[Twisted-Python] [Twisted-web] upcoming changes to twistedmatrix.com mail infrastructure

Wed Mar 16 13:53:08 MDT 2016

> On Mar 16, 2016, at 12:06 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> 
> On 16/03/16 18:52, Glyph wrote:
>> Over the last few months, twistedmatrix.com <http://twistedmatrix.com>'s
>> mailman installation has been used increasingly frequently to execute
>> denial-of-service attacks against people's mailboxes.  This is
> 
> My sympathies; this exact problem was the reason we CAPTCHA-ised our install of mailman and have to keep a very close eye on it.

Yeah.  If this were the only problem we'd probably be going that route, but given issues with the rest of our mail infrastructure, getting rid of it is a lot more satisfying :).  When I do self-service subscription I do very definitely plan to integrate a CAPTCHA.

> It's really a shame there's so little open-source competition in the email sector these days; it all appears to have been hoovered up by Gmail, Office 365 and various spam (sorry - bulk email) providers.
> 
>> There will be a couple of inconveniences immediately after the transition:
> 
> Couple of random thoughts:
> 
> Does mailgun actually contain a mailman-alike product or are you effectively building one on top of it?

Mailgun does have mailing lists: https://documentation.mailgun.com/api-mailinglists.html

This is not really a "mailman-alike"; its feature-set is extremely minimal (and, as mailgun will readily tell you, using it for members-only mailing lists is a bit of a weird case for their product; their primary target is transactional application emails, like notifications of activity in a web app, invoices, alerts, that sort of thing).  There are some things we will miss (particularly archives; I'm hoping we can just pipe the messages into pipermail somehow); but huge amounts of Mailman's customizability are just useless fluff.  Some are actively bad, like mailing you all your passwords in plain text every month.  We don't use most of its features, and we have to explicitly disable a lot of them.  Many of these things are better in more recent releases, but for us, upgrading to a more recent release is quite a bit more work than abandoning it entirely.

However, despite peer-to-peer lists being a little outside Mailgun's core demographic, they're totally supported, and I've had a pretty good experience (better than mailman administration, certainly) administering a medium-sized mailing list using their web UI.  I do plan to build a few small tools, like a self-service subscription tool, using the API, but even that will be good; it'll make a nice little demo Klein app.

> Will the mailman-style List-X headers remain?

Yes, although for unfortunate technical reasons the values of those headers may change (the way lists vs. personal addresses are name-spaced on twistedmatrix.com is unfortunate for reasons having nothing to do with mailgun, but it will probably matter now whereas it didn't before).

> Will the behaviour of the list w.r.t. things like routing of To:/Cc:'ed people change.

For members-post mailing lists, mailgun unconditionally sets the reply-to header, which is exactly the way we have mailman configured right now, so: no.

> Good luck with the migration.

Thanks!  And thanks for your questions, I was worried I put a ton of work into that email only for it to land in the void :).

-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20160316/6b4e2f7f/attachment-0002.html>