On Sat, Mar 29, 2008 at 01:12:59PM -0500, Robby Griffin wrote:

...

How/where do I stop that?

How is that backscatter? Looks like plain old spam to me (addressed to a -owner address, which forwarded to postmaster

But it shouldn't go to postmaster!

/usr/local/mailman/bin/list_owners cc-co

shows me three addresses, all of which are @gmail.com addresses.

, which forwarded to you),

postmaster does forward to me, yes.

and your (three!) SpamAssassins

two. One on malecky (the list machine), and one on garp. The third machine doesn't come into play here.

let it through. Though one of them did score it high enough to be marked as spam, you don't seem to have anything between the world and your inbox that actually blocks spam...

Not true. Mail to lists (but apparently not owners) now gets discarded if it has been tagged as spam.

Furthermore, I have procmail rules in place in two places that drop mail above a certain threshold and quarantine a middle batch.

If it helps, I have one setup where I have to discard high-scoring spam with procmail on its way into my inbox, and another where I modified SA to add a user-configurable threshold for tagging "extreme" spam so I could discard it within the MTA.

I don't discard anything at the MTA, but otherwise you've got close to what I've got. What I'm missing here is the step where the mail went from going to one of the three list admins (again, all at gmail) to going to me. Where was the forgery? How did mailman (or was it postfix?) get duped?

Cheers,

Cristóbal Palmer ibiblio.org systems administrator