![](https://secure.gravatar.com/avatar/4748b504f04dbc4574ba92c33957c0ef.jpg?s=120&d=mm&r=g)
My lists are locked down to only allow posts from members, so my members are not getting any SPAM. However, as list owner, every one of my lists is getting a large amount of SPAM - generally sent to the listname-owner or to mailman-owner. My maillog entry looks like this:
Sep 23 10:39:34 hostname sendmail[17245]: l8NHdYwF017244: to="|/usr/lib/mailman/mail
/mailman owner mailman", ctladdr=<mailman-owner@my.domain.com> (8/0), delay
=00:00:00, xdelay=00:00:00, mailer=prog, pri=140071, dsn=2.0.0, stat=Sent
Sep 23 10:39:35 hostname sendmail[17247]: l8NHdZV9017247: from=<mailman-bounces@my
.domain.com>, size=2069, class=-60, nrcpts=1, msgid=<mailman.23.1190569172.40
86.mailman@my.domain.com>, proto=ESMTP, daemon=Daemon0, relay=localhost.loc
aldomain [127.0.0.1]
Does anyone know how to best stop these? Are these SPAM's coming from the outside direct to the e-mail address, or are they somehow going through mailman? If the latter, can I stop it in mailman somehow? If the former, does somebody have a recommended way to stop them? I have a SPAM filter running on my end system, but I am just tired of the constant flow of SPAM.
Thanks for any help.
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 9/29/07, Gary Spivey wrote:
These messages are coming from Mailman internally, where some outside user has tried to spam your list, but instead the message has wound up being held for moderation. Then it's up to you to go through and administer the moderator queue at least once a day, for every list.
The alternative is to make the default non-subscriber action to be reject instead of holding for moderation. However, this won't be very friendly to real humans who try to post to your list, and you'll be sending an auto-response back to the sender address, which is probably forged.
This is a "lesser of two evils" choice. You have to decide for yourself and your user community as to what the lesser evil is between these two options.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/5c0e5dfd9fb50b2a5cba34952c5a7080.jpg?s=120&d=mm&r=g)
The way I approached this was I sort of built a new front end. (Thank you Mark for your help!)
Instead of people starting at the default Mailman 'advertised lists" page I sent everyone here: http://e-aa.org/maillist.html
I created new lists and moved all the subscribers.
I edited the HTML in the /mailman/listinfo/list_name_here pages so there were no mailto: links, there is a typed out address if people really want to get in touch with the moderators.
If you follow the link to the administrative page for each list it has a mailto: link that discards all the mail that comes in.
On our website we have 2 email addresses in public view with mailto: links used for support purposes, we change these whenever the spam level gets irritating.
This has worked very well, every once in a while someone becomes a spam bot, we track them down and encourage them to clean their computer, other than that we have no spam to our lists.
Dennis
Gary Spivey wrote:
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Gary Spivey wrote:
This message was sent to the mailman-owner address. It could have been sent directly there or it could be a Mailman generated notice. If the latter, it will look like a notice, I.e. it will have a subject like "listname post from a@example.com requires approval" or "Uncaught bounce notification" and will be a multipart message with the original spam in a separate part.
If this is just a straight spam, it was sent by the spammer to the mailman-owner address. It could also be the result of spam sent to some remote address which spoofed the mailman-owner address as the sender and got bounced back to mailman-owner by the remote server.
This is a Mailman generated message-id for a notice from the 'mailman' list, so it is a Mailman notice, but I don't think it is the same message as the first one because it has a different sendmail id.
Does anyone know how to best stop these? Are these SPAM's coming from the outside direct to the e-mail address,
If they just look like spam, then yes, they are coming directly to the -owner address.
I use spamassassin with a pretty low threshold, but there is so much volume that the 5% that gets through is a bunch. I wish I had a better solution.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 9/30/07, Mark Sapiro wrote:
There are an infinite variety of "solutions" to the "spam problem", and the problem is that what solves the problem 100% for some sites is not even a 5% solution for others, but the people who implemented that solution don't know or care that works well for them won't necessarily work well for others -- they think they have the FUSSP (see <http://www.rhyolite.com/anti-spam/you-might-be.html>), but they have not understood the true nature of the FUSSP.
