On Fri, 29 Oct 2004 16:59:09 -0700 Kenneth Porter wrote:

--On Friday, October 29, 2004 5:33 PM -0400 David Relson <relson@osagesoftware.com> wrote:

...

The other one spoofed a valid subscriber's address, so mailman accepted it and sent copies to all subscribers.

How do you know it's spoofed? How would mailman know?

Hi Kenneth,

Your reply is appreciated!

To answer your questions, both messages were from the same ip address, part of a class C subnet registered to a German ISP. The message from bogofilter@bogofilter.org to bogofilter-dev@bogofilter.org is clearly bogus because (1) it has the wrong originating ip address and (2) mailman has verp enabled hence the sender's address is never actually used when sending. The subscriber's address in the other message is _my_ address and I've got an American ip address (and which is not part of the german subnet). So I know _both_ messages had spoofed addresses.

Part of asking the question was to learn whether mailman has any ability to verify addresses. I wasn't aware of anything, which doesn't mean it can't be done. Along a similar vein, I'm wondering if there are ways for postfix and procmail to validate addresses.

The question was posted here because I'm aware of that this list's readers have a significant amount of knowledge about all things mail related. Honestly, I rate my mail knowledge at the rookie/novice level which is enough to get by but not enough to answer questions such as I asked.

Regards,

David

At 8:24 PM -0400 2004-10-29, David Relson wrote:

Part of asking the question was to learn whether mailman has any ability to verify addresses. I wasn't aware of anything, which doesn't mean it can't be done. Along a similar vein, I'm wondering if there are ways for postfix and procmail to validate addresses.

How would it verify the address?  By the time that Mailman gets 

the message, it's already been accepted by your MTA.

If you need application-level authentication, you could have 

everyone encrypt their messages to a PGP key that is registered to the list, and then have mmreencrypt turn around and re-encrypt that message to all the recipients. See <http://sourceforge.net/projects/mmreencrypt/>.

There are no verification or authentication mechanisms inherent 

to Mailman, beyond checking what's in the headers (e.g., "From:", "Sender:", etc...) and what's used as the envelope sender, and seeing whether that address is allowed to post (i.e., they are a subscriber, or whatever).

I guess you could set up forced moderation for all users, so that 

a human being has to take a manual action for each message in order to approve it. That's not a very scalable solution, however.

So far as I know, that's about it.

-- Brad Knowles, <brad@stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

 -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
 Assembly to the Governor, November 11, 1755

SAGE member since 1995. See <http://www.sage.org/> for more info.

David Relson wrote:

My mail handling environment is composed of postfix, procmail, bogofilter, and mailman. All incoming messages are _supposed_ to be processed by bogofilter, which adds a spam/ham tag to the message header. Messages to "mydomain.com" have the tags, but messages to "mylists.org" do not (as confirmed by looking at *.pck in held-msgs). Can you point me towards a FAQ, HOWTO, or other document which might shed light on why this is so?

What is the processing order? Is it the order listed above? Is a postfix alias or a procmail recipe piping mail directly to mailman and bypassing bogofilter?

-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

On Sat, 30 Oct 2004 14:56:40 +0200 Brad Knowles wrote:

At 10:11 PM -0400 2004-10-29, David Relson wrote:

...

My mail handling environment is composed of postfix, procmail, bogofilter, and mailman. All incoming messages are _supposed_ to be processed by bogofilter, which adds a spam/ham tag to the message header. Messages to "mydomain.com" have the tags, but messages to"mylists.org" do not (as confirmed by looking at *.pck in held-msgs). Can you point me towards a FAQ, HOWTO, or other document which might shed light on why this is so?

That sounds like a bogofilter question, which you should be using bogofilter resources to try to answer -- like their mailing lists, newsgroups, etc.... I doubt that the Mailman-users mailing list is going to be very useful in trying to answer bogofilter questions.

That said, if you want to keep from having your own address spoofed, I imagine you could add some bogofilter rules that look through the headers and increase or decrease the score depending on whether it appears that the message is originating from your machine and claims to have your address on it, or if the message originates from somewhere else but has your address.

Brad,

Actually it's more of a mailman setup question, as in "why don't mailing list messages go through procmail (which handle bogofilter and other such stuff)?" and "how do I set up mailman in a postfix environment so that filters, for example virus checkers, get run to protect the list from propagating bad stuff, e.g. viruses.

Due to limited time, I've only answered part of the question so far ---

I've learned that /var/lib/mailman/data/aliases (generated by Mailman) has entries like:

bogofilter: "|/usr/lib/mailman/mail/mailman post bogofilter" bogofilter-admin: "|/usr/lib/mailman/mail/mailman admin bogofilter"

my next step is to look at the mailman code that generates this, see if there are options for running additional filters, etc, etc.

