4 addresses, From:, Reply-To:, Sender: and the envelope sender (available in the MTA logs). Note that Reply-To: and/or Sender: may have been modified by the list.
Then see if any of those addresses matches a member or a non-member and
what the specific moderation action is for that address. Also check the
list's accept_these_nonmembers which is probably not exposed in your
version of Postorius but which you can see via mailman shell.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
"Mark" == Mark Sapiro <mark@msapiro.net> writes:
Mark> On 11/24/20 12:30 PM, peter@chubb.wattle.id.au wrote:
Hi Folks, Running a shiny new instance of mailman3, as per the Debian package (version 3.2.2) but the moderation doesn't seem to work. WE got hit by a heap of spammers overnight, even though the 'hold for moderation' bit is set for non-members (and now for members too).
Mark> If the action for member posts was accept ot default processing Mark> at the time, perhaps the spam spoofed a member address in one of Mark> From:, Reply-To:, Sender: or the envelope sender,
Nope ...
Emails seem just to get straight through.
Mark> Even now with both member and non-member actions set to hold?
Haven't seen any emails since setting that bit, so can't tell yet.
The only think I noticed after trawling through all the configs is there was no moderator address set up. In Mailman 2.1 that meant the list owner would be asked to moderate. I've added a couple of addresses to see what happens next
For other lists on the same mailman instance I *am* seeing moderation requests for non-member postings --- but they had explicit moderator addresses configured.
Peter C
On 11/24/20 2:53 PM, peter@chubb.wattle.id.au wrote:
The only think I noticed after trawling through all the configs is there was no moderator address set up. In Mailman 2.1 that meant the list owner would be asked to moderate. I've added a couple of addresses to see what happens next
Held message notices, both immediate if set and summary (assuming the appropriate cron is active) are sent to all owners and moderators. This is the same for MM 3 and MM 2.1.
For other lists on the same mailman instance I *am* seeing moderation requests for non-member postings --- but they had explicit moderator addresses configured.
The explicit moderators should not make any difference.
Plus, a message being held and an owner/moderator notice of the held message are two separate things.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro -
peter@chubb.wattle.id.au