In my experience, SpamAssassin is one good tool in the kit, and there are a variety of ways to install and configure it, and if you haven't recently explored all of those ways then you might want to check out the latest versions. That said, SpamAssassin is most definitely not the FUSSP, and you will most likely need to also use other tools in your kit to help you fight this battle.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/334b870d5b26878a79b2dc4cfcc500bc.jpg?s=120&d=mm&r=g)
Gary Spivey writes:
There's no recommended way. As Mark says, only a choice of evils. The basic problem that we face is that email (and wikis and HTML forms) are *designed* to be open access. That means that they're open to spammers too. All of them can be abused; email is easiest/cheapest to abuse, HTML forms are typically hard/costly to abuse. But somebody is going to try. That's the nature of the beast.
As I see it there are three basic strategies:
Private networks. The design varies, but the basic idea is that only authorized users can post. This is the strategy that ensures that your users don't get (much) spam. This strategy is inappropriate for an admin address, because "the doorkeeper won't let me in" is a very common problem that legitimate users have. You can't use the same doorkeeper for the support channel!
Automated filtering, laxer than the moderation standard, set to "discard" (not "reject", as somebody suggested, because that leads to backscatter). This is basically abdicating much of your responsibility, because legitimate inquiries may get discarded without notice. However, it's fairly easy to tune these to pass all legitimate internal mail (mail from Mailman is very stylized and doesn't look like spam, although nobody in their right mind enjoys reading it :-/ ).
Improved human moderation. I have two queues, one which basically amounts to "spamassassin rating 1.0 to 5.0" and the other is Mailman's moderation filters (not a member, etc). I have separate script (using grep and rm -i) which more or less allows discarding the former a page at a time. It's still a burden, but one I find acceptable since the lists are support services for free software, and so I prefer them to be essentially open-post.
If (3) interests you, I can go into more detail about my solution, but I gotta run right now.
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 10/1/07, Stephen J. Turnbull wrote:
If (3) interests you, I can go into more detail about my solution, but I gotta run right now.
BTW, #1 and #2 are also issues for e-mail to Postmaster, which is covered in the SAGE Booklet "Internet Postmaster: Duties and Responsibilities" (see <http://www.sage.org/pubs/15_postmaster/>).
Yes, I'm biased -- I was the co-author.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 10/1/07, Stephen J. Turnbull wrote:
It's not what I would call proprietary. USENIX and SAGE are charging money for the booklet, in large part to help recover production and publishing costs.
I would like to see them allow a reduced fee for buying a copy online, so that you can choose whether or not you want to print out a copy for yourself, but still giving them some reasonable protection against loss of revenue due to the material being freely available in an electronic form.
However, one of the benefits of being a SAGE member is that you can download copies of all of the SAGE "Short Topics" booklets for free. So, if there's enough booklets you're interested in, then becoming a member of SAGE would be effectively free.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/334b870d5b26878a79b2dc4cfcc500bc.jpg?s=120&d=mm&r=g)
Brad Knowles writes:
giving them some reasonable protection against loss of revenue due to the material being freely available in an electronic form.
You may not call that proprietary, but that's precisely the definition of "proprietary" that one arrives at when observing the behavior of non-profit organizations like the IEEE and the ISO.
I don't have an objection to proprietary material, and undoubtedly it's well-worth the nominal cost in this case. I don't even have a problem with the reference in the context of a forum where most of the advice is given for free (in any sense you choose). I just think the fact that some rights are reserved should be mentioned when you refer to it. Since you didn't, I took the liberty of doing so in my own style.<wink>
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 10/1/07, Stephen J. Turnbull wrote:
They are a publisher. They publish a series of booklets, with real ISBNs and all. You can't buy them at Barnes & Noble or on Amazon, but they're still real, live, dead-tree editions.
This is no different from most other publishers, except they charge much more reasonable fees for their booklets -- they are a 501c3 non-profit organization, after all.
If I had mentioned a book that I wrote or co-authored, or a book that I had been technical reviewer of (e.g., 2nd editions of the O'Reilly books _DNS & BIND_ and _sendmail_) and I provided a link to the publishers web page for the book, would you have done anything different?
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/7f5beb285d92321b29832d2a3421b82e.jpg?s=120&d=mm&r=g)
On Sunday, September 30, 2007, 12:30:44 AM, Gary Spivey wrote:
GS> My lists are locked down to only allow posts from members, so my GS> members are not getting any [spam]. However, as list owner, every GS> one of my lists is getting a large amount of [spam] - generally GS> sent to the listname-owner or to mailman-owner.
