Re: [Mailman-Users] Best way to slow down all the spam to my lists?
On 12/12/19 12:46 PM, Chromatest J. Pantsmaker wrote:
https://wiki.list.org/DOC/4.23%20How%20do%20I%20use%20SpamAssassin%20with%20...
With Postfix, you should activate the built-in SPAM control, "postscreen".
The details on how to use it are in POSTCSCREEN_README when you install from source, I don't where/if Ubuntu puts it, or if they build it for their distro, but it just works. "man postscreen" should get you started.
I have it checking spamhaus.org, spamcop.net, and barracudacentral.org for blacklisting.
I sometimes add IP ranges to "/etc/postfix/postscreeen_access.cidr", (they've mainly been from Brazil, Korea, and China), when I notice a new source that the blacklists haven't yet found, blocking out vast swathes of the internet doesn't trouble me.
Cheers,
Gary b-)
I think I'll look into this next. It seems that the postgrey implementation that I followed from a previous email has stopped the spam, but it's also stopped all other mail also! doh!
On Fri, Dec 13, 2019 at 6:40 PM Gary R. Schmidt <grschmidt@acm.org> wrote:
On 12/13/19 7:23 PM, Chromatest J. Pantsmaker wrote:
If postgrey is working as it should, it will initially respond to all mail with a 4xx (retryable) status. The theory is spambots won't retry, but legitimate MTAs will, usually after a delay of up to 15 minutes or so, but some more than an hour.
As postgrey learns, it will remember triplets (sender, sending IP, recipient) and not delay them and in addition will whitelist domains that retry successfully more than a few times.
Thus, after time, the delayed mail will become less frequent.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Chromatest J. Pantsmaker writes:
I had sent some test email from gmail and several hours later those test messages didn't pass. Maybe I goofed something along the way.
If the GMail address used to send is the same as the address subscribed to the test list, you won't see it because GMail deduplicates aggressively. There is no way to fix this in GMail. If you are testing from GMail you *must* use a separate address as the recipient.
Check the Mailman and the Postfix logs to see what your Mailman host thinks is happening.
Steve
"Stephen J. Turnbull" <turnbull.stephen.fw@u.tsukuba.ac.jp> writes:
Also, if you are testing greylisting from a GMail account, GMail tends to retry messages from another random outgoing server, so it may take considerable time before GMail happens to randomly pick an outgoing server it has already used and greylisting can confirm the same message from the same user at the same server... (It would be nice if GMail would assign an outgoing message to one server and just retry from there)
Keith
--
from my mac to yours...
Keith Seyffarth mailto:weif@weif.net https://www.weif.net/ - Home of the First Tank Guide! https://www.rpgcalendar.net/ - the Montana Role-Playing Calendar
http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
On 12/13/19 9:02 PM, Mark Sapiro wrote:
The bigger senders are doing things now (more than ever) that they weren't doing 15+ years ago. Now farms of servers will try to contact you. The message may first try from one IP, then from another IP, then from a 3rd.... It may eventually try from the same IP and make it through.
I think most grey list solutions have an option to specify the network (frequently configured a a /24) for the sending IP. This significantly helps with different servers in the same server farm trying to resend messages.
Another option that doesn't have this (state based) limitation is nolisting. (TCP RST from first MX and subsequent MX(s) accept email.)
-- Grant. . . . unix || die
Grant Taylor via Mailman-Users <mailman-users@python.org> writes:
Some greylisting solutions also allow you to whitelist a domain or subdomain, but this can result in spammers spoofing that domain getting through...
Keith
--
from my mac to yours...
Keith Seyffarth mailto:weif@weif.net https://www.weif.net/ - Home of the First Tank Guide! https://www.rpgcalendar.net/ - the Montana Role-Playing Calendar
http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
I think I'll look into this next. It seems that the postgrey implementation that I followed from a previous email has stopped the spam, but it's also stopped all other mail also! doh!
On Fri, Dec 13, 2019 at 6:40 PM Gary R. Schmidt <grschmidt@acm.org> wrote:
On 12/13/19 7:23 PM, Chromatest J. Pantsmaker wrote:
If postgrey is working as it should, it will initially respond to all mail with a 4xx (retryable) status. The theory is spambots won't retry, but legitimate MTAs will, usually after a delay of up to 15 minutes or so, but some more than an hour.
As postgrey learns, it will remember triplets (sender, sending IP, recipient) and not delay them and in addition will whitelist domains that retry successfully more than a few times.
Thus, after time, the delayed mail will become less frequent.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Chromatest J. Pantsmaker writes:
I had sent some test email from gmail and several hours later those test messages didn't pass. Maybe I goofed something along the way.
If the GMail address used to send is the same as the address subscribed to the test list, you won't see it because GMail deduplicates aggressively. There is no way to fix this in GMail. If you are testing from GMail you *must* use a separate address as the recipient.
Check the Mailman and the Postfix logs to see what your Mailman host thinks is happening.
Steve
"Stephen J. Turnbull" <turnbull.stephen.fw@u.tsukuba.ac.jp> writes:
Also, if you are testing greylisting from a GMail account, GMail tends to retry messages from another random outgoing server, so it may take considerable time before GMail happens to randomly pick an outgoing server it has already used and greylisting can confirm the same message from the same user at the same server... (It would be nice if GMail would assign an outgoing message to one server and just retry from there)
Keith
--
from my mac to yours...
Keith Seyffarth mailto:weif@weif.net https://www.weif.net/ - Home of the First Tank Guide! https://www.rpgcalendar.net/ - the Montana Role-Playing Calendar
http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
On 12/13/19 9:02 PM, Mark Sapiro wrote:
The bigger senders are doing things now (more than ever) that they weren't doing 15+ years ago. Now farms of servers will try to contact you. The message may first try from one IP, then from another IP, then from a 3rd.... It may eventually try from the same IP and make it through.
I think most grey list solutions have an option to specify the network (frequently configured a a /24) for the sending IP. This significantly helps with different servers in the same server farm trying to resend messages.
Another option that doesn't have this (state based) limitation is nolisting. (TCP RST from first MX and subsequent MX(s) accept email.)
-- Grant. . . . unix || die
Grant Taylor via Mailman-Users <mailman-users@python.org> writes:
Some greylisting solutions also allow you to whitelist a domain or subdomain, but this can result in spammers spoofing that domain getting through...
Keith
--
from my mac to yours...
Keith Seyffarth mailto:weif@weif.net https://www.weif.net/ - Home of the First Tank Guide! https://www.rpgcalendar.net/ - the Montana Role-Playing Calendar
http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
participants (7)
-
Chromatest J. Pantsmaker -
Gary R. Schmidt -
Grant Taylor -
Keith Seyffarth -
Mark Sapiro -
Richard Damon -
Stephen J. Turnbull