[Spam-discuss] SPAM Solution Meeting Notes from 2002-05-07

[Bradley M. Kuhn]

[ Sorry for forgetting to send these yesterday.  Please be sure to at
  least read the ACTION-ITEMs and see if your name is attached. ]

                          SPAM Solution Meeting
                        2002-05-07, 11:45 - 13:00

IN ATTENDANCE: Paul Fisher     <address@hidden>
               Bradley M. Kuhn <address@hidden>
               Ward Vandewege  <address@hidden>
               Mark H. Weaver  <address@hidden>
               Gary Wong       <address@hidden>


                    Original Working Diagram of System


 [ Incoming Message ]
   |
   |

 SA-External (only adds X-Spam header)

   |
   |
   |

  TMDA-External
  |   \
  |    \ (mailing list message)
  |     \------------------------> Mailman
  |
  SA-Internal -------------> alias file (does not go through *-External)
            \
             \ local user delivery path only
              \
               \
            TMDA-Internal
                |
                |
            Final Delivery for local users


                         rao's simplified Diagram

                           +------------------
          Mailing List Forgery Check         |
                  |                          |
                  |                          |
                  |                          |
              SPAM Assassin                  |
                  |                          |  (could be N messages generated)
                  |                          |
                 TMDA                        |
                  |                          |
                  |                          |
                  |     expansion successful?|
              Expansion-----------------------
               /  |   \
expan. fails? /   |    \
             /    |     \
            /     |      \
         Mailman  |      remote delivery (because of forward/alias)
                  |
               local delivery
                /       \
               /         \
              /           \
             /             \
     on Mail Server,    to address@hidden, for legacy MBOX support
     for IMAP readers


                         Notes on rao's Diagram


Mailing List Forgery Check:

  * Immediately drops any message with Envelope-From: or From: mailing
    lists (be they mailman or alias-based-lists) controlled by GNU.

TMDA:

  * Does not run if the envelope is set to a known GNU mailman list.

  * Will need a hack to handle "hierarchy" of addresses so that only one
    TMDA request is sent to sender.  If there is no solution for this by
    the time roll out, we'll be in trouble and have to find another
    solution.

                         Other Notes From Meeting


NOTE: mhw suggested that we check to see if we could use the "system wide
      filters" for SA-External and TMDA-External instead of "directors".
      This might solve the problem that we are considered about alias
      expansion (i.e., making sure alias expansion doesn't send things
      through SA-External and TMDA-External).

ACTION-ITEM: Ward is going to look into the issues of system wide filters
             and see if that works better.

QUESTION: Does Mailman send back through SA-External and TMDA-External?
          If not, why not?  We'd like to know for sure and why so that
          everyone knows how it works properly.


DECISION: For SA-Internal, TMDA-Internal, currently we need every local
          user to be a trusted user.  We decided that it would be ok to
          have everyone as trusted users, especially since the new mail
          server won't have many shell access accounts.

          Also, we are considering using a database for users rather than
          local user accounts anyway.

ACTION-ITEM: Ward will look into the database stuff and see how it
             effects things.

DECISION: Mail delivery on fencepost will be handled by running a MTA on
          fencepost, that will only receive mail from the new mail
          server and do delivery only for local users.

We need a way for a database of users and so that they can change their
configurations for SA and TMDA.


We need to figure out how to handle mail delivery for people who want
shell access to their email.


DECISION: Keep /com/mailer/aliases on fencepost.  It will be copied over
          every N minutes back to the new mail server.

ACTION-ITEM: Mark proposed instead that we put /com/mailer/aliases in CVS.
             bkuhn told Mark to go ahead and put it into CVS if he has the
             time and inclination---that can happen separately anyway.


DECISION: We will allow users to control all the USERNAME- space for the
          alias files.

DECISION: /com/archive will live on new mail server.  It will be
          NFS-exported to fencepost, and also accessible via IMAP.  The
          /com/archive will still be MBOX format.

DECISION: Mailman web archivers use mailto: URLs and publish email
          addresses.  We would like to allow people to have aa header
          that says X-No-From-Line or some such to say they don't want
          their from line published in the list.  Another option is to
          offer them X-No-Archive.  bkuhn argues that we must table this
          until the other SPAM solution is pushed out.

ACTION-ITEM: mhw will post how to handle USERNAME- in EXIM


ACTION-ITEM: Ward will write up problem of "hierarchical expansion" to
             handle multiple confirms from different people on a mailing
             list.

pgpVW0cm838xg.pgp
Description: PGP signature