How to implement something close to, but not quite an "announcement-only" mailing list?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to implement something close to, but not quite an "announcement-only" mailing list?

Ramon F Herrera

The spam bombardment is getting out of hand. With this project, we are trying to defend ourselves from the onslaught.

 I have implemented this in the past, from scratch, but don't have the time now.

The goal is to implement a mailing list with the following requirements:

 (1) As usual, mail sent to [hidden email] will be distributed to the participants, but only messages from senders in the list of approved people will have their messages accepted and forwarded. The set of participants is almost identical BUT not necessarily the same as the set of authorized users. Some people call this an "announcement only" mailing list.

 (2) The verification of the sender will be done in the harder to fake Unix "From_" header as opposed to "From:".

 (3) Any e-mails addresses contained in the headers ("From:", "To:", "Cc:", etc.) will be disguised and the real name of the person will be used.

  Let's say that an e-mail arrives with this header:

  From [hidden email]
  [...] more headers
  From: William Gates, the 3rd. [hidden email]

That header should be rewritten to either:

   From: William Gates, the 3rd.

   or, if that particular syntax is not allowed, we could add some non-operational address as follows, something similar to [hidden email]

   From: William Gates, the 3rd. [hidden email]

For added security/performance, I would code this as a sendmail/postfix filter, written in C.

In fact, the mailing list to which I am sending this is very close to my needs, except that may e-mail remains visible.

Perhaps Majordomo is the answer? I barely know its capabilities, though.

TIA,

-Raymond


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

Ramon F Herrera

I guess this would be more descriptive and succinct:

    A "members-only PLUS disguising of all e-mail addresses contained in the headers" mailing list.

-Raymond

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

Kevin A. McGrail
On 4/14/2017 9:35 PM, Ramon F Herrera wrote:
>
> I guess this would be more descriptive and succinct:
>
>     A "members-only PLUS disguising of all e-mail addresses contained
> in the headers" mailing list.
I didn't follow all your logic in the previous email but overall you'll
likely need something like mailman or majordomo plus something like
MIMEDefang in front of it to achieve your needs.

Happy to share a snippet for mimedefang that handles the rewrites needed
from when DMARC was released and broke a lot of mailing lists.

The Bunny, The Bunny, Oh, I ate the Bunny,
KAM
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

Ramon F Herrera
On 4/14/2017 8:41 PM, Kevin A. McGrail wrote:
On 4/14/2017 9:35 PM, Ramon F Herrera wrote:

I guess this would be more descriptive and succinct:

    A "members-only PLUS disguising of all e-mail addresses contained in the headers" mailing list.
I didn't follow all your logic in the previous email but overall you'll likely need something like mailman or majordomo plus something like MIMEDefang in front of it to achieve your needs.

This begs the question, to all the readers: Given those 2 requirements, and my lack of time to learn/compare Majordomo vs. mailman, which one would you use?

-Raymond

ps: Anecdote time: back in my MIT days, they had a system called "Blanche" (*) which allowed any user in the university to create her/his own username. It allowed multiple addresses (aka mailing list). IOW: Each mail user address was a 1-person mailing list. I created the address [hidden email] and it was the first time that the recently released software was used in the university. It was a rare case in which they pulled it away with no explanations: Writers to that address would receive a bunch of instructions in Spanish, as we were sysadmins for large mailing list (at the time) for Hispanics in the top schools (the only ones to have the luxury of the expensive, NSF funded Internet in those early days). We boasted/bragged of been using 5%-10% of MIT's traffic (informed by the admins who were not exactly thrilled). We even had a Postscript-only, with graphics, pictures and fonts embedded mailing list.

Ah, the good ole' days ...

(*) Blanche DuBois:
“I have always depended on the kindness of strangers.” (such as MIT's mailing lists)
Tennessee Williams, A Streetcar Named Desire


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

Kevin A. McGrail
On 4/14/2017 10:19 PM, Ramon F Herrera wrote:
On 4/14/2017 8:41 PM, Kevin A. McGrail wrote:
On 4/14/2017 9:35 PM, Ramon F Herrera wrote:

I guess this would be more descriptive and succinct:

    A "members-only PLUS disguising of all e-mail addresses contained in the headers" mailing list.
I didn't follow all your logic in the previous email but overall you'll likely need something like mailman or majordomo plus something like MIMEDefang in front of it to achieve your needs.

This begs the question, to all the readers: Given those 2 requirements, and my lack of time to learn/compare Majordomo vs. mailman, which one would you use?
Attached is the discussed scrap we use in MIMEDefang that we mangle emails before they get to our mailing list.  It maintains the same GPL the original MIMEDefang-filter is produced under.  I didn't include every sub, etc. as I expect it's not all relevant except to kick off your thinking. 

I use MIMEDefang with Postfix and it's a very good solution.  I monitor the MD list as well if you have questions and use it.

I use Mailman and it works.  Of course, I'm an advisor to Virtru along with John Viega, Mailman's original author. So in solidarity with him, I'm going to completely malign majordomo and say that it's horrible!  :-)  More seriously, both are great, both work well and I use lists every day using both.  Lot comparing a Honda Civic to a Toyota Camry.  They both just work and get you from point A to B with little grief or comfort.

