Emails sent directly to "bounce" address
I have one list that has suddenly been receiving an increase in
bounces, and in looking at the bounce emails they appear to be spam
sent directly to the bounce address (ex. list1-
bounces@listdomain.org). From what I can see this email (with
attachments, sometimes virus/trojans) then gets sent as a bounce to
the admins. The admin for this list is receiving all of these emails,
with attachments, and is getting concerned about the volume of
infected attachments she's getting.
Is there any way to filter these emails sent to the bounce address so
that if they are spam they just get discarded. I do have filters set
up for emails sent to the list that filter them out, but since these
don't actually go to the list, but to the bounce address, they don't
appear to be run through that filter system.
Any recommendations on what to do about this, short of creating a new
list, would be appreciated.
An example of the header from an email is pasted below:
Received: (qmail 3486 invoked from network); 18 Sep 2008 14:08:58
-0000 Received: from unknown (HELO pre- smtp36-01.prod.mesa1.secureserver.net) ([10.0.19.136]) (envelope-sender mailman-bounces@ascls-lists.org) by smtp30.prod.mesa1.secureserver.net (qmail-1.03) with SMTP for jrc@rodricon.com; 18 Sep 2008 14:08:58 -0000 Received: (qmail 10030 invoked from network); 18 Sep 2008 14:08:58
-0000 Received: from frodo.clshost.com ([72.249.28.134]) (envelope-sender mailman-bounces@ascls-lists.org) by pre-smtp36-01.prod.mesa1.secureserver.net (qmail- ldap-1.03) with SMTP for jrc@rodricon.com; 18 Sep 2008 14:08:58 -0000 Received: from localhost ([127.0.0.1] helo=frodo.clshost.com) by frodo.clshost.com with esmtp (Exim 4.69) (envelope-from mailman-bounces@ascls-lists.org) id 1KgKBj-0004gT-CX for jrc@rodricon.com; Thu, 18 Sep 2008 08:08:56 -0600 Subject: Uncaught bounce notification From: mailman-bounces@ascls-lists.org To: ascls-sd-members-owner@ascls-lists.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1010536534==" Message-ID:Date: Thu, 18 Sep 2008 08:08:47 -0600 Precedence: bulk X-BeenThere: ascls-sd-members@ascls-lists.org X-Mailman-Version: 2.1.9.cp2 List-Id:
X-List-Administrivia: yes Sender: mailman-bounces@ascls-lists.org Errors-To: mailman-bounces@ascls-lists.org X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report X-AntiAbuse: Primary Hostname - frodo.clshost.com X-AntiAbuse: Original Domain - rodricon.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ascls-lists.org X-Source: X-Source-Args: X-Source-Dir: X-Nonspam: Whitelist--===============1010536534== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
The attached message was received as a bounce, but either the bounce format was not recognized, or no member addresses could be extracted from it. This mailing list has been configured to send all unrecognized bounce messages to the list administrator(s).
For more information see: http://ascls-lists.org/mailman/admin/ascls-sd-members_ascls-lists.org/bounce
--===============1010536534== Content-Type: message/rfc822 MIME-Version: 1.0
Received: from [88.241.214.209] (helo=dsl88.241-54993.ttnet.net.tr) by frodo.clshost.com with esmtp (Exim 4.69) (envelope-from auh@eastern-marine.com) id 1KgKBD-0004X8-ET for ascls-sd-members-bounces@ascls-lists.org; Thu, 18 Sep 2008 08:08:39 -0600 Message-ID: 41363.vortigern@chungen Date: Thu, 18 Sep 2008 12:20:44 +0000 From: "christof suvendu" auh@eastern-marine.com User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: ascls-sd-members-bounces@ascls-lists.org Subject: Why is your love life such a disaster? 1 Content-Type: multipart/alternative; boundary="=_lOWyABl8u1FaKt" X-WhitelistedRCPT-nohdrfromcallback: Yes
This is a multi-part message in MIME format.
Thanks,
J.R. Constance
J.R. Constance writes:
Is there any way to filter these emails sent to the bounce address so
that if they are spam they just get discarded.
Procmail, ClamAV, etc. You should be running such filters on all received mail. If you can't reconfigure the MTA to do this for some reason, the admin can usually run procmail through his/her .forward file.
OK, I have looked at the FAQ and other resources and as technically
proficient as I like to think I am I cannot for the life of me figure
out how to configure this in my environment.
Is there anyone out there who would be willing to assist me with
figuring out how to set this up?
Apache Linux. Mailman 2.1.9.cp2 (cPanel 11.23.6)
If anyone has any experience with getting this set up in a cPanel
environment I'd appreciate any help you're willing to offer.
Thanks,
J.R.
J.R. Constance
On Sep 18, 2008, at 7:58 PM, Stephen J. Turnbull wrote:
J.R. Constance writes:
Is there any way to filter these emails sent to the bounce address so that if they are spam they just get discarded.
Procmail, ClamAV, etc. You should be running such filters on all received mail. If you can't reconfigure the MTA to do this for some reason, the admin can usually run procmail through his/her .forward file.
J.R. Constance wrote:
Is there anyone out there who would be willing to assist me with
figuring out how to set this up?Apache Linux. Mailman 2.1.9.cp2 (cPanel 11.23.6)
If anyone has any experience with getting this set up in a cPanel
environment I'd appreciate any help you're willing to offer.On Sep 18, 2008, at 7:58 PM, Stephen J. Turnbull wrote:
J.R. Constance writes:
Is there any way to filter these emails sent to the bounce address so that if they are spam they just get discarded.
Procmail, ClamAV, etc. You should be running such filters on all received mail. If you can't reconfigure the MTA to do this for some reason, the admin can usually run procmail through his/her .forward file.
You want to run spamassassin and ClamAV or equivalents or possibly MailScanner on incoming mail. You set this up in the MTA (exim on cPanel ?). You possibly set this up in the MTA directly or by having the MTA invoke Procmail to deliver the mail and using Procmail recipes to scan the mail for spam/viruses.
This all happens before Mailman and is a cPanel/MTA question, not a Mailman question.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
J.R. Constance
-
Mark Sapiro
-
Stephen J. Turnbull