![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
Hello,
In some of our lists, we are receiving excessive spam messages. We analyzed the spam messages and found that they have similar headers. As a result, we developed the following list:
^X-Mailer: (?!Microsoft Outlook .*)$ ^X-mailer: .*$ ^X-Mailer-LID: .*$ ^X-Mailer-RecptId: .*$ ^X-Mailer-SID: .*$ ^X-Mailer-Sent-By: .*$ ^X-Spam-Status: Yes.*$ ^X-Spam-Flag: YES ^X-Virus-Status: Yes
We don't want to receive any mails from external mail systems, only real persons can send emails.
We enter this list to the bounce_matching_headers part (in the admin panel, under Spam Filtering).
However, we couldn't make this list processed by Mailman. We also couldn't understand in what part we are doing wrong.
Can you please assist us in this situation?
Thanks,
Note: We are using Mailman 2.1.13
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
This includes the one above it.
bounce_matching_headers doesn't work that way. See the '(Details for bounce_matching_headers' link.
Regexps like the above should go in header_filter_rules with an appropriate action.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
I have added
^X-Mailer: (?!Microsoft Outlook .*)$
as the first rule and set to Hold according to your instructions.
I tried to block all mails except the mails from MS Outlook. However today, I received an email with header like:
X-Mailer: Microsoft CDO for Windows 2000
I couldn't understand why this header did not go to pending moderator requests.
On 01/30/2013 12:33 AM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
Was the message addressed to the list address or to the list-owner address? header_filter_rules with Hold action are not applied to -owner mail.
If this doesn't explain it, please post the entire content of header_filter_rules and the full headers of the message you received.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
The message was addressed to the list address. The email address I have registered is not the owner of the list.
The message headers are:
Return-Path: <register-bounces@metu.edu.tr> X-Original-To: bingol@metu.edu.tr Delivered-To: bingol@metu.edu.tr Received: from abdera.general.services.metu.edu.tr (abdera.general.services.metu.edu.tr [144.122.144.135]) by arikanda.general.services.metu.edu.tr (Postfix) with ESMTP id 8BA8C4D92; Wed, 30 Jan 2013 14:46:03 +0200 (EET) Received: from abdera.general.services.metu.edu.tr (localhost [127.0.0.1]) by abdera.general.services.metu.edu.tr (Postfix) with ESMTP id 1B5F13A46F; Wed, 30 Jan 2013 14:46:03 +0200 (EET) X-Original-To: register@mailman.metu.edu.tr Delivered-To: register@mailman.metu.edu.tr Received: from arikanda.general.services.metu.edu.tr (arikanda.general.services.metu.edu.tr [144.122.144.179]) by abdera.general.services.metu.edu.tr (Postfix) with ESMTP id 5D9133A328 for <register@mailman.metu.edu.tr>; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Received: by arikanda.general.services.metu.edu.tr (Postfix) id 2A20D5153; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Delivered-To: register@metu.edu.tr Received: from varya.cc.metu.edu.tr (varya.general.services.metu.edu.tr [144.122.145.141]) by arikanda.general.services.metu.edu.tr (Postfix) with ESMTP id 118DF4D11; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Received: from mail-wi0-f186.google.com (mail-wi0-f186.google.com [209.85.212.186]) by varya.cc.metu.edu.tr (Postfix) with ESMTP id 0C2D560099; Wed, 30 Jan 2013 14:45:29 +0200 (EET) Received: by mail-wi0-f186.google.com with SMTP id hq4sf574786wib.23 for <multiple recipients>; Wed, 30 Jan 2013 04:45:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=x-received:x-beenthere:x-received:x-received:x-received :received-spf:thread-topic:thread-index:reply-to:from:sender:to :subject:date:organization:message-id:mime-version:x-mailer :importance:priority:x-mimeole:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-google-group-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe:content-type:content-class; bh=FdFbVDlNean5sSj9PA4NFtgR31tbLrE1ohLudRAmxjE=; b=dSsb+1QyDzJizefQgoPTQ9XXbJ8CjcaUTuf2tNPEN8JABqO81ca6HMXByOZEzF46HB bdx52DmaQUAewajjVREM4bXpHrlVR7xQaLRgo8bRtjj5LgTqUqwJYJ4DTSXWkfUGNmEM 1fbE4T7vT6RtKJcgJQZDSEJFXvJHKRzGx4im1KgJgm6luN/CMA0tKOhYhdsgGFhwWLQM a0SdH4bAKAQQHwe+hpvMLgY+ZKblGyi6FEKJruIgpe6hgQZkhAPOL7hSWYobuTJf+97G /1G6FhSRNzVtXK4AAOz+CFtLN6UhC1mzU4IDYGOKdVDiLih/4vcEps9iF8BcsAzeKC0v SBjQ== X-Received: by 10.180.88.231 with SMTP id bj7mr442627wib.5.1359549928950; Wed, 30 Jan 2013 04:45:28 -0800 (PST) X-BeenThere: fethiyede@googlegroups.com Received: by 10.180.91.46 with SMTP id cb14ls409844wib.10.gmail; Wed, 30 Jan 2013 04:45:06 -0800 (PST) X-Received: by 10.180.19.66 with SMTP id c2mr1471014wie.6.1359549906477; Wed, 30 Jan 2013 04:45:06 -0800 (PST) Received: by 10.194.71.193 with SMTP id x1mswju; Wed, 30 Jan 2013 04:43:54 -0800 (PST) X-Received: by 10.204.4.217 with SMTP id 25mr299939bks.1.1359549827269; Wed, 30 Jan 2013 04:43:47 -0800 (PST) X-Received: by 10.204.4.217 with SMTP id 25mr299938bks.1.1359549827241; Wed, 30 Jan 2013 04:43:47 -0800 (PST) Received: from forward1.mail.yandex.net (forward1.mail.yandex.net. [2a02:6b8:0:602::1]) by gmr-mx.google.com with ESMTP id s1si6897bkt.3.2013.01.30.04.43.47; Wed, 30 Jan 2013 04:43:47 -0800 (PST) Received-SPF: neutral (google.com: 2a02:6b8:0:602::1 is neither permitted nor denied by domain of summer@tatilkampanyasi.com) client-ip=2a02:6b8:0:602::1; Received: from smtp2.mail.yandex.net (smtp2.mail.yandex.net [77.88.46.102]) by forward1.mail.yandex.net (Yandex) with ESMTP id 01FF5124247B for <fethiyede@googlegroups.com>; Wed, 30 Jan 2013 16:42:43 +0400 (MSK) Received: from smtp2.mail.yandex.net (localhost [127.0.0.1]) by smtp2.mail.yandex.net (Yandex) with ESMTP id DBFA8E20611 for <fethiyede@googlegroups.com>; Wed, 30 Jan 2013 16:42:43 +0400 (MSK) Received: from 37-123.96-67.salay.com.tr (37-123.96-67.salay.com.tr [37.123.96.67]) by smtp2.mail.yandex.net (nwsmtp/Yandex) with ESMTP id gee8SK65-ggeagdsL; Wed, 30 Jan 2013 16:42:42 +0400 Thread-Topic: =?iso-8859-9?Q?G=FCn=FCbirlik_Kartepe_Turu_39_TL_/_G=FCn=FCbirlik_U?= =?iso-8859-9?Q?luda=F0_Turu__55_TL_/_Haftasonu_Tek_Gece_Kartepe_349_TL?= thread-index: Ac3+50nGprLpO0AYQHSkem91XQB4DQ== From: "KayakTurunuz.com" <summer@tatilkampanyasi.com> To: <fethiyede@googlegroups.com> Date: Wed, 30 Jan 2013 14:42:39 +0200 Organization: http://www.tatilkampanyasi.com Message-ID: <A9C0D628767B41BC8A1EBF7AB208CED4@WINQWZB03J61IN> MIME-Version: 1.0 X-Mailer: Microsoft CDO for Windows 2000 Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18645 X-Original-Sender: summer@tatilkampanyasi.com X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 2a02:6b8:0:602::1 is neither permitted nor denied by domain of summer@tatilkampanyasi.com) smtp.mail=summer@tatilkampanyasi.com Precedence: list Mailing-list: list fethiyede@googlegroups.com; contact fethiyede+owners@googlegroups.com X-Google-Group-Id: 25252391353 Content-Class: urn:content-classes:message X-Virus-Scanned: clamav-milter 0.97.5 at varya X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,HTML_IMAGE_RATIO_04, HTML_MESSAGE,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY,URIBL_DBL_SPAM autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on abdera.general.services.metu.edu.tr Subject: [REGISTER: 64911] =?iso-8859-9?q?G=FCn=FCbirlik_Kartepe_Turu_39_TL_/_G=FCn=FCbirli?