Apparently our host provider performs spam tests only on outgoing, rather than incoming - since my spamassassin blacklists don't have any effect.
So I've discovered the filters offered in Mailman after being completely buried by spammers trying to post to our subscriber only list.
I've started putting these in Sender Filters:
^[^@]+@bcira\.com$ ^[^@]+@airablo\.com$ ^[^@]+@bfklaw\.com$ ^[^@]+@bettella\.com$ ^[^@]+@areallycool\.com$ ^[^@]+@aristo-tec\.com$ ^[^@]+@benallgood\.com$ ^[^@]+@al-meshkah\.com$ ^[^@]+@atoccs\.stream$ ^[^@]+@authors\.com$ ^[^@]+@aulson\.com$ ^[^@]+@atmyx\.bid$ ^[^@]+@airtecperforms\.com$
but what is the syntax for blocking domains ending in .loan .stream .trade
etc, other than .com.
I've been reading up on python expressions but at first reading it is a bit overwhelming - hoping for a simple example.
I've also started adding in words under Spam filters such as:
^Subject: .*Phentermine ^Subject: .*F\*buddy ^Subject: .*H00kup ^Subject: .*InstaF\*ck ^Subject: .*Instacheat
Wondering if anyone would care to share their lists of filters - or a good resource?
thanks, Jim
On 09/20/17 15:59, Jim Dory wrote:
Apparently our host provider performs spam tests only on outgoing, rather than incoming - since my spamassassin blacklists don't have any effect.
So I've discovered the filters offered in Mailman after being completely buried by spammers trying to post to our subscriber only list.
You might try deploying rspamd.
-- Phil Stracchino Babylon Communications phils@caerllewys.net phil@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
At Wed, 20 Sep 2017 11:59:37 -0800 Jim Dory <james@dorydesign.com> wrote:
Apparently our host provider performs spam tests only on outgoing, rather than incoming - since my spamassassin blacklists don't have any effect.
So I've discovered the filters offered in Mailman after being completely buried by spammers trying to post to our subscriber only list.
I've started putting these in Sender Filters:
^[^@]+@bcira\.com$ ^[^@]+@airablo\.com$ ^[^@]+@bfklaw\.com$ ^[^@]+@bettella\.com$ ^[^@]+@areallycool\.com$ ^[^@]+@aristo-tec\.com$ ^[^@]+@benallgood\.com$ ^[^@]+@al-meshkah\.com$ ^[^@]+@atoccs\.stream$ ^[^@]+@authors\.com$ ^[^@]+@aulson\.com$ ^[^@]+@atmyx\.bid$ ^[^@]+@airtecperforms\.com$
but what is the syntax for blocking domains ending in .loan .stream .trade
^[^@]+@.+\.loan$ ^[^@]+@.+\.stream$ ^[^@]+@.+\.trade$
etc.
Just replace the "host" part with .+ (== 1 or more of any character) and replace com with loan, stream, trade, etc. Thus, for example:
^[^@]+@.+\.loan$
matches any of these:
someidiot@getaloan.loan freemoney@instantloan.loan brreakyourlegs@loanshark.loan
(and many more).
etc, other than .com.
I've been reading up on python expressions but at first reading it is a bit overwhelming - hoping for a simple example.
I've also started adding in words under Spam filters such as:
^Subject: .*Phentermine ^Subject: .*F\*buddy ^Subject: .*H00kup ^Subject: .*InstaF\*ck ^Subject: .*Instacheat
Wondering if anyone would care to share their lists of filters - or a good resource?
thanks, Jim
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
-- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller@deepsoft.com -- Webhosting Services
Great, thanks!
This should help a lot,
regards, Jim
On Wed, Sep 20, 2017 at 1:29 PM, Robert Heller <heller@deepsoft.com> wrote:
At Wed, 20 Sep 2017 11:59:37 -0800 Jim Dory <james@dorydesign.com> wrote:
Apparently our host provider performs spam tests only on outgoing, rather than incoming - since my spamassassin blacklists don't have any effect.
So I've discovered the filters offered in Mailman after being completely buried by spammers trying to post to our subscriber only list.
I've started putting these in Sender Filters:
^[^@]+@bcira\.com$ ^[^@]+@airablo\.com$ ^[^@]+@bfklaw\.com$ ^[^@]+@bettella\.com$ ^[^@]+@areallycool\.com$ ^[^@]+@aristo-tec\.com$ ^[^@]+@benallgood\.com$ ^[^@]+@al-meshkah\.com$ ^[^@]+@atoccs\.stream$ ^[^@]+@authors\.com$ ^[^@]+@aulson\.com$ ^[^@]+@atmyx\.bid$ ^[^@]+@airtecperforms\.com$
but what is the syntax for blocking domains ending in .loan .stream .trade
^[^@]+@.+\.loan$ ^[^@]+@.+\.stream$ ^[^@]+@.+\.trade$
etc.
Just replace the "host" part with .+ (== 1 or more of any character) and replace com with loan, stream, trade, etc. Thus, for example:
^[^@]+@.+\.loan$
matches any of these:
someidiot@getaloan.loan freemoney@instantloan.loan brreakyourlegs@loanshark.loan
(and many more).
etc, other than .com.
I've been reading up on python expressions but at first reading it is a
bit
overwhelming - hoping for a simple example.
I've also started adding in words under Spam filters such as:
^Subject: .*Phentermine ^Subject: .*F\*buddy ^Subject: .*H00kup ^Subject: .*InstaF\*ck ^Subject: .*Instacheat
Wondering if anyone would care to share their lists of filters - or a good resource?
thanks, Jim
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/ mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/ heller%40deepsoft.com
-- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller@deepsoft.com -- Webhosting Services
Sorry, I've been ignoring Mailman for a few days, and I guess you've got a solution that works already. This is a pair of alternatives that each have some advantages and disadvantages compared to your regexp-based solution. FWIW, YMMV
Jim Dory writes:
Apparently our host provider performs spam tests only on outgoing, rather than incoming - since my spamassassin blacklists don't have any effect.
Your spamassassin blacklists will have no effect on Mailman, since Mailman is not you. Ask your provider how to configure this. I strongly recommend this in preference to any measures in Mailman as it reduces the burden on the host.
So I've discovered the filters offered in Mailman after being completely buried by spammers trying to post to our subscriber only list.
I suppose you have cPanel, and I don't know much about their web management interface. If it's similar to vanilla Mailman, in Privacy Filters -> Sender Filters near the bottom, there is an option "generic_nonmember_action". You can set that to Discard if you're sufficiently sure that members always use their subscribed address, or are willing to have members using unsubscribed addresses to post have their posts silently discarded.
I recommend STRONGLY against using Reject, as that often results in "backscatter", which is spam to "borrowed" addresses in "From".
This measure will be effective against all of the spammers in the list below. It will not work against spammers who spoof your subscribers' addresses.
HTH
Steve
Thanks for the reply Stephen,
I opened a trouble ticket to see if the host support had a solution to all the spam. They suggested setting the spam reject score in SpamAssassin for our VPS server at 3.5. When I had it set earlier at 5, it started marking member's posts as spam and rejected them. Didn't seem to fix when I moved that score number to 1, though that might not be a proper number to use, I don't know.
Anyway, the spam didn't really stop with that measure. No idea why.. the list's domain is the only one on that vps server. So I have resorted to using mailman settings. I have set the Sender Filters and the header filters to filter out certain subject phrases and words and to auto-discard. I get auto-discard notices of about 150 to 200 per day, but since they are stacked in just a couple notices it isn't difficult to delete. So I'm considering the problem solved unless the host complains about our traffic. Whatever I did, I haven't had a single spam get through my filters yet and no complaints from members about false positives. The spammers attacking us must not be very smart, though they are persistent.
/jim
On Thu, Sep 28, 2017 at 10:46 PM, Stephen J. Turnbull < turnbull.stephen.fw@u.tsukuba.ac.jp> wrote:
Sorry, I've been ignoring Mailman for a few days, and I guess you've got a solution that works already. This is a pair of alternatives that each have some advantages and disadvantages compared to your regexp-based solution. FWIW, YMMV
Jim Dory writes:
Apparently our host provider performs spam tests only on outgoing, rather than incoming - since my spamassassin blacklists don't have any effect.
Your spamassassin blacklists will have no effect on Mailman, since Mailman is not you. Ask your provider how to configure this. I strongly recommend this in preference to any measures in Mailman as it reduces the burden on the host.
So I've discovered the filters offered in Mailman after being completely buried by spammers trying to post to our subscriber only list.
I suppose you have cPanel, and I don't know much about their web management interface. If it's similar to vanilla Mailman, in Privacy Filters -> Sender Filters near the bottom, there is an option "generic_nonmember_action". You can set that to Discard if you're sufficiently sure that members always use their subscribed address, or are willing to have members using unsubscribed addresses to post have their posts silently discarded.
I recommend STRONGLY against using Reject, as that often results in "backscatter", which is spam to "borrowed" addresses in "From".
This measure will be effective against all of the spammers in the list below. It will not work against spammers who spoof your subscribers' addresses.
HTH
Steve
On 09/29/2017 12:13 AM, Jim Dory wrote:
I opened a trouble ticket to see if the host support had a solution to all the spam. They suggested setting the spam reject score in SpamAssassin for our VPS server at 3.5. When I had it set earlier at 5, it started marking member's posts as spam and rejected them. Didn't seem to fix when I moved that score number to 1, though that might not be a proper number to use, I don't know.
SpamAssassin scores measure "spaminess"; the higher the score, the more likely the message is spam. If a threshold of 5 gives false positives, 1 will give many more false positives. If you are getting too many false positives, you need to raise the reject score, not lower it. Or, you can adjust the score for rules that contribute too much to false positives.
There are a lot of things you can do with custom rules and scoring in SpamAssassin, but this is not the list for discussing that.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 09/29/17 03:13, Jim Dory wrote:
The spammers attacking us must not be very smart, though they are persistent.
The truth, I think, is that *most* spammers aren't very smart. The smart ones have figured out that the real money isn't in spamming, it's in selling spamming tools and spam hosting to the ones who haven't figured that out yet.
-- Phil Stracchino Babylon Communications phils@caerllewys.net phil@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
I just added a new list where I wanted to experiment with the topics feature. But after adding the list, the list_lists utility no longer works:
Traceback (most recent call last): File "/home/mladmin/Util/MM2/list_lists", line 130, in <module> main() File "/home/mladmin/Util/MM2/list_lists", line 100, in main mlist = MailList.MailList(n, lock=0) File "/usr/local/mailman/Mailman/MailList.py", line 131, in __init__ self.Load() File "/usr/local/mailman/Mailman/MailList.py", line 698, in Load self.CheckValues() File "/usr/local/mailman/Mailman/MailList.py", line 780, in CheckValues for name, pattern, desc, emptyflag in self.topics: ValueError: too many values to unpack
And when I tried to delete the list, I got a similar error:
$ ~mailman/bin/rmlist test.list.topics Not removing archives. Reinvoke with -a to remove them. Traceback (most recent call last): File "/usr/local/mailman/bin/rmlist", line 161, in <module> main() File "/usr/local/mailman/bin/rmlist", line 116, in main mlist = MailList.MailList(listname, lock=0) File "/usr/local/mailman/Mailman/MailList.py", line 131, in __init__ self.Load() File "/usr/local/mailman/Mailman/MailList.py", line 698, in Load self.CheckValues() File "/usr/local/mailman/Mailman/MailList.py", line 780, in CheckValues for name, pattern, desc, emptyflag in self.topics: ValueError: too many values to unpack
I am assuming it is this last list that I added that is causing the problem. How can I back this out without using the rmlist utility?
Using Mailman version: 2.1.20
-- Cordially, the UNH Mailing List Server Admins Bill Costa, Adjunct Admin (603) 862-3056
On 03/07/2018 10:31 AM, The Mailing List Server Admin wrote:
I just added a new list where I wanted to experiment with the topics feature. But after adding the list, the list_lists utility no longer works:
Traceback (most recent call last): File "/home/mladmin/Util/MM2/list_lists", line 130, in <module> main() File "/home/mladmin/Util/MM2/list_lists", line 100, in main mlist = MailList.MailList(n, lock=0) File "/usr/local/mailman/Mailman/MailList.py", line 131, in __init__ self.Load() File "/usr/local/mailman/Mailman/MailList.py", line 698, in Load self.CheckValues() File "/usr/local/mailman/Mailman/MailList.py", line 780, in CheckValues for name, pattern, desc, emptyflag in self.topics: ValueError: too many values to unpack
It is not clear what went wrong or how or why, but there is bad data in this list's topics attribute.
To "fix" the problem just move the lists/LISTNAME directory containing the config.pck and perhaps a few other files out of the lists/ directory.
However, I would be interested in knowing what's wrong and how it happened. Unfortunately, this issue probably prevents even running withlist on this list. I.e., Mailman's 'bin/withlist LISTNAME' will probably throw the same error.
You could help me however by sending me off list the lists/LISTNAME/config.pck and lists/LISTNAME/config.pck.last files, and also, if you can recall, telling what you entered in the list's topics that precipitated this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro recently wrote...
I would be interested in knowing what's wrong and how it happened. Unfortunately, this issue probably prevents even running withlist on this list. I.e., Mailman's 'bin/withlist LISTNAME' will probably throw the same error.
It does. I did try compiling the original configuration file I used to create the list and there were no syntax errors. But then I would expect a config file with syntax errors not to be accepted when creating a new list.
To "fix" the problem just move the lists/LISTNAME directory containing the config.pck and perhaps a few other files out of the lists/ directory.
That worked and was my first instinct, but I didn't know if that
might cause other issues -- having a list directory that Mailman
was 'expecting' to suddenly be gone. In any case, moving the
list's own subdirectory out of ~mailman/lists directory got the
list_lists command line and mailman/listinfo web page working
again.
So the good news is that it was definitely this new list that threw a spanner into the machinery, and not some other mysterious event.
Thanks for the fix. The files you requested are on the way.
-- Cordially, the UNH Mailing List Server Admins Bill Costa, Adjunct Admin (603) 862-3056
participants (6)
-
Jim Dory -
Mark Sapiro -
Phil Stracchino -
Robert Heller -
Stephen J. Turnbull -
The Mailing List Server Admin