10 Nov
2020
10 Nov
'20
5:38 p.m.
On Tuesday 10 of November 2020 16:23:58 Michele Calgaro via tde-users
wrote:
On 2020/11/10 10:46 PM, Dr. Nikolaus Klepp wrote:
It seems that the only way to approve a user is when subscribing to the ML.
Anno domini 2020 Tue, 10 Nov 15:38:13 +0100
Slávek Banko via tde-users scripsit:
Is there an option to allow hyperkitty web interface only for "approved"
users? This way users can still subscribe easily to ML but would not
have automatic access to the web interface.
[...]
There is another possible level of defense: to set up newly
subscribed users not only to have to confirm their email address, but
also to be approved by a moderator. That could be an acceptable
compromise.
What is your opinion?
Would be a start. But I think the spamers will just add another
strategy to steal the mods time and get past him.
Nik Other idea: is it possible to force emails sent from
web interface to
another server and then back to mail server for distribution to ML? this
way spam msgs should get caught by spam filters. Like having an
intermediate email address. From web interface go automatically to this
intermediate address on different server == filter out spam. Then this
server forward to ML. Or maybe have hyperkitty GUI on a separate front
end of hyperkitty backend
To be precise: Hyperkitty creates the mail and forwards it to the local
mail server. Mail server performs the usual checks, including antispam /
antivirus checks (using RSPAMD). But here the message gets (must get) an
advantage - no checks based on the sender's IP address are applied. The
message is then submited to the mailman. There, messages are created for
individual recipients and forwarded back to the mail server for
distribution. Again, these are locally transmitted messages.
So the message actually goes through the spam filter twice, just like all
other messages coming in by email. Only they have an advantage.
Using some other mail server is a problem - there messages could be
rejected due to (poorly designed) SPF technology. There would have to be
the same exception from the tests based on the sender's IP address =>
again the opportunity not to get points for these tests. So it does not
serve the intended purpose.
Just thwroing around loose thoughts :-)
Ideas are welcome.
Cheers
Michele
Cheers
--
Slávek