= =?iso-8859-9?q?k_Uluda=F0_Turu__55_TL_/_Haftasonu_Tek_Gece_Kartepe?= =?iso-8859-9?q?_349_TL?= X-BeenThere: register@metu.edu.tr X-Mailman-Version: Reply-To: fethiyede@googlegroups.com List-Id: Local List Restricted to Subscription <register.metu.edu.tr> List-Unsubscribe: <https://mailman.metu.edu.tr/mailman/options/register>, <mailto:register-request@metu.edu.tr?subject=unsubscribe> List-Archive: <https://mailman.metu.edu.tr/mailman/private/register> List-Post: <mailto:register@metu.edu.tr> List-Help: <mailto:register-request@metu.edu.tr?subject=help> List-Subscribe: <https://mailman.metu.edu.tr/mailman/listinfo/register>, <mailto:register-request@metu.edu.tr?subject=subscribe> Content-Type: multipart/mixed; boundary="===============0167675183449664233==" Sender: register-bounces@metu.edu.tr Errors-To: register-bounces@metu.edu.tr
This is a multi-part message in MIME format.
. . . .
header_filter_rules are in the following link:
http://metu.edu.tr/~bingol/poptions.jpeg
Thank you.
On 01/30/2013 06:06 PM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 1/30/2013 11:42 PM, METU E-List Admin wrote:
[...]
X-BeenThere: fethiyede@googlegroups.com
I don't know why it would matter, but it seems your register@metu.edu.tr list a member of this fethiyede@googlegroups.com google group. Do you want that? Is all the problem mail coming via that google group? Do you have any list settings to allow mail from that group?
However, if you haven't reordered the pipeline for this list, SpamDetect which processes header_filter_rules comes first and should take precedence.
[...]
X-Mailer: Microsoft CDO for Windows 2000
It's hard to see from your jpeg image, but is it possible that your
^X-Mailer: (?!Microsoft Outlook .*)$
actually contains more than one space after the colon?
[...]
X-Mailman-Version:
Odd that this is empty ...
Reply-To: fethiyede@googlegroups.com [...]
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
Hello,
This mail address is not registered to any mailing lists officially. I think we have to request a manual unsubscribe from the owner of the list. However, there are lots of mails like this and blocking them is much easier and better method.
"^X-Mailer: (?!Microsoft Outlook .*)$" has single spacing between the colon and the parenthesis. The screenshot is taken using Chrome on Ubuntu.
We have removed the Mailman version number using the configuration file. I think that configuration also removes the version number from the headers. If it is a problem, we can convert it to the original state.
Thanks,
On 02/02/2013 11:36 AM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
"^X-Mailer: (?!Microsoft Outlook .*)$" has single spacing between the colon and the parenthesis. The screenshot is taken using Chrome on Ubuntu.
The screenshot is problematic for the reason that it is incomplete. The whole page is not shown and the content of some of the text boxes is longer than the box. It would be much better to post something like the relevant part of
bin/config_list -o - LISTNAME | grep -A20 header_filter_rules
to provide this information.