I run only a small handful of lists, with anywhere from 20 to 200 members each, and filter out at least 200 spams to the various list addresses daily by running everything through SpamAssassin via a small bit of procmail.
I've been doing this for about a year now, and very few spams get through, resulting in very few messages for a moderator and uncaught bounce notifications. Legitimate bounces (e.g. a user submitting a message from a recently changed email addresses) still occur as expected & desired.
Wholesale bouncing of list mail to non-subscribers is totally unacceptable due to the amount of outscatter this will cause. (see http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )
It only took one list member from one of the smaller lists (which is private and not listed anywhere) who had their address book harvested by a trojan to cause about 50 spam emails a day to that list alone on an ongoing basis... so hiding the list addresses doesn't guarantee that they won't eventually leak out and get on the spam lists.
Aliases file entries and procmail script is below. I'm currently tagging list filtered spam and shunting it to a specific folder which I periodically review and flush, but it could just as easily be sent to /dev/null.
From the aliases file:
## listname mailing list listname: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc post listname" listname-admin: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc admin listname" listname-bounces: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc bounces listname" listname-confirm: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc confirm listname" listname-join: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc join listname" listname-leave: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc leave listname" listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname" listname-request: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc request listname" listname-subscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc subscribe listname" listname-unsubscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc unsubscribe listname"
The mailman.rc file is:
VERBOSE=yes LOGFILE=/var/log/mailman-procmail.log
MMCOMMAND=$1 MMLIST=$2
:0fw
- < 256000 |/usr/bin/spamc
Send on to Mailman if not marked as spam
:0 H
- !^X-Spam-Status: Yes |/var/mailman/mail/mailman $MMCOMMAND $MMLIST
Otherwise add tag and send to abuse mailbox
:0
- ^Subject:[ ]*\/[^ ].* { SUBJECT=$MATCH }
create the new subject token
SUBJECT="[$MMLIST Filtered] $MATCH"
# insert it into the headers :0hf | formail -I "Subject: $SUBJECT"
# and forward
:0 ! spam
-- Best regards, Robert Braver rbraver@ohww.norman.ok.us
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 9/30/07, Robert Braver wrote:
Mailman is pretty resistant to generating backscatter. Yes, if configured to do so, it will generate it. But it keeps track of how often it has responded to a given address in a given period of time, and won't respond more than a set number of times in a day to a given address. This effectively limits the ability to abuse Mailman as a backscatter amplifier for a DDoS attack.
However, in some cases, even just a single instance of backscatter can get you put on a blacklist. So, you've got to weigh the relative evils of not responding at all to a potential legitimate message from a real human being, or generating potential backscatter.
Security through obscurity never works. Ultimately, you always get found out. Usually, that ends up happening sooner rather than later. However, keeping lists private as part of a larger security scheme can be effective -- just make sure that keeping the list private isn't your only method of security.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/4748b504f04dbc4574ba92c33957c0ef.jpg?s=120&d=mm&r=g)
Well - thanks all for the input, and Robert for your sample files - I have spent the spare moments of the last few days implementing procmail and spam assassin. I then changed my alias file as listed below
listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname"
only for the listname-owner lines of the various lists ...
Now, I don't get SPAM - this is great - I tried training spamassassin with some SPAM and with the ham of all of the mailman list archives to improve the selection. It seemed unclear to me, but apparently each user has their own training, so I trained as both root and as the mailman user - somebody can clue me in please on what is/was proper there ...
ALMOST THERE!!!!!
Now, my trouble is that when I send legitimately to a list - say a mail that is too large and needs moderation, then mailman sends an e-mail to listname-owner to moderate the e-mail. However, my beautiful SPAM filter is snagging it ... sigh ... I hate SPAM. I am perfectly satisfied with the size of ... well ... anyway ...
Any futher help on how to train spamassassin to allow the legitimate e-mails to listname-owner and reject the others? Is there some way to make it so that e-mails from mailman to listname-owner get through but the others don't?
Hmmm ... maybe procmail?!!? Can I filter on the from line to see if it is coming from my own mailman address? I am off to try that - any other thoughts would certainly be appreciated. I have had a couple days worth of education going here (like smrsh - who knew that would be restricted?!?!)
