[Mailman-Users] excessive bounce notifications..

Sun May 18 13:45:57 CEST 2008

* Khalil Abbas <khillo100 at hotmail.com> wrote:
> I recieve over 2000 messages from mailman-bounces every day with
> subject: Uncaught bounce notification.. and when opening any message
> it's nothing but another Spam Ad about pills or shoes or other
> stuff.. how can I stop these ADs from being sent to my Admin email?
> it's becoming a real pain as it takes forever to download to the
> inbox.. on the other hand, I don't want to disable the notification
> because sometimes it might be a bounce that mailman couldn't detect
> so I remove it manually from the list ..

If you do not wan't to disable those notifications in Mailman, the
easiest way seems to filter the messages bevor they are delivered to
mailman. This probably involves some configuration in your MTA - but
have you tried out the "Spam Filtering" options in your admin
webinterface? As for your mailserver:

A very effective open source spam filtering tool is amavisd-new which
is written in Perl and can classify incoming messages as ham or spam
using a pre-defined set of rules (to catch typcial pill ads, Nigerian
419 frauds and so on), a Bayes style filter (which you can train to
"learn" which messages are spam), numerous DNS blacklists to e.g. compare
advertised URLs against blacklists and distributed spam tracking
systems like Razor or Pyzor. You can download it at:

http://www.ijs.si/software/amavisd/

Please note that, depending on the volume of messages it has to
filter, amavisd-new might need a non-trivial amount of memory and CPU
time. On a dualcore Opteron with 2 GB RAM, I can filter between four
and eight messages per second.

Another option is to configure your mail server to do more checks on
incoming messages. Since I don't know what MTA you are using, I can
only give you some general guidelines on that: A first step would be
to enforce compliance to the (E)SMTP protocol in you MTA, i.e. reject
the message when the (E)SMTP syntax is invalid or the presented name
in the HELO/EHLO greeting is either invalid or not fully qualified
(you have to THOROUGHLY TEST the latter!). This solution deson't
consume any noticeable ressources. On the aforementioned server, I can
easily handle around 7k rejected mails per second on 100 concurrent,
incoming connections made by spambots.

A second step would be to enforce a technique called greylisting on
hosts which don't have a reverse DNS name or whose hostname looks like
a dialup name, e.g.  "22-22-22-22.dialup.provider.example.org". You
can find information on greylisting at

http://www.greylisting.org/

In terms of resources, greylisting is very cheap. On the
aforementioned server, I can easily handle about 1k rejects per minute
due to hosts not passing greylisting.

As a last step, you can make use of various realtime DNS black lists,
for exampe zen.spamhaus.org. I cannot give you any specific
recommendations on which blacklists to use, and I can't give you any
guidelines on your policy, i.e. whether you want to reject a message
if the sending host is in one, two, three or more blacklists. There
are Postfix style policy daemon, Sendmail style milters and generic
SMTP proxies around which all allow you to configure quite
sophisticated policies on when to reject a message according to DNSBL
hits. For some general information on the use of blacklists, please
refer to your MTA's documentation. On the aforementioned server,
supported by a highly tuned local DNS cache, I can handle about 200
policy decisions per second at most.

Cheers
Stefan