how to disable main mailman-request and mailman list without stopping mailman functionality
Hello everybody,
I am seeing our mailman@lists.company.nl being used to try to spam people and receiving mail delivery failures from mailman-request@lists.company.nl attempts.
I removed the mailman mailinglist but that ended up disabling mailman and all of the mailinglsit from working. I created the mailman mailinglist again and the spam started again.
I looked at the the options but can not find the right ones that might help?
PS. I had mailman not advertised by default but some Debian update a while back seem to have made it advertised. I disabled the advertising of the list but the spam keeps coming. Maybe disable advertising by default for the mailman default list?
What are the recommended steps?
Kind regards,
Jelle de Jong
On 1/26/20 9:03 AM, Jelle de Jong wrote:
PS. I had mailman not advertised by default but some Debian update a while back seem to have made it advertised. I disabled the advertising of the list but the spam keeps coming. Maybe disable advertising by default for the mailman default list?
First, advertised or not, it is well known that every Mailman 2.1 installation has a site list, usually called mailman. Also the mailman@example.com address is exposed on both the listinfo and admin overview pages in the web UI.
What are the recommended steps?
It depends on how your MTA deliveres to Mailman. If it uses aliases, you can change the mailman-request alias in mailman's aliases, but if Mailman automatically generates these, that may get undone. A better approach is to put an alias for the mailman-request and maybe other mailman- addresses in an alias file that is processed before Mailman's aliases or delivery. You can use these to send the mail to /dev/null or to some user or mailbox if you want to see the mail.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thank you Mark for taking the time to reply, much appreciated.
On 2020-01-27 15:52, Mark Sapiro wrote:
On 1/26/20 9:03 AM, Jelle de Jong wrote:
PS. I had mailman not advertised by default but some Debian update a while back seem to have made it advertised. I disabled the advertising of the list but the spam keeps coming. Maybe disable advertising by default for the mailman default list?
First, advertised or not, it is well known that every Mailman 2.1 installation has a site list, usually called mailman. Also the mailman@example.com address is exposed on both the listinfo and admin overview pages in the web UI.
What are the recommended steps?
It depends on how your MTA deliveres to Mailman. If it uses aliases, you can change the mailman-request alias in mailman's aliases, but if Mailman automatically generates these, that may get undone. A better approach is to put an alias for the mailman-request and maybe other mailman- addresses in an alias file that is processed before Mailman's aliases or delivery. You can use these to send the mail to /dev/null or to some user or mailbox if you want to see the mail.
So how can I make a alias for all mailman- addresses that go to /dev/null?
mailman version 1:2.1.23-1+deb9u4
# /usr/lib/mailman/bin/genaliases --help Regenerate Mailman specific aliases from scratch.
Does not give me much useful informaiton.
Kind regards,
Jelle de Jong
On 1/28/20 3:13 AM, Jelle de Jong wrote:
On 2020-01-27 15:52, Mark Sapiro wrote:
It depends on how your MTA deliveres to Mailman. If it uses aliases, you can change the mailman-request alias in mailman's aliases, but if Mailman automatically generates these, that may get undone. A better approach is to put an alias for the mailman-request and maybe other mailman- addresses in an alias file that is processed before Mailman's aliases or delivery. You can use these to send the mail to /dev/null or to some user or mailbox if you want to see the mail.
So how can I make a alias for all mailman- addresses that go to /dev/null?
Assuming your MTA is configured to use /etc/aliases and puts it before Mailman's data/aliases.
Add the following lines to /etc/aliases
mailman-admin: /dev/null mailman-bounces: /dev/null mailman-confirm: /dev/null mailman-join: /dev/null mailman-leave: /dev/null mailman-owner: /dev/null mailman-request: /dev/null mailman-subscribe: /dev/null mailman-unsubscribe: /dev/null
And then run newaliases
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
Add the following lines to /etc/aliases
mailman-admin: /dev/null mailman-bounces: /dev/null
If you have mebership reminders active on other mailinglists this is a problem because you dont get the bounces.
Additionally if the spammers use the web interface it does not help. I had this problem: Somebody found it funny to try hundred times a day curl http://mydom.example.org/mailman/subscribe/mailman?email=victim@example.com I solved it by setting SUBSCRIBE_FORM_SECRET="some_ranmdom_string" in /etc/mailman/mm_cfg.py .
-- \ J. Dollinger FAW/n Ulm |zeitnot@irc| http://www.home.pages.de/~zeitnot/ \ "What're quantum mechanics?" -- "I don't know. People who / \ repair quantums, I suppose." (Terry Pratchett, Eric) /
On 2/2/20 6:15 AM, Jürgen Dollinger wrote:
Additionally if the spammers use the web interface it does not help. I had this problem: Somebody found it funny to try hundred times a day curl http://mydom.example.org/mailman/subscribe/mailman?email=victim@example.com I solved it by setting SUBSCRIBE_FORM_SECRET="some_ranmdom_string" in /etc/mailman/mm_cfg.py .
I'm glad SUBSCRIBE_FORM_SECRET worked in your case, but it doesn't always. See the thread at <https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/47XWM3F6SXZQLVAGCOLC4KCOT32QSHEE/>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Jelle de Jong
-
Jürgen Dollinger
-
Mark Sapiro