By the way, being a bayesian filter, bogofilter doesn't have any rules. Address validation is in the realm of procmail's capabilities and, at the present time, that's not being run for mailing list messages.

Also, I'm not so much worried about having my own address spoofed as the possibility that _any_ subscribers address can be spoofed with uncertain consequences. The spoofed address just happened to be mine, but the same problem would have happened with any of several hundred other addresses.

Thanks for all the work that's gone into mailman. I recognize what it takes and _do_ appreciate what you've done.

Regards,

David

On Sun, 31 Oct 2004 06:51:10 +0900 Tokio Kikuchi wrote:

Hi,

I don't use bogofilter but use spamassassin to filter incoming messages.

...

I've learned that /var/lib/mailman/data/aliases (generated by Mailman) has entries like:

bogofilter: "|/usr/lib/mailman/mail/mailman post bogofilter" bogofilter-admin: "|/usr/lib/mailman/mail/mailman admin bogofilter"

my next step is to look at the mailman code that generates this, see if there are options for running additional filters, etc, etc.

With this aliases setting, the incoming messages will not pass through procmail and bogofilter. You should either set up aliases to be handled by procmail or activate filter option in postfix. Web documents like http://www.advosys.ca/papers/postfix-filtering.html and of course your friendly postfix manual may be helpful.

The aliases lines above are what Mailman generated for my lists. Evidently they're not enough when filtering is needed :-< As they are generated by Mailman and there's a warning against modification, I've been leaving them alone.

Or, you can add a SpamAssassin.py like handler in Mailman/Handlers. (As SourceForge is currently down, so I can't give you the id but there is a patch in the patch tracker.)

Very possibly what my environment lacks is a Handlers file (which I hadn't known of and will learn about).

...

By the way, being a bayesian filter, bogofilter doesn't have any rules.

This, I believe is a bogofilter question. How do you set up the rules?

Bayesian filters aren't rule based (like SpamAssassin). You train them with message that you have classified as spam and messages you've classified as ham. A bayesian filter creates a wordlist (database) of the words in the two sets of messages. When it classifies a message, it compares the message's words to the words in its database and then reports how likely the message is to be spam (or ham). If you want more info, you can download bogofilter from sourceforge or load the version that's included with your favorite distribution.

...

Address validation is in the realm of procmail's capabilities and, at the present time, that's not being run for mailing list messages.

Address and _header_ validation as well as attachment filtering can be handled by Mailman. You should browse through privacy/filter options.

I shall. As mentioned earlier I like what mailman does and I am still learning about its features.

Thank you for steering me towards its handlers and privacy options.

Regards,

David

On Sun, 31 Oct 2004 02:15:10 +0200 Brad Knowles wrote:

At 3:06 PM -0400 2004-10-30, David Relson wrote:

...

Actually it's more of a mailman setup question, as in "why don't mailing list messages go through procmail (which handle bogofilter and other such stuff)?" and "how do I set up mailman in a postfix environment so that filters, for example virus checkers, get run to protect the list from propagating bad stuff, e.g. viruses.

Actually, no. This has less to do with Mailman than it does with getting these kinds of features into your MTA. Postfix is quite capable of doing that, as is sendmail, Exim, and every other MTA that I am familiar with. Indeed, most MTAs have a wide variety of ways in which these kinds of features can be integrated.

We have highlighted a few in the Mailman FAQ Wizard at <http://www.python.org/cgi-bin/faqw-mm.py> (such as FAQ 6.12, which discusses the integration of postfix, Mailman, and amavisd for anti-spam and anti-virus scanning), or FAQ 4.15 (which provides a different method of integrating procmail into the message flow), FAQ 4.23 (which mentions both of these methods as well as a patch to integrate SpamAssassin directly into Mailman itself).

Alternatively, you could also incorporate a Python-based anti-spam filter directly into Mailman. We do that for python.org with SpamBayes.

If you spend some time digging around in the FAQ and in the archives, you may very well turn up several more answers. See FAQ 1.18 for a variety of ways you can search the archives.

Brad,

I appreciate the pointers. One of the problems(?) with mailman is that there is _so_ much information, it's close to overwhelming.

My project, bogofilter, suffers from difficulty in finding the right information, even though we don't have as much info. I suspect that our documentation could be better organized than it is :-(

Regards,

David

On Sun, 31 Oct 2004 05:15:34 +0200 Brad Knowles wrote:

...[snip]...

