This document describes how to interact with mailing lists when you are using TMDA (Tagged Message Delivery Agent) anti-spam software. TMDA makes use of blacklists and whitelists to restrict access to a mail user’s inbox and optionally tags outgoing email addresses to limit who can use those addresses or to set for how long those addresses are valid. Such lists and tagged email addresses can thoroughly confuse mailing list management software and so care must be taken when interacting with mailing lists.
This document assumes that the reader is familiar with TMDA’s features and how to use them. Prior knowledge of configuration variables, incoming and outgoing filter syntax, and the use of blacklists and whitelists will be very helpful.
In the examples that follow, I’ll subscribe to the fictitious list ‘email@example.com’ for the user ‘andrew’.
Using Lists with TMDA
What follows are instructions on how to use TMDA with three types of mailing lists. In each case, the objective is to allow other subscribers to the list in question to email you directly without TMDA forcing them to confirm their email while, at the same time, minimizing the amount of spam that appears in your inbox.
Identifying an ezmlm mailing list
You can identify an ezmlm mailing list by the method of subscription. To subscribe, you send an email to the list in the form <list name>-subscribe@<domain name>. So, to subscribe to the ezmlm mailing list firstname.lastname@example.org, you would use email@example.com.
In the above example, ezmlm will use whatever envelope sender address it finds in the message as the address you wish to subscribe with. You can also explicitly state the address you would like to subscribe with.
So, to subscribe with the address firstname.lastname@example.org, you would use email@example.com.
Talking to ezmlm
Because ezmlm mailing lists send each message with a different envelope sender address, you need to tell TMDA to let mail from the list through. You can do this by adding a line to either your whitelist file or incoming filter file.
- in your whitelist file add:
- or in your incoming filter file add:
- from firstname.lastname@example.org ok
Doing this will also ease communication with the ezmlm autoresponder during the subscription process.
Because ezmlm does it’s own tagging of the envelope sender address, there is no point in subscribing with a sender or keyword address; you need to let messages through with your whitelist or incoming filter anyway. So, you can subscribe with either a bare address or an extension address. An extension address is normally the better choice as this provides an easy way to manipulate incoming mail (dropping mail from lists into alternate mailboxes for example).
- Using the extension ‘ezmlm-howto-users’, subscribe by sending an empty message to the following address:email@example.com
- Get yourself a drink while you wait to receive ezmlm’s confirmation request. You will need to send ezmlm an email confirming that you really want to subscribe to the list.
In order to post to your newly subscribed mailing list, put this into your outgoing filter file:
- to firstname.lastname@example.org tag
- from dated
- envelope extension=ezmlm-howto-users
Using the ‘dated’ tag for the From header will allow other list subscribers to send you mail without needing to send a confirmation. If this isn’t what you want, set the From header to a bare address or explicitly set it to what you want it to be:
- from bare
- from email@example.com
You can receive instructions on how to use an ezmlm mailing list by sending an empty mail message to the mailing list with ‘-request’ or ‘-help’ appended to the name. For example:
Identifying a Mailman mailing list
Mailman uses a web interface for subscribing and unsubscribing to mailing lists. When subscribing to a Mailman list, you’ll be asked to submit a password. Mailman warns you that the password you use shouldn’t be a particularly valuable one since Mailman emails it to you from time to time in plain text as a reminder. Mailman will also give you the option of receiving messages from the list in the form of a batched digest.
- The first thing to do is generate a sender address. Mailman lists use an envelope sender in the format <list name>-admin@<domain name> so use this command:tmda-address -s firstname.lastname@example.org
which produces something like
email@example.comRemember you can use the -c option if you need to use a TMDA configuration file other than the default and the -a option to specify the base email address to use. With these two options, the above command would look like this:tmda-address -a firstname.lastname@example.org -c ~/andrew/mail/config -s email@example.com
- Then enter the sender address as the email address you wish to subscribe with in the appropriate box on Mailman’s web interface.
- Get yourself a drink while you wait to receive Mailman’s confirmation request. You will need to send Mailman an email confirming that you really want to subscribe to the list.
Different Mailman setups will use different methods to screen incoming email. What you put in your outgoing filter file will depend on how the particular list you’re subscribing to filters its incoming mail.
- If the list screens email on the From header, you will need to set the From header to the sender address you used to subscribe to the list. It also means that you need to set the Reply-To header so that list subscribers can email you. Put this into your outgoing filter file:to firstname.lastname@example.org tag
reply-to datedAgain, using the ‘dated’ tag for the Reply-To header will allow other list subscribers to circumvent TMDA’s confirmation process. If this isn’t what you want, set the Reply-To header to a bare address or explicitly set it to what you want it to be, like so:reply-to bare
- If the list screens email on the envelope sender, put this into your outgoing filter file:to email@example.com tag
envelope firstname.lastname@example.orgYou can change the ‘dated’ tag as described in the previous example if you want list subscribers to confirm their email to you.
There is no way to tell beforehand which of the above methods the list of interest is using to screen mail. You just need to try the different options until one works.
Identifying a Majordomo mailing list
Majordomo lists can be identified by the method you use to subscribe to one; you send an email to email@example.com with the word ‘subscribe’ in the body of the email.
Talking to Majordomo
To ease administrative communication with a majordomo list (anything other than actually posting a message to the list is considered administrative), there are a few things you can do.
- Add majordomo to your whitelist or to your incoming filter like so:in your whitelist
majordomo@*or in your incoming filter file
from majordomo@* okThere is always the possibility that spammers will send you mail from majordomo@spam.R.us.com so you can tighten up your whitelist or filter by removing the wildcards and having separate entries for each majordomo mailing list you want to interact with.
