strange postings to non-existant lists
For the last month or two, I get anywhere from 3 or 4 to 20 to 30 postings to non-existent lists on our mailman server. I've been reading of course about the subscribe spamming that folks have been talking about. Is this just someone poking at our mailman machine trying to find something to send spam to, or something more sinister? We use Microsoft filtering for spam, viruses, etc. so all mail I see comes from one of their servers. It's not causing any problems, but just strange to me.
Comments?
Bruce Harrison Univ. of Tennessee at Maritn
Bruce Harrison wrote:
I haven't seen spammers subscribe to the lists properly (i.e, respond to the Mailman response), but I've had a lot of messages going to invalid users at the list domains and also to the subscribe/unsubscribe/request address, which was creating a lot of backscatter.
From my point of view I want to try and avoid accepting and processing spam mail and mail to invalid lists/recipients to try and avoid backscatter. I installed a local copy of SpamAssassin which seems to be working really well and rejects spam over a score of around 7. This seems to let list traffic through whilst blocking the spam messages. I also removed frontline MX servers from the lists domain so they get handled by the Exim server doing the processing, so that any 5XX response that the server sends out causes the spam server to give up, rather than a frontline MX server having to generate the NDR and send it out to the probably innocent party. To this end we used to use MS Office 365 spam scanning on the list domains, but don't use it anymore for this reason.
Hope this helps, Andrew.
Interesting, I may give SpamAssassin a look. Thanks! Mine are almost always mail to invalid lists. My box talks to our local mail processor, which in turn runs off-campus thru the MS filters/scanners and on out.
Bruce UTM
-----Original Message----- From: Andrew Hodgson [mailto:andrew@hodgsonfamily.org] Sent: Tuesday, September 08, 2015 8:58 AM To: Bruce Harrison; mailman-users@python.org Subject: RE: strange postings to non-existant lists
Bruce Harrison wrote:
I haven't seen spammers subscribe to the lists properly (i.e, respond to the Mailman response), but I've had a lot of messages going to invalid users at the list domains and also to the subscribe/unsubscribe/request address, which was creating a lot of backscatter.
From my point of view I want to try and avoid accepting and processing spam mail and mail to invalid lists/recipients to try and avoid backscatter. I installed a local copy of SpamAssassin which seems to be working really well and rejects spam over a score of around 7. This seems to let list traffic through whilst blocking the spam messages. I also removed frontline MX servers from the lists domain so they get handled by the Exim server doing the processing, so that any 5XX response that the server sends out causes the spam server to give up, rather than a frontline MX server having to generate the NDR and send it out to the probably innocent party. To this end we used to use MS Office 365 spam scanning on the list domains, but don't use it anymore for this reason.
Hope this helps, Andrew.
Bruce Harrison writes:
Mine are almost always mail to invalid lists.
What makes you think these are "lists"? Simply the fact that they're addressed to the Mailman machine? Or are they decommissioned lists or something like that? In general, spammers often seem to pick random mailboxes or common ones (like "webmaster"), or ones that appear on websites. A computer users' group once posted "Our meeting will be held in the seminar room at sponsor.com" (the familiar name of the company, like Amazon.com), and sure enough, a couple of spams to "room@sponsor.com" were received.
For spam filtering, besides SpamAssassin, many Mailman lists use SpamBayes. (SpamAssassin is the most popular, but SpamBayes uses a somewhat different approach, so might catch spam that SpamAssassin doesn't.)
Bruce Harrison wrote:
Interesting, I may give SpamAssassin a look. Thanks!
One thing here which I forgot is if your machine is not receiving mail directly, you may have less luck with SpamAssassin due to the mail always coming in from a downstream server. It is easy to overcome but needs more configuration.
Mine are almost always mail to invalid lists.
Are these lists which used to exist, or just random addresses on the system?
My box talks to our local mail processor, which in turn runs off-campus thru the MS filters/scanners and on out.
It's incoming mail we're interested in here, does that get handled directly or via filtering machines to?
Andrew.
These are just random addresses, never existed on my mailman machine. Incoming gets filtered by Microsoft setup.
Bruce UTM
-----Original Message----- From: Andrew Hodgson [mailto:andrew@hodgsonfamily.org] Sent: Tuesday, September 08, 2015 12:23 PM To: Bruce Harrison; mailman-users@python.org Subject: RE: strange postings to non-existant lists
Bruce Harrison wrote:
Interesting, I may give SpamAssassin a look. Thanks!
One thing here which I forgot is if your machine is not receiving mail directly, you may have less luck with SpamAssassin due to the mail always coming in from a downstream server. It is easy to overcome but needs more configuration.
Mine are almost always mail to invalid lists.
Are these lists which used to exist, or just random addresses on the system?