I don't think this would be a problem. The question still remains as to why your header_filter_rules rule is apparently not working.
You could try applying the attached patch to Mailman/Handlers/SpamDetect.py and restarting Mailman. This will produce a 'debug' log in Mailman's logs/ directory with information about all the header_filter_rules hits which may help find what's going wrong.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
Hello,
$ bin/config_list -o - REGISTER | grep -A20 header_filter_rules header_filter_rules = [('^X-Mailer: (?!Microsoft Outlook .*)$', 7, False), ('^X-Mailer-LID: .*$', 3, False), ('^X-Mailer-RecptId: .*$', 3, False), ('^X-Mailer-SID: .*$', 3, False), ('^X-Mailer-Sent-By: .*$', 3, False), ('^X-Spam-Status: Yes.*$', 3, False), ('^X-Spam-Flag: YES', 3, False), ('^X-Virus-Status: Yes', 3, False), ('^X-Bogosity-Metu: Yes', 3, False)]
# Use this option to prohibit posts according to specific header values. # The target value is a regular-expression for matching against the # specified header. The match is done disregarding letter case. Lines # beginning with '#' are ignored as comments. # # For example:to: .*@public.com says to hold all postings with a To: # mail header containing '@public.com' anywhere among the addresses. # # Note that leading whitespace is trimmed from the regexp. This can be # circumvented in a number of ways, e.g. by escaping or bracketing it. bounce_matching_headers = ''
## Bounce options # # These policies control the automatic bounce processing system in # Mailman. Here's an overview of how it works. # # <p>When a bounce is received, Mailman tries to extract two pieces of # information from the message: the address of the member the message
I will post the logs a few days later, just to make sure that it has the needed info.
Thanks,
On 02/06/2013 06:24 PM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
This regexp won't work. The negative lookahead does not advance the current position so your regexp says look for 'X-Mailer: ' at the beginning of the line not followed by 'Microsoft Outlook .*' but followed immediately by the end of the line, so it will only match a header like 'X-Mailer: ' not followed by anything.
What you want is
^X-Mailer: (?!Microsoft Outlook .*).*$
or just
^X-Mailer: (?!Microsoft Outlook .*)
or maybe even just
^X-Mailer: (?!Microsoft Outlook )
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
This includes the one above it.
bounce_matching_headers doesn't work that way. See the '(Details for bounce_matching_headers' link.
Regexps like the above should go in header_filter_rules with an appropriate action.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
I have added
^X-Mailer: (?!Microsoft Outlook .*)$
as the first rule and set to Hold according to your instructions.
I tried to block all mails except the mails from MS Outlook. However today, I received an email with header like:
X-Mailer: Microsoft CDO for Windows 2000
I couldn't understand why this header did not go to pending moderator requests.
On 01/30/2013 12:33 AM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
Was the message addressed to the list address or to the list-owner address? header_filter_rules with Hold action are not applied to -owner mail.
If this doesn't explain it, please post the entire content of header_filter_rules and the full headers of the message you received.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
The message was addressed to the list address. The email address I have registered is not the owner of the list.