-Gary
-----Original Message----- From: mailman-users-bounces+gspivey=georgefox.edu@python.org [mailto:mailman-users-bounces+gspivey=georgefox.edu@python.org] On Behalf Of Robert Braver Sent: Sunday, September 30, 2007 10:54 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Preventing spam to list owners
On Sunday, September 30, 2007, 12:30:44 AM, Gary Spivey wrote:
GS> My lists are locked down to only allow posts from members, so my GS> members are not getting any [spam]. However, as list owner, every GS> one of my lists is getting a large amount of [spam] - generally GS> sent to the listname-owner or to mailman-owner.
I run only a small handful of lists, with anywhere from 20 to 200 members each, and filter out at least 200 spams to the various list addresses daily by running everything through SpamAssassin via a small bit of procmail.
I've been doing this for about a year now, and very few spams get through, resulting in very few messages for a moderator and uncaught bounce notifications. Legitimate bounces (e.g. a user submitting a message from a recently changed email addresses) still occur as expected & desired.
Wholesale bouncing of list mail to non-subscribers is totally unacceptable due to the amount of outscatter this will cause. (see http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )
It only took one list member from one of the smaller lists (which is private and not listed anywhere) who had their address book harvested by a trojan to cause about 50 spam emails a day to that list alone on an ongoing basis... so hiding the list addresses doesn't guarantee that they won't eventually leak out and get on the spam lists.
Aliases file entries and procmail script is below. I'm currently tagging list filtered spam and shunting it to a specific folder which I periodically review and flush, but it could just as easily be sent to /dev/null.
From the aliases file:
## listname mailing list listname: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc post listname" listname-admin: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc admin listname" listname-bounces: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc bounces listname" listname-confirm: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc confirm listname" listname-join: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc join listname" listname-leave: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc leave listname" listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname" listname-request: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc request listname" listname-subscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc subscribe listname" listname-unsubscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc unsubscribe listname"
The mailman.rc file is:
VERBOSE=yes LOGFILE=/var/log/mailman-procmail.log
MMCOMMAND=$1 MMLIST=$2
:0fw
- < 256000 |/usr/bin/spamc
Send on to Mailman if not marked as spam
:0 H
- !^X-Spam-Status: Yes |/var/mailman/mail/mailman $MMCOMMAND $MMLIST
Otherwise add tag and send to abuse mailbox
:0
- ^Subject:[ ]*\/[^ ].* { SUBJECT=$MATCH }
create the new subject token
SUBJECT="[$MMLIST Filtered] $MATCH"
# insert it into the headers :0hf | formail -I "Subject: $SUBJECT"
# and forward
:0 ! spam
-- Best regards, Robert Braver rbraver@ohww.norman.ok.us
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/gspivey%40georgefox .edu
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 9/29/07, Gary Spivey wrote:
These messages are coming from Mailman internally, where some outside user has tried to spam your list, but instead the message has wound up being held for moderation. Then it's up to you to go through and administer the moderator queue at least once a day, for every list.
The alternative is to make the default non-subscriber action to be reject instead of holding for moderation. However, this won't be very friendly to real humans who try to post to your list, and you'll be sending an auto-response back to the sender address, which is probably forged.
This is a "lesser of two evils" choice. You have to decide for yourself and your user community as to what the lesser evil is between these two options.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/5c0e5dfd9fb50b2a5cba34952c5a7080.jpg?s=120&d=mm&r=g)
The way I approached this was I sort of built a new front end. (Thank you Mark for your help!)
Instead of people starting at the default Mailman 'advertised lists" page I sent everyone here: http://e-aa.org/maillist.html
I created new lists and moved all the subscribers.
I edited the HTML in the /mailman/listinfo/list_name_here pages so there were no mailto: links, there is a typed out address if people really want to get in touch with the moderators.
If you follow the link to the administrative page for each list it has a mailto: link that discards all the mail that comes in.
On our website we have 2 email addresses in public view with mailto: links used for support purposes, we change these whenever the spam level gets irritating.
This has worked very well, every once in a while someone becomes a spam bot, we track them down and encourage them to clean their computer, other than that we have no spam to our lists.
Dennis
Gary Spivey wrote:
![](https://secure.gravatar.com/avatar/746f7519ba02fb0d815e59f305c53fa2.jpg?s=120&d=mm&r=g)
Gary Spivey wrote:
This message was sent to the mailman-owner address. It could have been sent directly there or it could be a Mailman generated notice. If the latter, it will look like a notice, I.e. it will have a subject like "listname post from a@example.com requires approval" or "Uncaught bounce notification" and will be a multipart message with the original spam in a separate part.
If this is just a straight spam, it was sent by the spammer to the mailman-owner address. It could also be the result of spam sent to some remote address which spoofed the mailman-owner address as the sender and got bounced back to mailman-owner by the remote server.
This is a Mailman generated message-id for a notice from the 'mailman' list, so it is a Mailman notice, but I don't think it is the same message as the first one because it has a different sendmail id.
Does anyone know how to best stop these? Are these SPAM's coming from the outside direct to the e-mail address,
If they just look like spam, then yes, they are coming directly to the -owner address.
I use spamassassin with a pretty low threshold, but there is so much volume that the 5% that gets through is a bunch. I wish I had a better solution.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 9/30/07, Mark Sapiro wrote:
There are an infinite variety of "solutions" to the "spam problem", and the problem is that what solves the problem 100% for some sites is not even a 5% solution for others, but the people who implemented that solution don't know or care that works well for them won't necessarily work well for others -- they think they have the FUSSP (see <http://www.rhyolite.com/anti-spam/you-might-be.html>), but they have not understood the true nature of the FUSSP.
In my experience, SpamAssassin is one good tool in the kit, and there are a variety of ways to install and configure it, and if you haven't recently explored all of those ways then you might want to check out the latest versions. That said, SpamAssassin is most definitely not the FUSSP, and you will most likely need to also use other tools in your kit to help you fight this battle.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/334b870d5b26878a79b2dc4cfcc500bc.jpg?s=120&d=mm&r=g)
Gary Spivey writes:
There's no recommended way. As Mark says, only a choice of evils. The basic problem that we face is that email (and wikis and HTML forms) are *designed* to be open access. That means that they're open to spammers too. All of them can be abused; email is easiest/cheapest to abuse, HTML forms are typically hard/costly to abuse. But somebody is going to try. That's the nature of the beast.
As I see it there are three basic strategies:
Private networks. The design varies, but the basic idea is that only authorized users can post. This is the strategy that ensures that your users don't get (much) spam. This strategy is inappropriate for an admin address, because "the doorkeeper won't let me in" is a very common problem that legitimate users have. You can't use the same doorkeeper for the support channel!
Automated filtering, laxer than the moderation standard, set to "discard" (not "reject", as somebody suggested, because that leads to backscatter). This is basically abdicating much of your responsibility, because legitimate inquiries may get discarded without notice. However, it's fairly easy to tune these to pass all legitimate internal mail (mail from Mailman is very stylized and doesn't look like spam, although nobody in their right mind enjoys reading it :-/ ).
Improved human moderation. I have two queues, one which basically amounts to "spamassassin rating 1.0 to 5.0" and the other is Mailman's moderation filters (not a member, etc). I have separate script (using grep and rm -i) which more or less allows discarding the former a page at a time. It's still a burden, but one I find acceptable since the lists are support services for free software, and so I prefer them to be essentially open-post.
If (3) interests you, I can go into more detail about my solution, but I gotta run right now.
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 10/1/07, Stephen J. Turnbull wrote:
If (3) interests you, I can go into more detail about my solution, but I gotta run right now.
BTW, #1 and #2 are also issues for e-mail to Postmaster, which is covered in the SAGE Booklet "Internet Postmaster: Duties and Responsibilities" (see <http://www.sage.org/pubs/15_postmaster/>).
Yes, I'm biased -- I was the co-author.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 10/1/07, Stephen J. Turnbull wrote:
It's not what I would call proprietary. USENIX and SAGE are charging money for the booklet, in large part to help recover production and publishing costs.
I would like to see them allow a reduced fee for buying a copy online, so that you can choose whether or not you want to print out a copy for yourself, but still giving them some reasonable protection against loss of revenue due to the material being freely available in an electronic form.
However, one of the benefits of being a SAGE member is that you can download copies of all of the SAGE "Short Topics" booklets for free. So, if there's enough booklets you're interested in, then becoming a member of SAGE would be effectively free.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/334b870d5b26878a79b2dc4cfcc500bc.jpg?s=120&d=mm&r=g)
Brad Knowles writes:
giving them some reasonable protection against loss of revenue due to the material being freely available in an electronic form.
You may not call that proprietary, but that's precisely the definition of "proprietary" that one arrives at when observing the behavior of non-profit organizations like the IEEE and the ISO.
