Re: debian-ctte mailing list and spam
Previously Ian Jackson wrote:
> Post arrives, and there are a number of reasons it might be
> accepted:
> - Poster (`From:') on subscription list (per list[1])
> - Message body is PGP signed[2]; key is in one of several PGP
> keyrings[3] (same keyring for all lists)
> - Poster's return-path + calling IP address[4] is in whitelist
> (same whitelist for all lists)
That looks like a good list.
> If none of these apply, the post is bounced to the return-path with an
> explanation in the bounce text. The bounce contains a challenge, a
> response to which (by email, I suppose) adds return-path + calling IP
> address to the whitelist and causes the message to be delivered to the
> list.
Do you want to store the original message on the server? That might grow
to become a large database. It could be pruned daily of course.
> [2] A PGP signed message is one which consists _entirely_ of:
> - An old-style PGP clearsig message optionally followed by a
> `-- ' delimited signature (of specified maximum length and
> width).
> - A new-style PGP-mime message (Content-Type multipart/signed)
Perhaps we should support s/mime as well?
> [3] Several keyrings:
> - Standard Debian maintainer keyring
> - Auxiliary keyring, updates auth'd by maintainer keyring
> - Manual override file (we don't expect to use this)
Debian maintainer keyring is not a file but tries to grab keys from
LDAP.
> Regarding performance: am I to take it that running a Perl script on
> each message is too slow ? That would be a convenient way to
> implement it, but Perl's startup costs are substantial, particularly
> when lots of modules are being used.
Compared to spamassassin it should be quite low-weight, and we can
always throw more hardware at the problem (Debian has plenty of offers).
Perhaps it can be done as a daemon to which you submit a message with a
little bit of context (name of the list should be enough). That way
you only need to work a little tool to submit the post which prevents
the startup costs.
Wichert.
--
Wichert Akkerman <wichert@wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Reply to: