Yahoo is delaying delivery of mail from my domain because I look like I'm spamming them -- my machine sends a lot of email to non-existent Yahoo users. Well, that's because I get a lot of incoming spam from fake Yahoo accounts to my Mailman, and I have it configured to send back a "you aren't a member" message.
Is there any way to suppress "you aren't a member" only for Yahoo senders?
-- greg
Greg Lindahl wrote:
Yahoo is delaying delivery of mail from my domain because I look like I'm spamming them -- my machine sends a lot of email to non-existent Yahoo users. Well, that's because I get a lot of incoming spam from fake Yahoo accounts to my Mailman, and I have it configured to send back a "you aren't a member" message.
Is there any way to suppress "you aren't a member" only for Yahoo senders? ---------------- End original message. ---------------------
Why not disable those notification messages completely and discard the incoming messages from nonmembers?
That is what I do on my lists.
My reasoning behind this is that if there is any mail from a nonmember, 99.99% of the time it's a spammer that has sent that message. By silently discarding it, I am not confirming for them that there is a live e-mail address there and (hopefully) reducing the number of attempts to spam the address in the future. The very few remaining posts after the spam are usually because somebody has e-mailed something with the list address as a recipient to a non-member and that non-member has done a reply-to-all.
Either way, it's not something that I care about nor is it something that I believe needs an explanatory message sent back to the sender.
Just my thoughts on the matter, I think it makes life simpler.
Dragon
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
On Wed, Mar 01, 2006 at 12:52:39PM -0800, Dragon wrote:
Why not disable those notification messages completely and discard the incoming messages from nonmembers?
Because I have a lot of users with several email addresses who forget which one they're subscribed as. I care about every posting.
By silently discarding it, I am not confirming for them that there is a live e-mail address there and (hopefully) reducing the number of attempts to spam the address in the future.
Almost all of the spam I get has a faked return address, so this reasoning does not apply.
-- greg
Greg Lindahl wrote:
On Wed, Mar 01, 2006 at 12:52:39PM -0800, Dragon wrote:
Why not disable those notification messages completely and discard the incoming messages from nonmembers?
Because I have a lot of users with several email addresses who forget which one they're subscribed as. I care about every posting. ---------------- End original message. ---------------------
Well, perhaps I am just an uncaring old curmudgeon, but should that not be an issue for the user and not the list owner?
Again, just my opinion, do with it as you will.
Dragon
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
Wednesday, March 01, 2006 3:57 PM - Greg wrote:
Why not disable those notification messages completely and discard the incoming messages from nonmembers?
Because I have a lot of users with several email addresses who forget which one they're subscribed as. I care about every posting.
By silently discarding it, I am not confirming for them that there is a live e-mail address there and (hopefully) reducing the number of attempts to spam the address in the future.
Almost all of the spam I get has a faked return address, so this reasoning does not apply.
-- greg
Greg, Imagine I'm evil-spammer-dude. Once I have your mailing list addresses imagine I generate 20,000 spams to one or all of your lists. Each spam has a forged address from the @yahoo.com domain. Your list in turn "replies" most courteously to the "forged address" that the address is not a member and can't post to your list. Now ~you~ are spamming Greg! Well, as evil-spammer-dude, I could not thank you more! You are helping me get my spam into the yahoo.com network. You see Greg, as evil-spammer-dude I don't care how it gets there, it doesn't have to look pretty. It can come packaged as a bounce.
Yahoo is doing what they have to do, sorry about your luck.
Have you received similar emails in your personal mailbox?
I work at an ISP were we have been targeted with a form of this"attack". Thanks to IDP and mailserver tuning we have been able to keep our 60,000 email accounts flowing fairly smoothly with little hardware impact. I have heard of other ISP's that have not faired so well. Don't be surprised or angered if you get targeted by one or more of these people and it brings your servers to a screeching halt. You are apparently on someone's radar....
Best of luck, Jon
At 12:57 PM -0800 3/1/06, Greg Lindahl wrote:
On Wed, Mar 01, 2006 at 12:52:39PM -0800, Dragon wrote:
Why not disable those notification messages completely and discard the incoming messages from nonmembers?
Because I have a lot of users with several email addresses who forget which one they're subscribed as. I care about every posting.
In that case, just approve those messages and add the poster to the approved senders list.
-- Heather Madrone (heather@madrone.com) http://www.madrone.com
"Everything I never wanted to know I learned from the Internet." -- Morgayn Madrone, age 17
At 12:52 PM -0800 2006-03-01, Dragon wrote:
Why not disable those notification messages completely and discard the incoming messages from nonmembers?
That is what I do on my lists.
My reasoning behind this is that if there is any mail from a nonmember, 99.99% of the time it's a spammer that has sent that message. By silently discarding it, I am not confirming for them that there is a live e-mail address there and (hopefully) reducing the number of attempts to spam the address in the future.
We've had this discussion in the past.
On the one hand, responding to spoofed e-mail addresses is a form of blowback, and could potentially be considered spam in and of itself. This behaviour could be easily abused by attackers to cause your mail servers to DoS anyone else they want -- all they have to do is generate garbage e-mail at high rates of speed in the name of their victim.
On the other hand, not informing people that their posts are not being accepted to the mailing list (because they're not subscribed, or whatever) is guaranteed to cause you to lose legitimate messages. For example, if you run a mailing list intended to support the leading Free/Open Source Developers conference in Europe and you set up your list this way, you are guaranteed to get a lot of grief from various subscribers on the list because posts they made months ago were silently dropped and never went through. Now that months have passed and they asked their question with a reasonable amount of time for a response, but the question never got through, well ... everyone is screwed.
Either way, it's not something that I care about nor is it something that I believe needs an explanatory message sent back to the sender.
If you accept that nothing important ever gets sent to the list, and that any message can be casually thrown away for any reason, then that's a reasonable response.
Otherwise, you may have some tougher choices to make.-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755LOPSA member since December 2005. See <http://www.lopsa.org/>.
On Wed, 1 Mar 2006, Greg Lindahl wrote:
Yahoo users. Well, that's because I get a lot of incoming spam from fake Yahoo accounts to my Mailman, and I have it configured to send back a "you aren't a member" message.
Is there any way to suppress "you aren't a member" only for Yahoo senders?
How about supressing them all together, so you aren't part of a DDOS attack on the people forged into the spam ?
========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Like most people who've been running mailing lists for 20+ years, I have strong opinions about list policy. Please address the mechanism I asked for instead of seeking to discuss the policy issues.
-- greg
On Wed, 1 Mar 2006, Greg Lindahl wrote:
Like most people who've been running mailing lists for 20+ years, I
Funny, I would have guessed this was your first, comming from a marketing background with the selfishness you are showing.
have strong opinions about list policy. Please address the mechanism I asked for instead of seeking to discuss the policy issues.
Would you like to provide the IP of your mailman server, so we can block just that and not your whole domain ?
Sorry, when you get 1,000 AN HOUR of autoreplies for mail you didn't send you look at it differently.
But you want operational, put SpamAssassin or some other filter in front so you don't reply to spam at all.
========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
On Wed, Mar 01, 2006 at 04:34:18PM -0500, Christopher X. Candreva wrote:
On Wed, 1 Mar 2006, Greg Lindahl wrote:
Like most people who've been running mailing lists for 20+ years, I
Funny, I would have guessed this was your first, comming from a marketing background with the selfishness you are showing.
I am new to this list, I didn't realize personal insults were so popular.
Note that Yahoo groups has the flaw you dislike.
-- greg
On 3/1/06, Greg Lindahl <lindahl@pbm.com> wrote:
I am new to this list, I didn't realize personal insults were so popular.
List policy seems to be a pretty touch subject around here, especially when it comes to lists being configured to act as good citizens, as it were.
Personally, I'm also of the opinion that you're better off no replies than sending replies to everyone. Thankfully, that isn't the choice you have ot make; SpamDetect with some spam detection scheme of your choice should get the job done.
- Patrick Bogen
At 4:34 PM -0500 2006-03-01, Christopher X. Candreva wrote:
Like most people who've been running mailing lists for 20+ years, I
Funny, I would have guessed this was your first, comming from a marketing background with the selfishness you are showing.
Selfishness? I think you might want to look in the mirror first.have strong opinions about list policy. Please address the mechanism I asked for instead of seeking to discuss the policy issues.
Would you like to provide the IP of your mailman server, so we can block just that and not your whole domain ?
We run python.org this way. How about we just ban you from all the lists on python.org?
Sorry, when you get 1,000 AN HOUR of autoreplies for mail you didn't send you look at it differently.
When you get 2GB worth of syslog data in less than a 24 hour period of time, or when you've worked at a site handling tens of millions of e-mail messages per day, or when you've been personally blamed for taking out all e-mail across the entire Internet and resulting in the bankruptcies of more than a few companies as well as some personal bankruptcies as well, you develop a certain perspective on things.
But you want operational, put SpamAssassin or some other filter in front so you don't reply to spam at all.
Just because you run SpamAssassin (or any other anti-spam filtering system) doesn't mean that some spam won't slip through. Run a large enough site, and when even a relatively small percentage slips through, you're still talking about large amounts of bogus stuff that you've got to try to deal with.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755LOPSA member since December 2005. See <http://www.lopsa.org/>.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Greg,
Like most people who've been running mailing lists for 20+ years, I have strong opinions about list policy. Please address the mechanism I asked for instead of seeking to discuss the policy issues.
You have a policy problem with your MTA, not your MLM.
Your MTA SHOULD NOT accept email that it won't deliver. Your MTA
SHOULD reject email it can't or won't deliver. Reject, not bounce.
You are running a server that is a significant source of backscatter,
and that hurts the Internet (and you). It's not as bad as spamming,
and it's not as bad as silently discarding email (as some have
suggested) but you should fix it.
The solution is MTA-dependent, and I don't recall seeing any help in the Mailman FAQ, but it's been a while since I looked.
- H-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin)
iD8DBQFEBzGaOy/dHTCUq6oRAtPkAKDKxYUCnhat9mAqCKnYeE8DMRvTLQCgz9J7 xDCG4orxU1nN1vXf4PQdbcY= =IY5u -----END PGP SIGNATURE-----
At 9:55 AM -0800 2006-03-02, Harold Paulson wrote:
Like most people who've been running mailing lists for 20+ years, I have strong opinions about list policy. Please address the mechanism I asked for instead of seeking to discuss the policy issues.
You have a policy problem with your MTA, not your MLM.
Actually, you're wrong. This is a problem with the MLM which causes problems for the MTA.
Your MTA SHOULD NOT accept email that it won't deliver.
You get an e-mail message from fred@yahoo.com, which is obviously a valid domain, and presumably a valid sender address. This address is sending a message to one of your mailing lists -- how is the MTA to know that the MLM would hold the message for moderation or reject the message because the sender is not a subscriber to the list?
How could this possibly be a pure MTA problem?Your MTASHOULD reject email it can't or won't deliver. Reject, not bounce.
That is not at all the case here. Please don't mis-apply an appropriate solution to one problem to another problem that may appear to be similar, but is in fact totally different.
The solution is MTA-dependent, and I don't recall seeing any help in the Mailman FAQ, but it's been a while since I looked.
That's because it's not an MTA problem.
Basically, you've got to choose between the lesser of two evils. Neither solution is "good", as they both have serious consequences for your users and the community as a whole. For some people, one solution will be better. For others, the alternative choice is better.
You need to look at your own situation and make up your own mind as to which is the better choice for you. You need to be prepared to re-visit that decision in the future, in case the situation changes.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755LOPSA member since December 2005. See <http://www.lopsa.org/>.
Is there any way to suppress "you aren't a member" only for Yahoo senders? Not that I know of- probably not without hacking the module that sends
On 3/1/06, Christopher X. Candreva <chris@westnet.com> wrote: them. However, Since SpamDetect is the first thing in the pipeline, if you can convince your mail system to scan the messages with something like SpamAssassin first, then you can set header_filter_rules for your lists to discard these spam messages.
- Patrick Bogen
Are you getting explicit REJECT messages from Yahoo! or some other error?
For what it's worth, I think Yahoo may have changed something internally lately, like their DNS MX records, you may want to check out what address your MTA is trying to send the messages to and compare to dig or nslookup for the Yahoo MX records. Maybe you have some stale DNS info, or old messages in the queue that are trying to send to the wrong address.
You may also want to check out some of the RBL lists to find out if you are on any of them, there are some very good multi-RBL search tools out there. Chances are that Yahoo! is rejecting you based on RBL data from someone else and not their own internal data. Google "RBL lookup tool" or try one of these:
http://www.completewhois.com/rbl_lookup.htm http://www.mail-abuse.com/lookup.html http://www.senderbase.org/search
Greg Lindahl wrote:
Yahoo is delaying delivery of mail from my domain because I look like I'm spamming them -- my machine sends a lot of email to non-existent Yahoo users. Well, that's because I get a lot of incoming spam from fake Yahoo accounts to my Mailman, and I have it configured to send back a "you aren't a member" message.
Jonathan
On Wed, Mar 01, 2006 at 05:43:07PM -0500, Jonathan Dill wrote:
Are you getting explicit REJECT messages from Yahoo! or some other error?
I'm getting 4XX frequently, and occasionally:
7E7E824F81 634 Wed Mar 1 09:03:21 bar@baz.com (host mx3.mail.yahoo.com[67.28.113.10] said: 451 VS5-MF Excessive unknown recipients - possible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5) 205.217.153.43 (in reply to MAIL FROM command)) foo@yahoo.com
What I think this means is that they're noticing that I originate too much email to Yahoo users that don't exist. It comes and goes, which is what you would expect for a real-time check.
(FYI, I'm not an open relay, and I'm not in the RBL's you suggested I check.)
-- greg
Greg Lindahl wrote:
7E7E824F81 634 Wed Mar 1 09:03:21 bar@baz.com (host mx3.mail.yahoo.com[67.28.113.10] said: 451 VS5-MF Excessive unknown recipients - possible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5) 205.217.153.43 (in reply to MAIL FROM command)) foo@yahoo.com
I find a lot of stuff by Googling "VS5-MF Excessive unknown recipients", apparently Yahoo may be doing something that is not RFC-compliant, so your MTA doesn't know that it should stop trying to resend the message:
http://forum.futuresoft.com/forum/Default.aspx?g=posts&t=248
(FYI, I'm not an open relay, and I'm not in the RBL's you suggested I check.)
I'm not an open relay either, but it would not be the first time that a server that is not an open relay got on an RBL either--I have seen that happen at least twice. Also, there are some st00pid RBLs out there run by people who don't know what they are doing.
Also, it doesn't sound like the problem in your case, but it's possible for a server to have eg. a vulnerable formail script or the like, so it is not an open relay per se, but still routing spam.
Jonathan
On Wed, Mar 01, 2006 at 08:39:55PM -0500, Jonathan Dill wrote:
I find a lot of stuff by Googling "VS5-MF Excessive unknown recipients", apparently Yahoo may be doing something that is not RFC-compliant, so your MTA doesn't know that it should stop trying to resend the message:
Interesting forum posting -- since it's from June 2005, doesn't look like this will be resolved any time soon.
I'm leaning towards greylisting with postgrey, it looks like it's a lot cheaper than the cpu power needed to run all that spam through spamassassin.
BTW, "discard_these_nonmembers" looks like it does exactly what I originally asked for. Doh!
-- g
It would be nice to have this feature: the list owner, 2) do not reply to the sender
- if an email is marked as spam using "Spam Filter" in mailman, differ the email and: 1) do not sent the body of the email to
Meaby this is a big feature request, but mailman does not play very well with spam/virus :(
Thanks Oliver
Greg Lindahl wrote:
Yahoo is delaying delivery of mail from my domain because I look like I'm spamming them -- my machine sends a lot of email to non-existent Yahoo users. Well, that's because I get a lot of incoming spam from fake Yahoo accounts to my Mailman, and I have it configured to send back a "you aren't a member" message.
Is there any way to suppress "you aren't a member" only for Yahoo senders?
-- greg
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/oliver%40samera.com.py
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
-- Oliver Schulze L. <oliver@samera.com.py>
At 9:47 AM -0300 2006-03-03, Oliver Schulze L. wrote:
It would be nice to have this feature: the list owner, 2) do not reply to the sender
- if an email is marked as spam using "Spam Filter" in mailman, differ the email and: 1) do not sent the body of the email to
Meaby this is a big feature request, but mailman does not play very well with spam/virus :(
You could certainly go to the appropriate SourceForge page and check to see if this RFE is already on the system, and if not then you could file it yourself. But if the RFE isn't filed on SourceForge, then we really don't have a way to track it, and it's much less likely to ever get addressed.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755LOPSA member since December 2005. See <http://www.lopsa.org/>.
Good idea, will do ;)
Brad Knowles wrote:
You could certainly go to the appropriate SourceForge page andcheck to see if this RFE is already on the system, and if not then you could file it yourself. But if the RFE isn't filed on SourceForge, then we really don't have a way to track it, and it's much less likely to ever get addressed.
-- Oliver Schulze L. <oliver@samera.com.py>
Done: http://sourceforge.net/tracker/index.php?func=detail&aid=1443069&group_id=103&atid=350103 http://sourceforge.net/tracker/index.php?func=detail&aid=1219887&group_id=103&atid=350103
BTW, there are many RFE that are not asigned, is that normal?
Thanks Oliver
Brad Knowles wrote:
You could certainly go to the appropriate SourceForge page andcheck to see if this RFE is already on the system, and if not then you could file it yourself. But if the RFE isn't filed on SourceForge, then we really don't have a way to track it, and it's much less likely to ever get addressed.
--
Oliver Schulze L. <oliver@samera.com.py>
At 11:59 AM -0300 2006-03-04, Oliver Schulze L. wrote:
BTW, there are many RFE that are not asigned, is that normal?
That may just mean that no one has gone in recently and assigned them. There are a limited number of people who are involved in this process, and they may just not have had much time to work on this kind of stuff recently.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755LOPSA member since December 2005. See <http://www.lopsa.org/>.
participants (10)
-
Brad Knowles -
Christopher X. Candreva -
Dragon -
Greg Lindahl -
Harold Paulson -
Heather Madrone -
Jon Krause -
Jonathan Dill -
Oliver Schulze L. -
Patrick Bogen