I don't have an objection to proprietary material, and undoubtedly it's well-worth the nominal cost in this case. I don't even have a problem with the reference in the context of a forum where most of the advice is given for free (in any sense you choose). I just think the fact that some rights are reserved should be mentioned when you refer to it. Since you didn't, I took the liberty of doing so in my own style.<wink>
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 10/1/07, Stephen J. Turnbull wrote:
They are a publisher. They publish a series of booklets, with real ISBNs and all. You can't buy them at Barnes & Noble or on Amazon, but they're still real, live, dead-tree editions.
This is no different from most other publishers, except they charge much more reasonable fees for their booklets -- they are a 501c3 non-profit organization, after all.
If I had mentioned a book that I wrote or co-authored, or a book that I had been technical reviewer of (e.g., 2nd editions of the O'Reilly books _DNS & BIND_ and _sendmail_) and I provided a link to the publishers web page for the book, would you have done anything different?
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/7f5beb285d92321b29832d2a3421b82e.jpg?s=120&d=mm&r=g)
On Sunday, September 30, 2007, 12:30:44 AM, Gary Spivey wrote:
GS> My lists are locked down to only allow posts from members, so my GS> members are not getting any [spam]. However, as list owner, every GS> one of my lists is getting a large amount of [spam] - generally GS> sent to the listname-owner or to mailman-owner.
I run only a small handful of lists, with anywhere from 20 to 200 members each, and filter out at least 200 spams to the various list addresses daily by running everything through SpamAssassin via a small bit of procmail.
I've been doing this for about a year now, and very few spams get through, resulting in very few messages for a moderator and uncaught bounce notifications. Legitimate bounces (e.g. a user submitting a message from a recently changed email addresses) still occur as expected & desired.
Wholesale bouncing of list mail to non-subscribers is totally unacceptable due to the amount of outscatter this will cause. (see http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )
It only took one list member from one of the smaller lists (which is private and not listed anywhere) who had their address book harvested by a trojan to cause about 50 spam emails a day to that list alone on an ongoing basis... so hiding the list addresses doesn't guarantee that they won't eventually leak out and get on the spam lists.
Aliases file entries and procmail script is below. I'm currently tagging list filtered spam and shunting it to a specific folder which I periodically review and flush, but it could just as easily be sent to /dev/null.
From the aliases file:
## listname mailing list listname: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc post listname" listname-admin: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc admin listname" listname-bounces: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc bounces listname" listname-confirm: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc confirm listname" listname-join: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc join listname" listname-leave: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc leave listname" listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname" listname-request: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc request listname" listname-subscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc subscribe listname" listname-unsubscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc unsubscribe listname"
The mailman.rc file is:
VERBOSE=yes LOGFILE=/var/log/mailman-procmail.log
MMCOMMAND=$1 MMLIST=$2
:0fw
- < 256000 |/usr/bin/spamc
Send on to Mailman if not marked as spam
:0 H
- !^X-Spam-Status: Yes |/var/mailman/mail/mailman $MMCOMMAND $MMLIST
Otherwise add tag and send to abuse mailbox
:0
- ^Subject:[ ]*\/[^ ].* { SUBJECT=$MATCH }
create the new subject token
SUBJECT="[$MMLIST Filtered] $MATCH"
# insert it into the headers :0hf | formail -I "Subject: $SUBJECT"
# and forward
:0 ! spam
-- Best regards, Robert Braver rbraver@ohww.norman.ok.us
![](https://secure.gravatar.com/avatar/7bdecdef03708b218939094eb05e8b35.jpg?s=120&d=mm&r=g)
On 9/30/07, Robert Braver wrote:
Mailman is pretty resistant to generating backscatter. Yes, if configured to do so, it will generate it. But it keeps track of how often it has responded to a given address in a given period of time, and won't respond more than a set number of times in a day to a given address. This effectively limits the ability to abuse Mailman as a backscatter amplifier for a DDoS attack.
However, in some cases, even just a single instance of backscatter can get you put on a blacklist. So, you've got to weigh the relative evils of not responding at all to a potential legitimate message from a real human being, or generating potential backscatter.
