[Mailman-Users] Help interpreting message bounces

Brad Knowles brad at shub-internet.org
Mon Sep 24 20:39:59 CEST 2007 

On 9/24/07, Steve Waage wrote:

>     I'm running Mailman 2.1.5 on FreeBSD 5.5 and have been getting lots
>  of entries like the following in my syslog email every morning.

Syslog e-mail?  I'm not sure I understand what you're talking about. 
So far as I know, syslog is written to a file, and you can look at 
that file with any program that can pull in standard ASCII text.  But 
that file doesn't look anything like what you've displayed.

>     The bounce addresses are disguised but legitimate ... the addresses
>  that have been "Deferred" are not on my lists.   I may be missing a basic
>  "spam-proofing" setting ??  Or have they just harvested my listnames in
>  an attempt to get their junk-mail past others email spam-blockers??

Odds are, they tried to spam you, you tried to auto-respond to them 
to tell them that their message is being held pending human review, 
but the auto-responses are not able to get back to them because they 
had forged a fake address in the first place.  This is a typical 
side-effect of the spam problem when combined with auto-replies from 
mailing list management software.

The technical term for this is "back scatter", which is being 
generated by your server in response to the spam.

>     Can I prevent this?

You could configure Mailman to avoid auto-replies to messages where 
the sender is not subscribed and the message is being held for 
moderation, but that would be pretty unfriendly to the real human 
beings who try to use your list.

You've got to decide where you want to try to strike this balance 
with your servers.  If Mailman wasn't smart about avoiding excessive 
auto-replies to the same address, then you could be abused as a DDOS 
amplifier.

As it is, Mailman will only send a small number of auto-replies per 
day per sender address, so while it may generate a small amount of 
"back scatter" when configured like this, it can't really effectively 
be used as a DDOS amplifier.  Which means it's not all that dangerous 
to other sites.

So, it's annoying to you, but that's really the biggest problem it 
poses.  But there are some sites out there that will put you on a 
"back scatter" black list if you generate even one single example of 
back scatter to them, and you've got to weigh the risk of that 
against the significantly increased hassle to real human beings when 
they try to post legitimate messages to your system.

-- 
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the Mailman-Users mailing list