Hi all,
I administrate a Mailinglist where by default only members of the list are allowed to post messages. Lately we have Spam-Emails where the creator uses a "From"-Adress in the form of:
regularListMember@somedomain.com someSpamAddress@dubiosDomain.TLD
Mailman does not block those Emails since the known and allowed Email-adress appears with in the From-Field although it is just part of the name tag. Do you know, if there is some option to deal with the problem or to set a regular-expression to filter out such unwanted mails?
Thanks in advance Sebastian
Most often these spammers are sending from Internet Cafes or from infected home PCs. This generally means that the originating IP *does not have a reverse DNS entry*. This means that the inbound MTA (or some inbound MTA) is going to add a Received: header with 'unknown' as the host it is receiving from.
Putting in a spam filter like this:
Received: from.*(unknown [\d+.\d+.\d+.\d+])
with Hold action will catch these.
(note: *some* E-Mail clients will also do this, so sometimes you will get a legit post from an 'unknown' SMTP server. Using "hold" allows you to pass those along.)
Also: If you can install something like Spamassassin+Mimedefang and setting it to include spam scores, you can also have a spam filter for that.
Also you can look at the full headers and look at the Received: headers.
Sometimes the anon. IP address do have a reverse DNS entry (eg something like
nnn-nnn-nnn-nnn-dsl-home-network.telecom.ru or some such nonsense -- something
other than a more typical outboundmail.someprovider.com). In which
case you can craft a spam filter for those as well.
At Thu, 5 Oct 2017 11:24:18 +0200 "Sebastian Jung" Jung.Jena@gmx.de wrote:
Hi all,
I administrate a Mailinglist where by default only members of the list are allowed to post messages. Lately we have Spam-Emails where the creator uses a "From"-Adress in the form of:
regularListMember@somedomain.com someSpamAddress@dubiosDomain.TLD
Mailman does not block those Emails since the known and allowed Email-adress appears with in the From-Field although it is just part of the name tag. Do you know, if there is some option to deal with the problem or to set a regular-expression to filter out such unwanted mails?
Thanks in advance Sebastian
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
On 10/05/2017 02:24 AM, Sebastian Jung wrote:
Hi all,
I administrate a Mailinglist where by default only members of the list are allowed to post messages. Lately we have Spam-Emails where the creator uses a "From"-Adress in the form of:
regularListMember@somedomain.com someSpamAddress@dubiosDomain.TLD
Mailman does not block those Emails since the known and allowed Email-adress appears with in the From-Field although it is just part of the name tag.
That is not the reason why Mailman is allowing this post as a member post. Mailman understands the difference between a display name and an email address in a From: header.
Mailman's membership checks look at more than just From:. By default, Mailman looks at the From: header, the envelope sender and the Reply-To: and Sender: headers. If any of those which exists contains a list member address, the post is considered to be from the member.
You can reduce that list installation wide by putting a setting for SENDER_HEADERS in Mailman/mm_cfg.py - see the documentation in Mailman/Defaults.py. For example, putting
SENDER_HEADERS = ('from',) in mm_cfg.py will mean only the From: header is checked for list membership.
Note also that you won't see the original envelope sender or Sender: header in the delivered post or archives nor will you see the original Reply-To: if the list is configured to remove it, but the original envelope sender and Sender: if any will be in the archives/private/LISTNAME.mbox/LISTNAME.mbox file. and the envelope sender will probably be in MTA logs.
participants (3)
-
Mark Sapiro -
Robert Heller -
Sebastian Jung