[mlmmj] mlmmj and GMANE posting

[mlmmj] mlmmj and GMANE posting

[Florian Effenberger]

Hi,

some people are complaining that posting from GMANE does not work, and
that they have to subscribe to the nomail version before. Anyone has a
practical idea on how to make sure it works, without being open to
spammers? I guess it's something in the access file, allowing posting
from GMANE servers, even when not subscribed.

Anyone ever did this and has a code snippet to share? ;)

Thanks
Florian

Re: [mlmmj] mlmmj and GMANE posting

[Ben Schmidt]

I don't know how far spammers might go, particularly for high-exposure
lists like yours, but a Received: header could probably quite easily be
forged, and Mlmmj's rather simple access method may well not be able to
distinguish between that and a sensible set of Received headers.

Do the GMANE servers implement SenderID/SPF and/or Domainkeys/DKIM? If
you can set up your MTA to validate one or both of those, add a header,
and then check that header for Mlmmj access purposes, it would be more
secure.

Ben.



On 20/10/10 9:20 PM, Florian Effenberger wrote:
> Hi,
>
> some people are complaining that posting from GMANE does not work, and
> that they have to subscribe to the nomail version before. Anyone has a
> practical idea on how to make sure it works, without being open to
> spammers? I guess it's something in the access file, allowing posting
> from GMANE servers, even when not subscribed.
>
> Anyone ever did this and has a code snippet to share? ;)
>
> Thanks
> Florian
>
>
>

Re: [mlmmj] mlmmj and GMANE posting

[Florian Effenberger]

Hi Ben,

2010/10/23 Ben Schmidt <mail_ben_schmidt@yahoo.com.au>:

> Do the GMANE servers implement SenderID/SPF and/or Domainkeys/DKIM? If
> you can set up your MTA to validate one or both of those, add a header,
> and then check that header for Mlmmj access purposes, it would be more
> secure.

I read through the access readme, but - how does it work? If I set
things to allow, I think the sender still needs subscription?

Florian

Re: [mlmmj] mlmmj and GMANE posting

[Ben Schmidt]

On 23/10/10 7:30 PM, Florian Effenberger wrote:
> Hi Ben,
>
> 2010/10/23 Ben Schmidt<mail_ben_schmidt@yahoo.com.au>:
>
>> Do the GMANE servers implement SenderID/SPF and/or Domainkeys/DKIM? If
>> you can set up your MTA to validate one or both of those, add a header,
>> and then check that header for Mlmmj access purposes, it would be more
>> secure.
>
> I read through the access readme, but - how does it work? If I set
> things to allow, I think the sender still needs subscription?
>
> Florian

Ah, yes. The feature for that wasn't in the last release. It's only in
version control. The current README.access details it:

http://mlmmj.org/hg/mlmmj/file/tip/README.access

1.2.18 will be coming soon!

Ben.

Re: [mlmmj] mlmmj and GMANE posting

[Florian Effenberger]

Hi Ben,

2010/10/23 Ben Schmidt <mail_ben_schmidt@yahoo.com.au>:

>>> Do the GMANE servers implement SenderID/SPF and/or Domainkeys/DKIM? If
>>> you can set up your MTA to validate one or both of those, add a header,
>>> and then check that header for Mlmmj access purposes, it would be more
>>> secure.

> Ah, yes. The feature for that wasn't in the last release. It's only in
> version control. The current README.access details it:
>
> http://mlmmj.org/hg/mlmmj/file/tip/README.access
>
> 1.2.18 will be coming soon!

I looked in the file, but it didn't solve my problem. What exactly
should be in the access file, to allow messages with a GMANE header
(like X-Gmane-...) pass through without moderation, even if the sender
is not a subscriber?

Thanks,
Florian

Re: [mlmmj] mlmmj and GMANE posting

[Ben Schmidt]

On 21/01/11 9:38 PM, Florian Effenberger wrote:
> Hi Ben,
>
> 2010/10/23 Ben Schmidt<mail_ben_schmidt@yahoo.com.au>:
>
>>>> Do the GMANE servers implement SenderID/SPF and/or Domainkeys/DKIM? If
>>>> you can set up your MTA to validate one or both of those, add a header,
>>>> and then check that header for Mlmmj access purposes, it would be more
>>>> secure.
>
>> Ah, yes. The feature for that wasn't in the last release. It's only in
>> version control. The current README.access details it:
>>
>> http://mlmmj.org/hg/mlmmj/file/tip/README.access
>>
>> 1.2.18 will be coming soon!
>
> I looked in the file, but it didn't solve my problem. What exactly
> should be in the access file, to allow messages with a GMANE header
> (like X-Gmane-...) pass through without moderation, even if the sender
> is not a subscriber?

Something like

    send ^X-Gmane-

On inspection, though, this will only work if modnonsubposts is on. If
non-subscriber posts are not moderated, but are denied, this won't work
(which is a bug, really; I'll whack it in the tracker as something to be
fixed later...).

Ben.

Re: [mlmmj] mlmmj and GMANE posting

[Florian Effenberger]

Hi Ben,

2011/1/27 Ben Schmidt <mail_ben_schmidt@yahoo.com.au>:

> On 21/01/11 9:38 PM, Florian Effenberger wrote:
>> I looked in the file, but it didn't solve my problem. What exactly
>> should be in the access file, to allow messages with a GMANE header
>> (like X-Gmane-...) pass through without moderation, even if the sender
>> is not a subscriber?
>
> Something like
>
>   send ^X-Gmane-

maybe this should be documented in
http://mlmmj.org/hg/mlmmj/file/tip/README.access as well? At least
from reading the file, I didn't even understand "send" was an allowed
action. :)

> On inspection, though, this will only work if modnonsubposts is on. If
> non-subscriber posts are not moderated, but are denied, this won't work
> (which is a bug, really; I'll whack it in the tracker as something to be
> fixed later...).

Thanks!

Florian

Re: [mlmmj] mlmmj and GMANE posting

[Ben Schmidt]

> maybe this should be documented in
> http://mlmmj.org/hg/mlmmj/file/tip/README.access as well? At least
> from reading the file, I didn't even understand "send" was an allowed
> action. :)

Ah. We got bitten by an outdated link.

Since I started including release branches in the repository, we no
longer need to reference the tip to get the latest version, we need to
reference the master bookmark:

http://mlmmj.org/hg/mlmmj/file/master/README.access

Ben.

Re: [mlmmj] mlmmj and GMANE posting

[Florian Effenberger]

Hi Ben,

2011/1/31 Ben Schmidt <mail_ben_schmidt@yahoo.com.au>:

> Ah. We got bitten by an outdated link.
>
> Since I started including release branches in the repository, we no
> longer need to reference the tip to get the latest version, we need to
> reference the master bookmark:
>
> http://mlmmj.org/hg/mlmmj/file/master/README.access

thanks a lot, this looks good!

Florian