Regards,
KAM

md-dmarc-scrap.txt (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

James B. Byrne

On Sat, April 15, 2017 08:01, Kevin A. McGrail wrote:

> On 4/14/2017 10:19 PM, Ramon F Herrera wrote:
>> On 4/14/2017 8:41 PM, Kevin A. McGrail wrote:
>>> On 4/14/2017 9:35 PM, Ramon F Herrera wrote:
>>>>
>>>> I guess this would be more descriptive and succinct:
>>>>
>>>>     A "members-only PLUS disguising of all e-mail addresses
>>>> contained in the headers" mailing list.
>>> I didn't follow all your logic in the previous email but overall
>>> you'll likely need something like *mailman or majordomo* plus
>>> something like MIMEDefang in front of it to achieve your needs.
>>
>> This begs the question, to all the readers: Given those 2
>> requirements, and my lack of time to learn/compare Majordomo vs.
>> mailman, which one would you use?
. . .

> I use Mailman and it works.  Of course, I'm an advisor to Virtru along
> with John Viega, Mailman's original author. So in solidarity with him,
> I'm going to completely malign majordomo and say that it's horrible!
> :-)  More seriously, both are great, both work well and I use lists
> every day using both.  Lot comparing a Honda Civic to a Toyota Camry.
> They both just work and get you from point A to B with little grief or
> comfort.
>
> Regards,
> KAM
>

From wikipedia:

The current version of Majordomo is 1.94.5, released 19 January 2000.[4]

The official website warns that it will not work with Perl versions
5.001 and 5.005_01 specifically. It recommends to use Perl 4.036 or
the latest version available. Support for Perl 4.036 may not be kept
for the future.[5]

From me:

We ran many mailing lists from the mid 1990's to the mid 2000's with
Majordomo.  It worked well then and I infer from its continued
employment here that it still does.  However, it has not been worked
on in a considerable time and the world for which it was constructed
no longer exists.  Shortly before we switched to Mailman a Majordomo 2
project started up and this is still active.  You can find the source
for MJ2 at http://ftp.mj2.org/pub/mj2/snapshots/

For the few mailing lists that we still host we switched to Mailman
around 2005.  This was mainly due to the fact that at the time it
shipped with RHEL and RHEL was what we were using.  RHEL still
includes Mailman as far as I know.

Mailman is still under active development. It was updated to
accommodate the 2015 DMARC fiasco.  It also has a web based management
interface and built-in archiving tool. These features make Mailman
somewhat more convenient for list managers who may not themselves be
sysadmins.

Regards,

--
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[hidden email]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

Phil Stracchino
On 04/15/17 15:40, James B. Byrne wrote:
> On Sat, April 15, 2017 08:01, Kevin A. McGrail wrote:
> The current version of Majordomo is 1.94.5, released 19 January 2000.[4]
[...]
> Mailman is still under active development. It was updated to
> accommodate the 2015 DMARC fiasco.  It also has a web based management
> interface and built-in archiving tool. These features make Mailman
> somewhat more convenient for list managers who may not themselves be
> sysadmins.

Off topic though it is, I'd concur with this.  If you're starting out
from scratch, Mailman is the obvious choice.  Majordomo still works as
well as it ever did, but honestly that is almost damning it with faint
praise.  It's a 25-year-old piece of software that hasn't been updated
in 17 years, and during those 17 years the world it has to exist in has
changed enormously.  Majordomo doesn't support current standards and,
realistically, it is never likely to.  Save yourself the pain.

Also, Mailman comes with specific instructions for integrating it with
Postfix, out of the box.


--
  Phil Stracchino
  Babylon Communications
  [hidden email]
  [hidden email]
  Landline: 603.293.8485
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

Miles Fidelman
On 4/15/17 3:53 PM, Phil Stracchino wrote:

> On 04/15/17 15:40, James B. Byrne wrote:
>> On Sat, April 15, 2017 08:01, Kevin A. McGrail wrote:
>> The current version of Majordomo is 1.94.5, released 19 January 2000.[4]
> [...]
>> Mailman is still under active development. It was updated to
>> accommodate the 2015 DMARC fiasco.  It also has a web based management
>> interface and built-in archiving tool. These features make Mailman
>> somewhat more convenient for list managers who may not themselves be
>> sysadmins.
> Off topic though it is, I'd concur with this.  If you're starting out
> from scratch, Mailman is the obvious choice.  Majordomo still works as
> well as it ever did, but honestly that is almost damning it with faint
> praise.  It's a 25-year-old piece of software that hasn't been updated
> in 17 years, and during those 17 years the world it has to exist in has
> changed enormously.  Majordomo doesn't support current standards and,
> realistically, it is never likely to.  Save yourself the pain.
>
> Also, Mailman comes with specific instructions for integrating it with
> Postfix, out of the box.
>
>
If you're looking for a majordomo replacement, don't forget to look at
Sympa - the other major open source list manager floating around.  It's
supported by a consortium of French universities, and is aimed at larger
organizations (universities) with lots of users and lots of lists.  It's
had a DMARC patch since about 3 weeks after DMARC hit.  It's a bit
trickier to configure & administer than Mailman, but also has more
features - so it's a tradeoff.

Miles Fidelman



--
In theory, there is no difference between theory and practice.
In practice, there is.  .... Yogi Berra

Loading...