On 10/27/2016 08:24 AM, Jim Dory wrote:
I'm getting a ton of spam posting attempts to our subscriber only email list - in the order of about 100 to 150 per day and growing. As I need to keep a look out for actual member requests (sometimes a member wants to unsubscribe or is having some problem - a non member wants to subscribe) I have to look through these approval headers to make sure it isn't a local person wanting something. So it becomes a pain. Most spammers use obvious emails so I can mass delete them (harder on my phone when managing the mail) but I'm wondering if there is something I can do to stem the flow.
I'm with Hawkhost on a VPS plan (virtual private server) so I have a bit of control - but don't know much about what to do - if there are access/deny lists I can somehow use.
At a minimum you should have SpamAssassin and ClamAV scanning your mail during incoming mail processing before it ever gets to Mailman. Greylisting can also help. See http://wiki.apache.org/spamassassin/IntegratedInMta for Spamassassin and for ClamAV see http://www.clamav.net/documentation and google clamav-milter.
Also see http://sanesecurity.com/usage/signatures for info about 3rd party ClamAV signatures for detecting spam.
For a more comprensive package, see https://www.mailscanner.info/.
I did enable some spam controls but it didn't seem to do anything. It would have to a server level deny list I assume like iptables or something to reject known spammers at least, or whole domains like from foreign companies (.it, .br, .ch , etc) and perhaps some spoofing going on from the likes of domains such as hilton.k12.ny.us cortez_josephine@hilton.k12.ny.us.
You can do things in the MTA itself. For example Postfix can do header checks and body checks and take various actions based on regexp matches. See http://www.postfix.org/header_checks.5.html.
There are many other tools and techniques beyond the scope of this list.
Within Mailman itself, you can use Privacy options... -> Spam filters -> header_filter_rules to take various actions based of regexp matcthes on the message headers, and there's also the possibility to use regexps in Privacy options... -> Sender filters -> discard_these_nonmembers.
The caveat here is you want to discard and not reject because reject causes backscatter to the generally innocent spoofed sender. This means with header_filter_rules in particular you need to avoid false positives to avoid silently discarding legitimate mail.
Avoiding backscatter is the main reason why the best solutions reject the mail at incoming SMTP time.
Note that you can't use iptables because a great deal of spam comes from botnets and the IPs are all over and not consistent.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan