Mailman and recipient spam filtering
How does mailman handle recipient's spam filtering, if a message gets through the mailing list filters but is rejected by a recipient ?
I have an incident where a rejection message was forwarded to a list, and on to other members. I don't know if that was even mailman, but it got me thinking.
For instance, as a recipient's mailserver, we have various SMTP permanent rejection status returns:
550 5.1.1 user is unknown
- mail will never work and you might as well unsubscribe me 551 5.0.0 Invalid recipient; Use joe@example.com
- if you were really clever you'd auto-update the list membership, otherwise might as well unsubscribe me 553 5.3.0 Rejected by CBL
- sending ip address is listed in a DNSBL and I won't accept mail until you get off the blacklist 550 5.7.1 Rejected by SpamAssassin milter
- this particular message is too spammy (says I won $1M worth of viagra, for instance) and I won't accept it, but otherwise it's OK; don't unsubscribe me 554 5.7.1 Virus xxx detected by the ClamAV AntiVirus
- this particular message has a virus or phishing document and I won't accept it, but otherwise it's OK; don't unsubscribe me
which are probably inconsistant, created over a span of many years
-- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time)
On Mon, Apr 04, 2016 at 05:30:13PM -0700, Andrew Daviel wrote:
I have an incident where a rejection message was forwarded to a list, and on to other members. I don't know if that was even mailman, but it got me thinking.
First, that's because the system which originated the rejection is broken.
All mail systems doing anti-spam/anti-virus/anti-whatever should *always* reject (if they're going to reject) during the SMTP conversation (a) because that's most effective and efficient and (b) because that avoids generating a bounce message, which in turn avoids backscatter such as you've described.
Second, anything coming back should go to the Sender:, which I believe defaults to:
LISTNAME-bounces@LISTHOST
I believe that LISTNAME-bounces, in turn, should be sent by the MTA in play to:
"|/usr/local/mailman/mail/mailman bounces LISTNAME"
(although I have it set up like this in the sendmail aliases file:
LISTNAME-bounces: "|/usr/local/mailman/mail/mailman bounces LISTNAME", postmaster@LISTHOST
so that the local postmaster gets a copy of the bounce for examination.)
This doesn't necessarily yield the desired outcome, e.g., it may result in incrementing the bounce count for a subscriber when that shouldn't really happen, but at least it avoids forwarding backscatter to an entire mailing list.
---rsk
On Mon, 4 Apr 2016, Rich Kulawiec wrote:
On Mon, Apr 04, 2016 at 05:30:13PM -0700, Andrew Daviel wrote:
I have an incident where a rejection message was forwarded to a list, and on to other members. I don't know if that was even mailman, but it got me thinking.
First, that's because the system which originated the rejection is broken.
On further investigation, that incident was not mailman or real mailing list software, just a simple address expansion in sendmail to 4 people. The sender had spoofed the sending address to the recipient, i.e. "list" address.
All mail systems doing anti-spam/anti-virus/anti-whatever should *always* reject (if they're going to reject) during the SMTP conversation (a) because that's most effective and efficient and (b) because that avoids generating a bounce message, which in turn avoids backscatter such as you've described.
Yes; the antivirus system works like that. It was sendmail generating a DSN back to the "sender" that caused the problem, and I think I can just reject mail "from" that address, i.e. make it a receive-only address, e.g. Joe and Jane both get mail to "webmaster" but reply as themselves.
Second, anything coming back should go to the Sender:, which I believe defaults to:
LISTNAME-bounces@LISTHOST
This doesn't necessarily yield the desired outcome, e.g., it may result in incrementing the bounce count for a subscriber when that shouldn't really happen, but at least it avoids forwarding backscatter to an entire mailing list.
Apologies, I confused the issue by talking about two different things, backscatter and bounces.
My real question is, there are two types of "permanent" (500 series) rejection - recipient problems and message problems. I want mailman to auto-unsubscribe stale addresses after 5 (bounce_score_threshold) bounces, but I don't want active addresses to be unsubscribed because 5 successive viruses or spams got through a relatively quiet list but were rejected by the recipient's filters.
I wondered if that was already handled inside mailman bounce processing, or is something that needs work.
-- Andrew Daviel, TRIUMF, Canada
On 04/06/2016 07:01 PM, Andrew Daviel wrote:
My real question is, there are two types of "permanent" (500 series) rejection - recipient problems and message problems. I want mailman to auto-unsubscribe stale addresses after 5 (bounce_score_threshold) bounces, but I don't want active addresses to be unsubscribed because 5 successive viruses or spams got through a relatively quiet list but were rejected by the recipient's filters.
I wondered if that was already handled inside mailman bounce processing, or is something that needs work.
Mailman does not distinguish between various types of 5xx permanent failures. If Mailman receives a 5xx status during SMTP to the outgoing MTA, that is recorded as a bounce. If it receives a permanent failure DSN returned by a remote MTA, that is recorded as a bounce.
You can adjust the parameters bounce_score_threshold and bounce_info_stale_after in Bounce Processing to try to accommodate differences in those situations, but ultimately, Mailman doesn't distinguish between a permanent failure for non-existent address and one for unacceptable content.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Andrew Daviel writes:
My real question is, there are two types of "permanent" (500 series) rejection - recipient problems and message problems. I want mailman to auto-unsubscribe stale addresses after 5 (bounce_score_threshold) bounces, but I don't want active addresses to be unsubscribed because 5 successive viruses or spams got through a relatively quiet list but were rejected by the recipient's filters.
Expanding on what Mark wrote:
It's not possible to reliably distinguish the two cases. Besides the large number of sites that give uninformative status codes to policy (ie, "message problem") rejections, DMARC rejects get a "message problem" status code, but they indicate that you just aren't going to get through to that recipient.
If somebody who's had different experience wants to try the experiment and show that it actually has potential for reducing undesired unsubscriptions, I don't mean to discourage them. But I won't do it -- in my experience, such spates of spam getting through the list are miniscule compared to the problems caused by rude and incompetent receivers, so the effort is excessive compared to the return.
Steve
participants (4)
-
Andrew Daviel
-
Mark Sapiro
-
Rich Kulawiec
-
Stephen J. Turnbull