[Pkg-mailman-hackers] Bug#348592: mailman: Spam causes a moderation loop

Tue Jan 17 21:24:03 UTC 2006

Package: mailman
Version: 2.1.5-8
Severity: normal

Short story: when filtering mails for spam I get a moderation loop.

Long story:

When using the 'header_filter_rules' (found in the web interface under
'Privacy Options -> Spam Filter') a moderation loop occurs when spam is
detected if a rule like 'X-Spam-Status: yes' (what AMaViS typically inserts
when spam is found) points to a 'Hold' target. The mail to ...-owner seems
to get spam-scanned again and the informational email to the ...-owner
get's 'held', too. This happens up to 50 times until the loop stops.
The final mail contains a recursive collection of moderation requests.

I believe the problem has just recently been dealt with in a later version
of mailman (as you can see I'm using Sarge). The patch is described at

http://sourceforge.net/tracker/index.php?func=detail&aid=1405790&group_id=103&atid=300103

while you can find a description of the problem at

http://mail.python.org/pipermail/mailman-users/2006-January/048573.html

The above patch is meant for version 2.1.7. But I believe the following
tinier patch would even fix this issue for Sarge (I can't test it on Sid
since this is a production server):

--- SpamDetect.py.orig  2006-01-16 14:05:42.000000000 +0100
+++ SpamDetect.py       2006-01-16 14:05:18.000000000 +0100
@@ -103,6 +103,15 @@
         if mo:
             # we've detected spam, so throw the message away
             raise SpamDetected
+    # Before we go to header_filter_rules, we exclude internally generated
+    # owner notification from checking, because 1) we collect headers from
+    # all the attachments but this will cause matching the filter rule again,
+    # and 2) list owners may want to check header name / value pair like
+    # 'Precedence: bulk' which is also generated by mailman.  Both will
+    # cause loop of holding owner notification messages if the action is
+    # set to 'hold'.
+    if msgdata.get('toowner') and msg.get('x-list-administrivia') == 'yes':
+        return
     # Now do header_filter_rules
     g = HeaderGenerator(StringIO())
     g.flatten(msg)

Kindly
 Christoph

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages mailman depends on:
ii  apache2-mpm-prefork [httpd] 2.0.54-5     traditional model for Apache2
ii  cron                        3.0pl1-86    management of regular background p
ii  debconf                     1.4.30.13    Debian configuration management sy
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  logrotate                   3.7-5        Log rotation utility
ii  postfix [mail-transport-age 2.1.5-9      A high-performance mail transport 
ii  pwgen                       2.03-1       Automatic Password generation
ii  python                      2.3.5-2      An interactive high-level object-o
ii  ucf                         1.17         Update Configuration File: preserv

-- debconf information:
* mailman/site_languages: de, en
* mailman/used_languages: de en
* mailman/create_site_list:
* mailman/queue_files_present:
* mailman/default_server_language: en
  mailman/gate_news: false