- Add this line to your outgoing filter file:to majordomo@* bareThis will ensure all mail sent to majordomo lists is free of tags. If you want TMDA to treat specific majordomo lists differently, you can add extra entries that replace the wildcard character with the appropriate domain name.
As an alternative to using bare email addresses and adding lines to your whitelist or incoming filter, you can use a keyword tagged address to communicate with majordomo. Add this line to your outgoing filter file:
- to majordomo@* keyword=mdadmin
If you begin receiving spam on this address, change the keyword.
Now that you can talk to majordomo hassle-free, you’ll want to actually subscribe to a list.
- The first thing to do is generate a sender address. Majordomo lists use an envelope sender in the format owner-<list name>@<domain name> so use this command:tmda-address -s firstname.lastname@example.org
which produces something like
email@example.comRemember you can use the -c option if you need to use a TMDA configuration file other than the default and the -a option to specify the base email address to use. With these two options, the above command would look like this:tmda-address -a firstname.lastname@example.org -c ~/andrew/mail/config -s email@example.com
- Then send a message to firstname.lastname@example.org with this line in the body of the message:subscribe howto-users email@example.comAnything you put in the subject line will be ignored.
- Get yourself a drink while you wait to receive majordomo’s confirmation that you have been subscribed to firstname.lastname@example.org.
In order to post messages to email@example.com, your email will have to pass majordomo’s screening method. The tricky part is that different majordomo lists use slightly different methods to ensure incoming posts are from subscribed users.
- If you don’t know how your majordomo list of interest validates incoming mail or if you do know it uses the From header for validation, use this formula in your outgoing filter file:to firstname.lastname@example.org tag
reply-to datedThis will set both the From and envelope sender fields of your mail to the same sender address you used to subscribe to the list. It will also set the Reply-To header to a dated address. This allows list members to contact you directly without having to confirm their first message while ensuring that spammers won’t get their hands on your untagged email address.
- If you know that a certain majordomo list validates incoming mail using the envelope sender field, you can use this formula instead:to email@example.com tag
envelope firstname.lastname@example.orgFunctionally, this will produce the same results as the first example.
Since the first of the above two formulas is the more general, you should try it for any majordomo list you want to subscribe to. There is no advantage to using the second formula if the first one works.
You can receive instructions on how to use majordomo by sending a message to majordomo@<domain name> with the word ‘help’ in the body of the message. The message you receive will have detailed instructions on how to do such things as subscribe or unsubscribe to a list, and how to contact the majordomo manager (a real person!). Remember to put only the word ‘help’ (without the quotes) in the body of the message and nothing else.
Using Lists Around TMDA
If you use TMDA to protect your email address and don’t want to go through all the hassle of setting up a mailing list as described above, then this is the section for you. These instructions describe a way to use a TMDA protected email address with a mailing list without the list ever seeing a tagged address.
- First, tell TMDA to accept mail from the list by adding an entry to one of your whitelist files like so:<list-name>@some.domain.comOr if you want to set up many lists this way, consider creating a whitelist file dedicated to mailing lists. Then put a line in your incoming filter file like so:from-file ~path/to/whitelist-file-for-mailing-lists ok
- Put a line in your outgoing filter file telling TMDA to use a bare address when sending mail to the list:for a single list use
to <list-name>@some.domain.com bareor for multiple lists you could use
to-file ~/path/to/whitelist-file-for-mailing-lists bareThis point assumes that you’re using tmda-ofmipd to tag outgoing mail.
- Subscribe to the list with your bare, untagged email address.
The exact pattern you use in step one will vary depending on the type of list you want to talk to. This is because the administrative mailings from a list can come from different places. For a mailman list, the pattern can be quite restrictive as administrative emails come from list-name-<something>@some.domain.com. Majordomo lists, on the other hand, will require a more permissive pattern or perhaps even two entries because source addresses for administrative emails generally do not contain the list name at all.
Setting up your TMDA this way will force other users of a list who mail you directly to confirm their email the first time. On the other hand, this method should work with any type of mailing list. This behaviour can be set up as the default which can be overriden for particular lists when there is a need to do so.
One potential problem with the method outlined above is bounced mail. If you don’t have a line like
- from <> ok
in your incoming filter file, then mail bounced from a list may get caught by TMDA depending on the address the bounce comes from. The TMDA FAQ explains the reasons for this problem in more detail. If anyone has any ideas on how to get around this, drop me a note.
Mailing Lists Behaving Badly
In some cases, a list may change the Reply-To header in some way; to point back to the mailing list itself for example. If such a list also screens mail on the From header, then using TMDA with the list becomes much more complicated. It is likely better to subscribe to the list with an email address that is filtered using a tool other than TMDA (see Mailing Lists & SPAM below). If you really want to use TMDA with such a mailing list, one way to do it is to subscribe using a keyword tagged address. You generate a keyword address like so:
- tmda-address -k badlist
- which produces something like
Add an entry to your outgoing filter file so that any mail you send the list will use this keyword address.
- to email@example.com keyword=badlist
This allows both the list and list subscribers to email you without replying to confirmation requests. It also means that spammers can use this address to send you mail as well. When this happens, you will need to unsubscribe from the list, generate a new keyword address, and re-subscribe. You may also want to put an entry into your incoming filter file to drop mail sent to the old keyword address.
Alternatively, you could set up the list as described in the previous section.
Mailing Lists & SPAM
Because of the way TMDA operates, it cannot filter spam that is being distributed through a mailing list. If you wish to subscribe to a list that is regularly spammed, using TMDA may not be the best choice for you.
Much of the information contained within this document was scoured from the tmda-users mailing list archive. The major contributors to the relevant thread were Tim Legant, Jason Mastaler, and Scott Schappell.