My box talks to our local mail processor, which in turn runs off-campus thru the MS filters/scanners and on out.
It's incoming mail we're interested in here, does that get handled directly or via filtering machines to?
Andrew.
Bruce Harrison wrote:
I haven't seen spammers subscribe to the lists properly (i.e, respond to the Mailman response), but I've had a lot of messages going to invalid users at the list domains and also to the subscribe/unsubscribe/request address, which was creating a lot of backscatter.
From my point of view I want to try and avoid accepting and processing spam mail and mail to invalid lists/recipients to try and avoid backscatter. I installed a local copy of SpamAssassin which seems to be working really well and rejects spam over a score of around 7. This seems to let list traffic through whilst blocking the spam messages. I also removed frontline MX servers from the lists domain so they get handled by the Exim server doing the processing, so that any 5XX response that the server sends out causes the spam server to give up, rather than a frontline MX server having to generate the NDR and send it out to the probably innocent party. To this end we used to use MS Office 365 spam scanning on the list domains, but don't use it anymore for this reason.
Hope this helps, Andrew.
Interesting, I may give SpamAssassin a look. Thanks! Mine are almost always mail to invalid lists. My box talks to our local mail processor, which in turn runs off-campus thru the MS filters/scanners and on out.
Bruce UTM
-----Original Message----- From: Andrew Hodgson [mailto:andrew@hodgsonfamily.org] Sent: Tuesday, September 08, 2015 8:58 AM To: Bruce Harrison; mailman-users@python.org Subject: RE: strange postings to non-existant lists
Bruce Harrison wrote:
I haven't seen spammers subscribe to the lists properly (i.e, respond to the Mailman response), but I've had a lot of messages going to invalid users at the list domains and also to the subscribe/unsubscribe/request address, which was creating a lot of backscatter.
From my point of view I want to try and avoid accepting and processing spam mail and mail to invalid lists/recipients to try and avoid backscatter. I installed a local copy of SpamAssassin which seems to be working really well and rejects spam over a score of around 7. This seems to let list traffic through whilst blocking the spam messages. I also removed frontline MX servers from the lists domain so they get handled by the Exim server doing the processing, so that any 5XX response that the server sends out causes the spam server to give up, rather than a frontline MX server having to generate the NDR and send it out to the probably innocent party. To this end we used to use MS Office 365 spam scanning on the list domains, but don't use it anymore for this reason.
Hope this helps, Andrew.
Bruce Harrison writes:
Mine are almost always mail to invalid lists.
What makes you think these are "lists"? Simply the fact that they're addressed to the Mailman machine? Or are they decommissioned lists or something like that? In general, spammers often seem to pick random mailboxes or common ones (like "webmaster"), or ones that appear on websites. A computer users' group once posted "Our meeting will be held in the seminar room at sponsor.com" (the familiar name of the company, like Amazon.com), and sure enough, a couple of spams to "room@sponsor.com" were received.
For spam filtering, besides SpamAssassin, many Mailman lists use SpamBayes. (SpamAssassin is the most popular, but SpamBayes uses a somewhat different approach, so might catch spam that SpamAssassin doesn't.)
Bruce Harrison wrote:
Interesting, I may give SpamAssassin a look. Thanks!
One thing here which I forgot is if your machine is not receiving mail directly, you may have less luck with SpamAssassin due to the mail always coming in from a downstream server. It is easy to overcome but needs more configuration.
Mine are almost always mail to invalid lists.
Are these lists which used to exist, or just random addresses on the system?
My box talks to our local mail processor, which in turn runs off-campus thru the MS filters/scanners and on out.
It's incoming mail we're interested in here, does that get handled directly or via filtering machines to?
Andrew.
These are just random addresses, never existed on my mailman machine. Incoming gets filtered by Microsoft setup.
Bruce UTM
-----Original Message----- From: Andrew Hodgson [mailto:andrew@hodgsonfamily.org] Sent: Tuesday, September 08, 2015 12:23 PM To: Bruce Harrison; mailman-users@python.org Subject: RE: strange postings to non-existant lists
Bruce Harrison wrote:
Interesting, I may give SpamAssassin a look. Thanks!
One thing here which I forgot is if your machine is not receiving mail directly, you may have less luck with SpamAssassin due to the mail always coming in from a downstream server. It is easy to overcome but needs more configuration.
Mine are almost always mail to invalid lists.
Are these lists which used to exist, or just random addresses on the system?
My box talks to our local mail processor, which in turn runs off-campus thru the MS filters/scanners and on out.
It's incoming mail we're interested in here, does that get handled directly or via filtering machines to?
Andrew.
participants (3)
-
Andrew Hodgson -
Bruce Harrison -
Stephen J. Turnbull