Merge lp://staging/~jimpop/mailman/mailman-auto-mod-verbose-members into lp://staging/mailman/2.1

It is not clear why you have

 add_only_if_missing('member_verbosity_threshold', 0)

in versions.py instead of

 add_only_if_missing('member_verbosity_threshold',
                     mm_cfg.DEFAULT_MEMBER_VERBOSITY_THRESHOLD)

Oversight perhaps. Also I think Defaults.py.in should probably have

DEFAULT_MEMBER_VERBOSITY_THRESHOLD = 0

Also, the first few lines of Utils.IsVerboseMember() seem unnecessary, and I'm not completely comfortable with recentMemberPostings being a global in Utils.py rather than a list attribute.

And, do you really see 5 posts from the same member in 5 minutes?

Finally, I'm curious if you ever saw <https://www.msapiro.net/scripts/PostLimit.py>. I guess it is very different in detail, but the goal may be similar.

I've been reluctant to actually implement that on my production server, although it has been suggested as a way to control one member (I'd rather have a conversation than hit him with a hammer, although hammers have their place.)

Hi Mark, thank you. I have made the following improvements based on your feedback:

Mailman/versions.py:
    set mm_cfg.DEFAULT_MEMBER_VERBOSITY_THRESHOLD rather than hardcoded "0".

Mailman/Defaults.py.in:
    DEFAULT_MEMBER_VERBOSITY_THRESHOLD now defaults to 0

Mailman/Utils.py:
    Removed unnecessary value checks from the top of Utils.IsVerboseMember()

Mailman/Handlers/SpamDetect.py
    Added "mlist.member_verbosity_threshold > 0" test before call to Utils.IsVerboseMember()

I set recentMemberPostings as a global because I felt it was important to measure a members posting pattern across all lists, not a single list. Although I currently only moderated the user on the single impacted list, ideally I'd like to find a way to moderate the user on all subscribed lists.

NANOG recently had a problem of hundreds of spam posts in a matter of minutes. Search for "Fw: new messsage" on http://mailman.nanog.org/pipermail/nanog/2015-October/thread.html (DO NOT CLICK ON ANY OF THE EMAILED LINKS IN THOSE NANOG POSTS). There were so many posts it clogged their outbound queues for at least 1 day.

I have not seen PostLimit before, thanks. I honestly don't care which version makes it into Mailman, but there is clear evidence that spamvertised postings, using a known member address, is going to be a huge problem going forward.

Thanks for your replies and changes. I now have a much clearer understanding of the issue that prompts this. I will probably do a little tweaking, but it looks good and I will get it in the next release.

It really has different goals from PostLimit which I did as a response to some request on Mailman-users.

Actually, we could have used something like this for a flood of bogus subscription requests a while back, but the addresses were predictable enough that I was able to handle it with a regexp in the new GLOBAL_BAN_LIST (and variable enough that matching on the address wouldn't work).

Anyway, You've done good work here. Thank you. I will get the feature in the next release (and probably aim for a release soon, but not before December as I a traveling the next 3 weeks)

I have merged this branch and made some changes. The most significant is your code to drop old times from the recentMemberPostings dictionary is wrong. Deleting items from a list while processing 'for item in list' results in skipping items.

I also allow for different lists to have different member_verbosity_interval settings and process that I hope reasonably.

Finally, I don't attempt to moderate a non-member, and I look at more than the From: of the message to find a member address.

Sounds good Mark, Thanks