I'm also involved in the NTP Project, and we provide a TWiki for

use in creating community-supported documentation in addition to the official FAQ. For the python.org project, they also provide a wiki (of the moinmoin variety), in addition to the FAQ Wizard.

If you don't already have a FAQ, you could easily make use of wiki-style tools to help put something like that together.

Hi Brad,

We do have a FAQ, man pages, miscellaneous README files, etc. Too many documents, or documents that are too large can overwhelm people. Using wiki-style tools is something to investigate.

...[snip]...

Of course, Google is also your friend. I recommend the book _Google Hacks_ from O'Reilly (see <http://www.oreilly.com/catalog/googlehks/>).

Indeed, Google is a friend and one I consult frequently. I googled "mailman +virus +filter" (or something similar) and got tons of hits. Most of them were list messages with a "I've been spam filtered" message at the bottom. Evidently I posed the wrong query.

David

On Sat, 30 Oct 2004 22:16:19 -0700 Mark Sapiro wrote:

David Relson wrote:

...

I've learned that /var/lib/mailman/data/aliases (generated by Mailman) has entries like:

bogofilter: "|/usr/lib/mailman/mail/mailman post bogofilter" bogofilter-admin: "|/usr/lib/mailman/mail/mailman admin bogofilter"

One thing you may or may not be aware of:

It looks like the above are aliases for a list named bogofilter. They will not cause any incoming mail to postfix to be processed by bogofilter in any way. They will cause incoming mail to addresses bogofilter@dom.ain, bogofilter-admin@dom.ain and likewise for others to be piped directly to mailman.

Hi Mark,

Multiple attempts to spam the mailing lists have been caught by mailman because the sender addresses have not been subscriber addresses. Multiple virus laden messages have also been caught (for the same reason). Unfortunately one virus message spoofed a subscriber's address and was accepted and transmitted. Under any circumstances, that is unacceptable. That the spoofed address was mine, makes it personal!

When I set up mailman I included the appropriate postfix info in /etc/mailman, i.e.

MTA = 'Postfix' POSTFIX_STYLE_VIRTUAL_DOMAINS = [ DEFAULT_EMAIL_HOST ]

Since mailman then used direct piping in the aliases file, I naively assumed that's the proper setup. Now I've some reading to do as there's a need to set up some filtering.

Best regards,

David

On Fri, 29 Oct 2004 16:59:09 -0700 Kenneth Porter wrote:

--On Friday, October 29, 2004 5:33 PM -0400 David Relson <relson@osagesoftware.com> wrote:

...

The other one spoofed a valid subscriber's address, so mailman accepted it and sent copies to all subscribers.

How do you know it's spoofed? How would mailman know?

Hi Kenneth,

Your reply is appreciated!

To answer your questions, both messages were from the same ip address, part of a class C subnet registered to a German ISP. The message from bogofilter@bogofilter.org to bogofilter-dev@bogofilter.org is clearly bogus because (1) it has the wrong originating ip address and (2) mailman has verp enabled hence the sender's address is never actually used when sending. The subscriber's address in the other message is _my_ address and I've got an American ip address (and which is not part of the german subnet). So I know _both_ messages had spoofed addresses.

Part of asking the question was to learn whether mailman has any ability to verify addresses. I wasn't aware of anything, which doesn't mean it can't be done. Along a similar vein, I'm wondering if there are ways for postfix and procmail to validate addresses.

The question was posted here because I'm aware of that this list's readers have a significant amount of knowledge about all things mail related. Honestly, I rate my mail knowledge at the rookie/novice level which is enough to get by but not enough to answer questions such as I asked.

Regards,

David

At 8:24 PM -0400 2004-10-29, David Relson wrote:

Part of asking the question was to learn whether mailman has any ability to verify addresses. I wasn't aware of anything, which doesn't mean it can't be done. Along a similar vein, I'm wondering if there are ways for postfix and procmail to validate addresses.

How would it verify the address?  By the time that Mailman gets 

the message, it's already been accepted by your MTA.

If you need application-level authentication, you could have 

everyone encrypt their messages to a PGP key that is registered to the list, and then have mmreencrypt turn around and re-encrypt that message to all the recipients. See <http://sourceforge.net/projects/mmreencrypt/>.

There are no verification or authentication mechanisms inherent 

to Mailman, beyond checking what's in the headers (e.g., "From:", "Sender:", etc...) and what's used as the envelope sender, and seeing whether that address is allowed to post (i.e., they are a subscriber, or whatever).

I guess you could set up forced moderation for all users, so that 

a human being has to take a manual action for each message in order to approve it. That's not a very scalable solution, however.

