[conspire] Mailing list servers and the spam problem

Wed Feb 25 14:48:46 PST 2015

Quoting Scott DuBois (rhcom.linux at gmail.com):

> I understand. When set up correctly, I'm not expecting to have to spend a
> couple of hours _every_ day filtering through what's spam and what's not. I do
> realize that _some_ level of maintenance is going to be required and _I_ alone
> am going to have to be the one to do it.

Just to set expectations, you _can_ set it up and let it run totally
automatically, and everything will work pretty much fine.

I quickly skim-read the held-mail listings that come in every day, per
mailing list, in order to catch any mail a legitimate poster
accidentally sent from a non-subscribed adfress.  I compose manually a
response to that person as a reject message, advising that person that
the mail didn't go through and is being returned, why it didn't go
through, and giving helpful advice about avoiding that problem in the
future.  

It's not _necessary_ to do that manual work.  I do it to be nice, to
help people so they won't be mystified about why their postings didn't
go through.

Many other listadmins don't bother, and either send back the canned
default Mailman reject message saying 'non-subscriber posting'
(paraphrased), or (more commonly) take the path of least resistance and
just let the held mail expire out of the queue and disappear without the
sender having any idea what happened.

And, of course, for announce-only mailing lists like svlug-announce and
balug-announce, someone has to manually approve the announcements you
allow to go out.

But totally automatic _does_ work.  And, of course, the more you can
successfully automate on any server, the better.

> Donating my time is one thing, footing a financial obligation on a
> recurring bill is another.

This is indeed the concern.

Sometimes, you find someone who's willing to let you put a machine on a
rack the person's already paying for and has extra room, or who's
willing to let you have a VM for free, or who has extra IP fixed
addresses on an aDSL line.  

Look at the situation from that person's _own_ perspective.  He or she
(let's call her Ms. Colo) needs to make sure that the guests (let's call
them SVLUG) aren't going to become a problem.  Which means Ms. Colo has
to trust the SVLUG server operators going forward not to do crazy
incompetent stuff.

What would be crazy incompetent stuff?  Examples:  (a) The officers
subscribing to a metric ton of mailing lists and then walking away.
(b) Hosting big video streaming files.  (c) Screwing up server setup and
accidentally (or on purpose) operating an open mail relay or Web proxy.

The actual SVLUG, in its own history, has already done crazy incompetent
item (a).  Both J. Paul Reed and (especially) Paul Reiber, as SVLUG
presidents, subscribed to a bunch of junk and then walked away.  I spent
_years_ chasing down and shutting off the feeds that Reiber subscribed to.

Many times, lunatics at SVLUG have seriously suggested crazy incompetent
item (b), and I have said the gentle and polite version of 'hell no'.

Somehow, SVLUG managed to survive the presidency of Paul Reiber without
suffering crazy incompetent item (c), but mostly because Reiber didn't
know jack about Linux and probably couldn't figure out how to do that
much harm.

I am considerably more reluctant to even _consider_ hosting any LUG
machine on my own aDSL line going forward, especially after the Reiber
administration.  It would have to be on a tight leash, and I would
essentially have to treat the host as run by people I cannot trust to
avoid doing crazy incompetent bullshit, which means I'd have to do a lot
of monitoring, at which point it becomes a hassle.  Or I could run it
myself, which is a differnt type of hassle.

Any Ms. Colo who might grant that favour would end up making the same
sort of calculation.