The message headers are:
Return-Path: <register-bounces@metu.edu.tr> X-Original-To: bingol@metu.edu.tr Delivered-To: bingol@metu.edu.tr Received: from abdera.general.services.metu.edu.tr (abdera.general.services.metu.edu.tr [144.122.144.135]) by arikanda.general.services.metu.edu.tr (Postfix) with ESMTP id 8BA8C4D92; Wed, 30 Jan 2013 14:46:03 +0200 (EET) Received: from abdera.general.services.metu.edu.tr (localhost [127.0.0.1]) by abdera.general.services.metu.edu.tr (Postfix) with ESMTP id 1B5F13A46F; Wed, 30 Jan 2013 14:46:03 +0200 (EET) X-Original-To: register@mailman.metu.edu.tr Delivered-To: register@mailman.metu.edu.tr Received: from arikanda.general.services.metu.edu.tr (arikanda.general.services.metu.edu.tr [144.122.144.179]) by abdera.general.services.metu.edu.tr (Postfix) with ESMTP id 5D9133A328 for <register@mailman.metu.edu.tr>; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Received: by arikanda.general.services.metu.edu.tr (Postfix) id 2A20D5153; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Delivered-To: register@metu.edu.tr Received: from varya.cc.metu.edu.tr (varya.general.services.metu.edu.tr [144.122.145.141]) by arikanda.general.services.metu.edu.tr (Postfix) with ESMTP id 118DF4D11; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Received: from mail-wi0-f186.google.com (mail-wi0-f186.google.com [209.85.212.186]) by varya.cc.metu.edu.tr (Postfix) with ESMTP id 0C2D560099; Wed, 30 Jan 2013 14:45:29 +0200 (EET) Received: by mail-wi0-f186.google.com with SMTP id hq4sf574786wib.23 for <multiple recipients>; Wed, 30 Jan 2013 04:45:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=x-received:x-beenthere:x-received:x-received:x-received :received-spf:thread-topic:thread-index:reply-to:from:sender:to :subject:date:organization:message-id:mime-version:x-mailer :importance:priority:x-mimeole:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-google-group-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe:content-type:content-class; bh=FdFbVDlNean5sSj9PA4NFtgR31tbLrE1ohLudRAmxjE=; b=dSsb+1QyDzJizefQgoPTQ9XXbJ8CjcaUTuf2tNPEN8JABqO81ca6HMXByOZEzF46HB bdx52DmaQUAewajjVREM4bXpHrlVR7xQaLRgo8bRtjj5LgTqUqwJYJ4DTSXWkfUGNmEM 1fbE4T7vT6RtKJcgJQZDSEJFXvJHKRzGx4im1KgJgm6luN/CMA0tKOhYhdsgGFhwWLQM a0SdH4bAKAQQHwe+hpvMLgY+ZKblGyi6FEKJruIgpe6hgQZkhAPOL7hSWYobuTJf+97G /1G6FhSRNzVtXK4AAOz+CFtLN6UhC1mzU4IDYGOKdVDiLih/4vcEps9iF8BcsAzeKC0v SBjQ== X-Received: by 10.180.88.231 with SMTP id bj7mr442627wib.5.1359549928950; Wed, 30 Jan 2013 04:45:28 -0800 (PST) X-BeenThere: fethiyede@googlegroups.com Received: by 10.180.91.46 with SMTP id cb14ls409844wib.10.gmail; Wed, 30 Jan 2013 04:45:06 -0800 (PST) X-Received: by 10.180.19.66 with SMTP id c2mr1471014wie.6.1359549906477; Wed, 30 Jan 2013 04:45:06 -0800 (PST) Received: by 10.194.71.193 with SMTP id x1mswju; Wed, 30 Jan 2013 04:43:54 -0800 (PST) X-Received: by 10.204.4.217 with SMTP id 25mr299939bks.1.1359549827269; Wed, 30 Jan 2013 04:43:47 -0800 (PST) X-Received: by 10.204.4.217 with SMTP id 25mr299938bks.1.1359549827241; Wed, 30 Jan 2013 04:43:47 -0800 (PST) Received: from forward1.mail.yandex.net (forward1.mail.yandex.net. [2a02:6b8:0:602::1]) by gmr-mx.google.com with ESMTP id s1si6897bkt.3.2013.01.30.04.43.47; Wed, 30 Jan 2013 04:43:47 -0800 (PST) Received-SPF: neutral (google.com: 2a02:6b8:0:602::1 is neither permitted nor denied by domain of summer@tatilkampanyasi.com) client-ip=2a02:6b8:0:602::1; Received: from smtp2.mail.yandex.net (smtp2.mail.yandex.net [77.88.46.102]) by forward1.mail.yandex.net (Yandex) with ESMTP id 01FF5124247B for <fethiyede@googlegroups.com>; Wed, 30 Jan 2013 16:42:43 +0400 (MSK) Received: from smtp2.mail.yandex.net (localhost [127.0.0.1]) by smtp2.mail.yandex.net (Yandex) with ESMTP id DBFA8E20611 for <fethiyede@googlegroups.com>; Wed, 30 Jan 2013 16:42:43 +0400 (MSK) Received: from 37-123.96-67.salay.com.tr (37-123.96-67.salay.com.tr [37.123.96.67]) by smtp2.mail.yandex.net (nwsmtp/Yandex) with ESMTP id gee8SK65-ggeagdsL; Wed, 30 Jan 2013 16:42:42 +0400 Thread-Topic: =?iso-8859-9?Q?G=FCn=FCbirlik_Kartepe_Turu_39_TL_/_G=FCn=FCbirlik_U?= =?iso-8859-9?Q?luda=F0_Turu__55_TL_/_Haftasonu_Tek_Gece_Kartepe_349_TL?= thread-index: Ac3+50nGprLpO0AYQHSkem91XQB4DQ== From: "KayakTurunuz.com" <summer@tatilkampanyasi.com> To: <fethiyede@googlegroups.com> Date: Wed, 30 Jan 2013 14:42:39 +0200 Organization: http://www.tatilkampanyasi.com Message-ID: <A9C0D628767B41BC8A1EBF7AB208CED4@WINQWZB03J61IN> MIME-Version: 1.0 X-Mailer: Microsoft CDO for Windows 2000 Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18645 X-Original-Sender: summer@tatilkampanyasi.com X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 2a02:6b8:0:602::1 is neither permitted nor denied by domain of summer@tatilkampanyasi.com) smtp.mail=summer@tatilkampanyasi.com Precedence: list Mailing-list: list fethiyede@googlegroups.com; contact fethiyede+owners@googlegroups.com X-Google-Group-Id: 25252391353 Content-Class: urn:content-classes:message X-Virus-Scanned: clamav-milter 0.97.5 at varya X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,HTML_IMAGE_RATIO_04, HTML_MESSAGE,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY,URIBL_DBL_SPAM autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on abdera.general.services.metu.edu.tr Subject: [REGISTER: 64911] =?iso-8859-9?q?G=FCn=FCbirlik_Kartepe_Turu_39_TL_/_G=FCn=FCbirli?= =?iso-8859-9?q?k_Uluda=F0_Turu__55_TL_/_Haftasonu_Tek_Gece_Kartepe?= =?iso-8859-9?q?_349_TL?= X-BeenThere: register@metu.edu.tr X-Mailman-Version: Reply-To: fethiyede@googlegroups.com List-Id: Local List Restricted to Subscription <register.metu.edu.tr> List-Unsubscribe: <https://mailman.metu.edu.tr/mailman/options/register>, <mailto:register-request@metu.edu.tr?subject=unsubscribe> List-Archive: <https://mailman.metu.edu.tr/mailman/private/register> List-Post: <mailto:register@metu.edu.tr> List-Help: <mailto:register-request@metu.edu.tr?subject=help> List-Subscribe: <https://mailman.metu.edu.tr/mailman/listinfo/register>, <mailto:register-request@metu.edu.tr?subject=subscribe> Content-Type: multipart/mixed; boundary="===============0167675183449664233==" Sender: register-bounces@metu.edu.tr Errors-To: register-bounces@metu.edu.tr
This is a multi-part message in MIME format.
. . . .
header_filter_rules are in the following link:
http://metu.edu.tr/~bingol/poptions.jpeg
Thank you.
On 01/30/2013 06:06 PM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 1/30/2013 11:42 PM, METU E-List Admin wrote:
[...]
X-BeenThere: fethiyede@googlegroups.com
I don't know why it would matter, but it seems your register@metu.edu.tr list a member of this fethiyede@googlegroups.com google group. Do you want that? Is all the problem mail coming via that google group? Do you have any list settings to allow mail from that group?