So far as I know, that's about it.

-- Brad Knowles, <brad@stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

 -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
 Assembly to the Governor, November 11, 1755

SAGE member since 1995. See <http://www.sage.org/> for more info.

David Relson wrote:

My mail handling environment is composed of postfix, procmail, bogofilter, and mailman. All incoming messages are _supposed_ to be processed by bogofilter, which adds a spam/ham tag to the message header. Messages to "mydomain.com" have the tags, but messages to "mylists.org" do not (as confirmed by looking at *.pck in held-msgs). Can you point me towards a FAQ, HOWTO, or other document which might shed light on why this is so?

What is the processing order? Is it the order listed above? Is a postfix alias or a procmail recipe piping mail directly to mailman and bypassing bogofilter?

-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

On Sat, 30 Oct 2004 14:56:40 +0200 Brad Knowles wrote:

At 10:11 PM -0400 2004-10-29, David Relson wrote:

...

My mail handling environment is composed of postfix, procmail, bogofilter, and mailman. All incoming messages are _supposed_ to be processed by bogofilter, which adds a spam/ham tag to the message header. Messages to "mydomain.com" have the tags, but messages to"mylists.org" do not (as confirmed by looking at *.pck in held-msgs). Can you point me towards a FAQ, HOWTO, or other document which might shed light on why this is so?

That sounds like a bogofilter question, which you should be using bogofilter resources to try to answer -- like their mailing lists, newsgroups, etc.... I doubt that the Mailman-users mailing list is going to be very useful in trying to answer bogofilter questions.

That said, if you want to keep from having your own address spoofed, I imagine you could add some bogofilter rules that look through the headers and increase or decrease the score depending on whether it appears that the message is originating from your machine and claims to have your address on it, or if the message originates from somewhere else but has your address.

Brad,

Actually it's more of a mailman setup question, as in "why don't mailing list messages go through procmail (which handle bogofilter and other such stuff)?" and "how do I set up mailman in a postfix environment so that filters, for example virus checkers, get run to protect the list from propagating bad stuff, e.g. viruses.

Due to limited time, I've only answered part of the question so far ---

I've learned that /var/lib/mailman/data/aliases (generated by Mailman) has entries like:

bogofilter: "|/usr/lib/mailman/mail/mailman post bogofilter" bogofilter-admin: "|/usr/lib/mailman/mail/mailman admin bogofilter"

my next step is to look at the mailman code that generates this, see if there are options for running additional filters, etc, etc.

By the way, being a bayesian filter, bogofilter doesn't have any rules. Address validation is in the realm of procmail's capabilities and, at the present time, that's not being run for mailing list messages.

Also, I'm not so much worried about having my own address spoofed as the possibility that _any_ subscribers address can be spoofed with uncertain consequences. The spoofed address just happened to be mine, but the same problem would have happened with any of several hundred other addresses.

Thanks for all the work that's gone into mailman. I recognize what it takes and _do_ appreciate what you've done.

Regards,

David

On Sun, 31 Oct 2004 06:51:10 +0900 Tokio Kikuchi wrote:

Hi,

I don't use bogofilter but use spamassassin to filter incoming messages.

...

I've learned that /var/lib/mailman/data/aliases (generated by Mailman) has entries like:

bogofilter: "|/usr/lib/mailman/mail/mailman post bogofilter" bogofilter-admin: "|/usr/lib/mailman/mail/mailman admin bogofilter"

my next step is to look at the mailman code that generates this, see if there are options for running additional filters, etc, etc.

With this aliases setting, the incoming messages will not pass through procmail and bogofilter. You should either set up aliases to be handled by procmail or activate filter option in postfix. Web documents like http://www.advosys.ca/papers/postfix-filtering.html and of course your friendly postfix manual may be helpful.

The aliases lines above are what Mailman generated for my lists. Evidently they're not enough when filtering is needed :-< As they are generated by Mailman and there's a warning against modification, I've been leaving them alone.

Or, you can add a SpamAssassin.py like handler in Mailman/Handlers. (As SourceForge is currently down, so I can't give you the id but there is a patch in the patch tracker.)

Very possibly what my environment lacks is a Handlers file (which I hadn't known of and will learn about).

...

By the way, being a bayesian filter, bogofilter doesn't have any rules.

This, I believe is a bogofilter question. How do you set up the rules?

Bayesian filters aren't rule based (like SpamAssassin). You train them with message that you have classified as spam and messages you've classified as ham. A bayesian filter creates a wordlist (database) of the words in the two sets of messages. When it classifies a message, it compares the message's words to the words in its database and then reports how likely the message is to be spam (or ham). If you want more info, you can download bogofilter from sourceforge or load the version that's included with your favorite distribution.

