[Mailman-Users] Help interpreting message bounces
brad at shub-internet.org
Mon Sep 24 20:39:59 CEST 2007
On 9/24/07, Steve Waage wrote:
> I'm running Mailman 2.1.5 on FreeBSD 5.5 and have been getting lots
> of entries like the following in my syslog email every morning.
Syslog e-mail? I'm not sure I understand what you're talking about.
So far as I know, syslog is written to a file, and you can look at
that file with any program that can pull in standard ASCII text. But
that file doesn't look anything like what you've displayed.
> The bounce addresses are disguised but legitimate ... the addresses
> that have been "Deferred" are not on my lists. I may be missing a basic
> "spam-proofing" setting ?? Or have they just harvested my listnames in
> an attempt to get their junk-mail past others email spam-blockers??
Odds are, they tried to spam you, you tried to auto-respond to them
to tell them that their message is being held pending human review,
but the auto-responses are not able to get back to them because they
had forged a fake address in the first place. This is a typical
side-effect of the spam problem when combined with auto-replies from
mailing list management software.
The technical term for this is "back scatter", which is being
generated by your server in response to the spam.
> Can I prevent this?
You could configure Mailman to avoid auto-replies to messages where
the sender is not subscribed and the message is being held for
moderation, but that would be pretty unfriendly to the real human
beings who try to use your list.
You've got to decide where you want to try to strike this balance
with your servers. If Mailman wasn't smart about avoiding excessive
auto-replies to the same address, then you could be abused as a DDOS
As it is, Mailman will only send a small number of auto-replies per
day per sender address, so while it may generate a small amount of
"back scatter" when configured like this, it can't really effectively
be used as a DDOS amplifier. Which means it's not all that dangerous
to other sites.
So, it's annoying to you, but that's really the biggest problem it
poses. But there are some sites out there that will put you on a
"back scatter" black list if you generate even one single example of
back scatter to them, and you've got to weigh the risk of that
against the significantly increased hassle to real human beings when
they try to post legitimate messages to your system.
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the Mailman-Users