Security through obscurity never works. Ultimately, you always get found out. Usually, that ends up happening sooner rather than later. However, keeping lists private as part of a larger security scheme can be effective -- just make sure that keeping the list private isn't your only method of security.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
![](https://secure.gravatar.com/avatar/4748b504f04dbc4574ba92c33957c0ef.jpg?s=120&d=mm&r=g)
Well - thanks all for the input, and Robert for your sample files - I have spent the spare moments of the last few days implementing procmail and spam assassin. I then changed my alias file as listed below
listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname"
only for the listname-owner lines of the various lists ...
Now, I don't get SPAM - this is great - I tried training spamassassin with some SPAM and with the ham of all of the mailman list archives to improve the selection. It seemed unclear to me, but apparently each user has their own training, so I trained as both root and as the mailman user - somebody can clue me in please on what is/was proper there ...
ALMOST THERE!!!!!
Now, my trouble is that when I send legitimately to a list - say a mail that is too large and needs moderation, then mailman sends an e-mail to listname-owner to moderate the e-mail. However, my beautiful SPAM filter is snagging it ... sigh ... I hate SPAM. I am perfectly satisfied with the size of ... well ... anyway ...
Any futher help on how to train spamassassin to allow the legitimate e-mails to listname-owner and reject the others? Is there some way to make it so that e-mails from mailman to listname-owner get through but the others don't?
Hmmm ... maybe procmail?!!? Can I filter on the from line to see if it is coming from my own mailman address? I am off to try that - any other thoughts would certainly be appreciated. I have had a couple days worth of education going here (like smrsh - who knew that would be restricted?!?!)
-Gary
-----Original Message----- From: mailman-users-bounces+gspivey=georgefox.edu@python.org [mailto:mailman-users-bounces+gspivey=georgefox.edu@python.org] On Behalf Of Robert Braver Sent: Sunday, September 30, 2007 10:54 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Preventing spam to list owners
On Sunday, September 30, 2007, 12:30:44 AM, Gary Spivey wrote:
GS> My lists are locked down to only allow posts from members, so my GS> members are not getting any [spam]. However, as list owner, every GS> one of my lists is getting a large amount of [spam] - generally GS> sent to the listname-owner or to mailman-owner.
I run only a small handful of lists, with anywhere from 20 to 200 members each, and filter out at least 200 spams to the various list addresses daily by running everything through SpamAssassin via a small bit of procmail.
I've been doing this for about a year now, and very few spams get through, resulting in very few messages for a moderator and uncaught bounce notifications. Legitimate bounces (e.g. a user submitting a message from a recently changed email addresses) still occur as expected & desired.
Wholesale bouncing of list mail to non-subscribers is totally unacceptable due to the amount of outscatter this will cause. (see http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )
It only took one list member from one of the smaller lists (which is private and not listed anywhere) who had their address book harvested by a trojan to cause about 50 spam emails a day to that list alone on an ongoing basis... so hiding the list addresses doesn't guarantee that they won't eventually leak out and get on the spam lists.
Aliases file entries and procmail script is below. I'm currently tagging list filtered spam and shunting it to a specific folder which I periodically review and flush, but it could just as easily be sent to /dev/null.
From the aliases file:
## listname mailing list listname: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc post listname" listname-admin: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc admin listname" listname-bounces: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc bounces listname" listname-confirm: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc confirm listname" listname-join: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc join listname" listname-leave: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc leave listname" listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname" listname-request: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc request listname" listname-subscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc subscribe listname" listname-unsubscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc unsubscribe listname"
The mailman.rc file is:
VERBOSE=yes LOGFILE=/var/log/mailman-procmail.log
MMCOMMAND=$1 MMLIST=$2
:0fw
- < 256000 |/usr/bin/spamc
Send on to Mailman if not marked as spam
:0 H
- !^X-Spam-Status: Yes |/var/mailman/mail/mailman $MMCOMMAND $MMLIST
Otherwise add tag and send to abuse mailbox
:0
- ^Subject:[ ]*\/[^ ].* { SUBJECT=$MATCH }
create the new subject token
SUBJECT="[$MMLIST Filtered] $MATCH"
# insert it into the headers :0hf | formail -I "Subject: $SUBJECT"
# and forward
:0 ! spam
-- Best regards, Robert Braver rbraver@ohww.norman.ok.us
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/gspivey%40georgefox .edu
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
participants (6)
-
Brad Knowles
-
Dennis Morgan
-
Gary Spivey
-
Mark Sapiro
-
Robert Braver
-
Stephen J. Turnbull