...

Address validation is in the realm of procmail's capabilities and, at the present time, that's not being run for mailing list messages.

Address and _header_ validation as well as attachment filtering can be handled by Mailman. You should browse through privacy/filter options.

I shall. As mentioned earlier I like what mailman does and I am still learning about its features.

Thank you for steering me towards its handlers and privacy options.

Regards,

David

On Sun, 31 Oct 2004 02:15:10 +0200 Brad Knowles wrote:

At 3:06 PM -0400 2004-10-30, David Relson wrote:

...

Actually it's more of a mailman setup question, as in "why don't mailing list messages go through procmail (which handle bogofilter and other such stuff)?" and "how do I set up mailman in a postfix environment so that filters, for example virus checkers, get run to protect the list from propagating bad stuff, e.g. viruses.

Actually, no. This has less to do with Mailman than it does with getting these kinds of features into your MTA. Postfix is quite capable of doing that, as is sendmail, Exim, and every other MTA that I am familiar with. Indeed, most MTAs have a wide variety of ways in which these kinds of features can be integrated.

We have highlighted a few in the Mailman FAQ Wizard at <http://www.python.org/cgi-bin/faqw-mm.py> (such as FAQ 6.12, which discusses the integration of postfix, Mailman, and amavisd for anti-spam and anti-virus scanning), or FAQ 4.15 (which provides a different method of integrating procmail into the message flow), FAQ 4.23 (which mentions both of these methods as well as a patch to integrate SpamAssassin directly into Mailman itself).

Alternatively, you could also incorporate a Python-based anti-spam filter directly into Mailman. We do that for python.org with SpamBayes.

If you spend some time digging around in the FAQ and in the archives, you may very well turn up several more answers. See FAQ 1.18 for a variety of ways you can search the archives.

Brad,

I appreciate the pointers. One of the problems(?) with mailman is that there is _so_ much information, it's close to overwhelming.

My project, bogofilter, suffers from difficulty in finding the right information, even though we don't have as much info. I suspect that our documentation could be better organized than it is :-(

Regards,

David

On Sun, 31 Oct 2004 05:15:34 +0200 Brad Knowles wrote:

...[snip]...

I'm also involved in the NTP Project, and we provide a TWiki for

use in creating community-supported documentation in addition to the official FAQ. For the python.org project, they also provide a wiki (of the moinmoin variety), in addition to the FAQ Wizard.

If you don't already have a FAQ, you could easily make use of wiki-style tools to help put something like that together.

Hi Brad,

We do have a FAQ, man pages, miscellaneous README files, etc. Too many documents, or documents that are too large can overwhelm people. Using wiki-style tools is something to investigate.

...[snip]...

Of course, Google is also your friend. I recommend the book _Google Hacks_ from O'Reilly (see <http://www.oreilly.com/catalog/googlehks/>).

Indeed, Google is a friend and one I consult frequently. I googled "mailman +virus +filter" (or something similar) and got tons of hits. Most of them were list messages with a "I've been spam filtered" message at the bottom. Evidently I posed the wrong query.

David

On Sat, 30 Oct 2004 22:16:19 -0700 Mark Sapiro wrote:

David Relson wrote:

...

I've learned that /var/lib/mailman/data/aliases (generated by Mailman) has entries like:

bogofilter: "|/usr/lib/mailman/mail/mailman post bogofilter" bogofilter-admin: "|/usr/lib/mailman/mail/mailman admin bogofilter"

One thing you may or may not be aware of:

It looks like the above are aliases for a list named bogofilter. They will not cause any incoming mail to postfix to be processed by bogofilter in any way. They will cause incoming mail to addresses bogofilter@dom.ain, bogofilter-admin@dom.ain and likewise for others to be piped directly to mailman.

Hi Mark,

Multiple attempts to spam the mailing lists have been caught by mailman because the sender addresses have not been subscriber addresses. Multiple virus laden messages have also been caught (for the same reason). Unfortunately one virus message spoofed a subscriber's address and was accepted and transmitted. Under any circumstances, that is unacceptable. That the spoofed address was mine, makes it personal!

When I set up mailman I included the appropriate postfix info in /etc/mailman, i.e.

MTA = 'Postfix' POSTFIX_STYLE_VIRTUAL_DOMAINS = [ DEFAULT_EMAIL_HOST ]

Since mailman then used direct piping in the aliases file, I naively assumed that's the proper setup. Now I've some reading to do as there's a need to set up some filtering.

Best regards,

David