[Mailman-Developers] Possible spam attack against MM lists
J C Lawrence
claw at kanga.nu
Wed Sep 1 17:22:59 CEST 2004
On Wed, 01 Sep 2004 15:55:47 +0100
Nigel Metheringham <Nigel.Metheringham at dev.intechnology.co.uk> wrote:
> On Wed, 2004-09-01 at 10:41 -0400, J C Lawrence wrote:
>> On Wed, 01 Sep 2004 11:16:05 +0100 Nigel Metheringham
>> <Nigel.Metheringham at dev.intechnology.co.uk> wrote:
>> I use TMDA as a C/R system in front of all my lists and then remove
>> all posting controls on the lists at the Mailman level. Given that
>> the majority of list members never even try to post, this has been
>> proven a particularly effective control.
> I am wondering about switching to the Mailman members initially
> moderated policy, although I don't really want to increase the load on
> the moderators.
Quite. I implemented the TMDA system for my lists initially just to get
the SPAM load off me as moderator. There's quite a relief in running a
fully moderated list and getting single digit SPAM at the moderation
interface per year.
> Since in this case (which may be isolated or co-incidental) the
> address forged as the sender address is a frequent list poster, using
> TMDA would not seem to add much.
TMDA uses the envelope sender rather than the From: address, which
successfully traps most forged spam/virus mail.
> What might add something would be an option where posters get a
> response back on postings similar to the current message held for
> moderation where they have a choice of actions - post or cancel at a
> minimum.
Yup, and in fact TMDA can be setup to do precisely this: just configure
it to not add confirmants to the whitelist and reword the confirm
request message to read as a posting check.
>> I also put mimefilter (a MIME stripper) in front of the lists to
>> remove dangerous payloads, and then auto-junk messages which end up
>> too short (this doesn't catch much, but just enough to glad of). In
>> 3 years of using this system or earlier variants of it I've had only
>> 12 spam make it through the system. Not ideal, but certainly a
>> tolerable rate.
> Its recently been requested that we start allowing some MIME parts
> through - especially PGP signature types and patch files.
This is precisely why I use mimefilter instead of demine: it can be
configured to leave specific MIME types untouched. I also wrapped
mimefilter in a procmail recipe that skips the mimefilter step if a
special X-header is present. In this way some MIME types can always get
through, and individual members can special case specific messages to
get a particular MIME construct onto the list. So far it has worked
perfectly.
> Loosening the current paranoid content posting policy (which is
> actually there because historically pipermail didn't MIME and I want
> the archives to be sane) is going to open the cracks wider and allow
> some slime to lever things open further...
Yeah, that's always the problem. As I keep telling a few people at
work:
Security (and accounting for that matter) is all about making sure
that people don't do things. Doing our jobs done is all about
actually doing things...
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw at kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
More information about the Mailman-Developers
mailing list