Order of the default-posting-chain lets spam through
Here's my situation: we have very visible mailing-lists and a lot of spammers bless us with their generous offers. I've set the [antispam]jump_chain
to discard
in /etc/mailman.cfg
. On top of that, many lists have elected to reject non-member postings to avoid filling their hold queue.
The only thing is, it does not always work. Here's the order in the default posting chain:
# Do all of the following before deciding whether to hold the message.
('administrivia', LinkAction.defer, None),
('implicit-dest', LinkAction.defer, None),
('max-recipients', LinkAction.defer, None),
('max-size', LinkAction.defer, None),
('news-moderation', LinkAction.defer, None),
('no-subject', LinkAction.defer, None),
('suspicious-header', LinkAction.defer, None),
# Now if any of the above hit, jump to the hold chain.
('any', LinkAction.jump, 'hold'),
# Take a detour through the header matching chain, which we'll create
# later.
('truth', LinkAction.detour, 'header-match'),
# Check for nonmember moderation.
('nonmember-moderation', LinkAction.jump, 'moderation'),
As a result, any email matching the administrivia
, implicit-dest
, max-recipients
, max-size
, news-moderation
, no-subject
or suspicious-header
rules will get held, even if the header-match
rule would have discarded it afterwards, or the nonmember-moderation
would have rejected it.
Of course many spammy emails are caught by these rules.
I suggest moving the header-match
and nonmember-moderation
above the set of rules that end up holding the message, so they'll take precedence.
What do you think?