However, if you haven't reordered the pipeline for this list, SpamDetect which processes header_filter_rules comes first and should take precedence.
[...]
X-Mailer: Microsoft CDO for Windows 2000
It's hard to see from your jpeg image, but is it possible that your
^X-Mailer: (?!Microsoft Outlook .*)$
actually contains more than one space after the colon?
[...]
X-Mailman-Version:
Odd that this is empty ...
Reply-To: fethiyede@googlegroups.com [...]
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
Hello,
This mail address is not registered to any mailing lists officially. I think we have to request a manual unsubscribe from the owner of the list. However, there are lots of mails like this and blocking them is much easier and better method.
"^X-Mailer: (?!Microsoft Outlook .*)$" has single spacing between the colon and the parenthesis. The screenshot is taken using Chrome on Ubuntu.
We have removed the Mailman version number using the configuration file. I think that configuration also removes the version number from the headers. If it is a problem, we can convert it to the original state.
Thanks,
On 02/02/2013 11:36 AM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
"^X-Mailer: (?!Microsoft Outlook .*)$" has single spacing between the colon and the parenthesis. The screenshot is taken using Chrome on Ubuntu.
The screenshot is problematic for the reason that it is incomplete. The whole page is not shown and the content of some of the text boxes is longer than the box. It would be much better to post something like the relevant part of
bin/config_list -o - LISTNAME | grep -A20 header_filter_rules
to provide this information.
I don't think this would be a problem. The question still remains as to why your header_filter_rules rule is apparently not working.
You could try applying the attached patch to Mailman/Handlers/SpamDetect.py and restarting Mailman. This will produce a 'debug' log in Mailman's logs/ directory with information about all the header_filter_rules hits which may help find what's going wrong.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/1a3990123467886095a43c76ce5b5477.jpg?s=120&d=mm&r=g)
Hello,
$ bin/config_list -o - REGISTER | grep -A20 header_filter_rules header_filter_rules = [('^X-Mailer: (?!Microsoft Outlook .*)$', 7, False), ('^X-Mailer-LID: .*$', 3, False), ('^X-Mailer-RecptId: .*$', 3, False), ('^X-Mailer-SID: .*$', 3, False), ('^X-Mailer-Sent-By: .*$', 3, False), ('^X-Spam-Status: Yes.*$', 3, False), ('^X-Spam-Flag: YES', 3, False), ('^X-Virus-Status: Yes', 3, False), ('^X-Bogosity-Metu: Yes', 3, False)]
# Use this option to prohibit posts according to specific header values. # The target value is a regular-expression for matching against the # specified header. The match is done disregarding letter case. Lines # beginning with '#' are ignored as comments. # # For example:to: .*@public.com says to hold all postings with a To: # mail header containing '@public.com' anywhere among the addresses. # # Note that leading whitespace is trimmed from the regexp. This can be # circumvented in a number of ways, e.g. by escaping or bracketing it. bounce_matching_headers = ''
## Bounce options # # These policies control the automatic bounce processing system in # Mailman. Here's an overview of how it works. # # <p>When a bounce is received, Mailman tries to extract two pieces of # information from the message: the address of the member the message
I will post the logs a few days later, just to make sure that it has the needed info.
Thanks,
On 02/06/2013 06:24 PM, Mark Sapiro wrote:
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
METU E-List Admin wrote:
This regexp won't work. The negative lookahead does not advance the current position so your regexp says look for 'X-Mailer: ' at the beginning of the line not followed by 'Microsoft Outlook .*' but followed immediately by the end of the line, so it will only match a header like 'X-Mailer: ' not followed by anything.
What you want is
^X-Mailer: (?!Microsoft Outlook .*).*$
or just
^X-Mailer: (?!Microsoft Outlook .*)
or maybe even just
^X-Mailer: (?!Microsoft Outlook )
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro
-
METU E-List Admin