The mailing list for listmasters using Sympa

[Miles Fidelman <address@concealed>]

Thanks!  This gives me an approach to work with.

Miles

Cefiar wrote:
> On Wednesday 01 November 2006 23:14, Miles Fidelman wrote:
>   
> > This is a result of the fairly standard setup I'm using, and it seems
> > less than optimal.  I wonder if anybody has any thoughts on a better setup.
> >
> > Basic Setup:
> > Linux (Debian)
> > Postfix
> > amavisd-new
> > spamassassin
> > clamAV
> >
> > Every message is scanned on it's way into to the system, before being
> > passed on for delivery.  So... every message that gets to Sympa is
> > either clean, or marked as possible Spam (low score) - and I have a
> > scenari defined to bounce possible Spam to list owners.  I don't use the
> > Sympa settings to scan messages, because they've already been scanned.
> >     
>
> What you want to do is disable content filtering on the local mail injection. 
> This is ONLY useful if the local injection system is ONLY used for processing 
> mail with sympa. If you inject mail into the system locally 
> (via /usr/bin/sendmail or via a web interface) that is untrusted in some way, 
> then you do NOT want to do this without some further planning and 
> configuration.
>
> In postfix's master.cf file, edit the entry for the 'pickup' service so that 
> it looks like this:
>
> pickup    fifo  n       -       -       60      1       pickup
>         -o content_filter=
>
> The "-o content_filter=" is the important bit here. It disables the 
> content_filter entry (which is the way amavisd-new is usually implemented), 
> so that it isn't used for this injection/delivery service.
>
> This is the same method used by amavisd-new itself to allow the message to be 
> reinjected into the mailer without being caught in a loop.
>
>   
> > Seems like a large waste of resources.  Can anybody suggest a better
> > approach?  (Of course that then leads to the question of how to deal
> > with messages that are submitted via the web interface).
> >     
>
> For the setup I take care of, this is generally a non-issue, as the person has 
> to be manually approved as a subscriber before they can even read the lists, 
> let alone post via the web interface. While it's possible that they could 
> submit spam this way, it's fairly unlikely.
>
> Of course, if sympa could be set up to submit web posts via a different 
> executable (or one with different parameters), then it could probably be 
> submitted to a different injection/delivery service which has 
> content_filtering enabled.
>
> Hope this helps.
>
>