[Mailman-Users] Mailman suddenly passing through spam from the -bounces addresses

Mark Sapiro mark at msapiro.net
Mon May 23 22:06:03 EDT 2016

On 05/23/2016 01:57 PM, Rusty Newton wrote:
> Recently I started receiving a lot of spam on the mailman-bounces@
> addresses where the From address no longer contains the
> mailman-bounces@ address and instead contains the spammer's address.
> In this case the spam doesn't look like bounce traffic. I'm wondering
> if someone can help me identify why mailman might let it through? From
> reading documentation and the mailman mail archives I get the
> impression that it should be discarding this traffic. However I can't
> identify why it isn't discarding this non-bounce traffic.
> Here is one example of the spam that comes to the owners addresses via
> mailman-bounces:
> http://pastebin.com/u2HyNLw6
> The list in question has all three bounce notification options set to *no*.
> That is:
> bounce_unrecognized_goes_to_list_owner
> bounce_notify_owner_on_disable
> bounce_notify_owner_on_removal
> With these three options disabled - should I expect mailman to relay
> spam like this to the list owners through mailman-bounces@ ?

Not unless the mailman-bounces address is set to deliver two 'owner'
instead of 'bounces. Is it?

> Is there a way to tell mailman to not send anything from mailman-bounces?

If you mean not to send anything with envelope from a listname-bounces
address, No.

If you mean not to forward or relay any mail sent to a listname-bounces
address, the settings you have should do it.

> Preferably I'd like to have mailman only pass through legitimate
> bounce messages. If that isn't possible then I'd like to find out how
> to disable the traffic from mailman-bounces completely.
> If I haven't provided enough information, let me know and I'll do my
> best to get it for you. Thanks in advance.

I would like to see what's in Mailman's 'bounce' log from around Tue, 19
Apr 2016 11:57:42 -0700 (PDT). I would also like to see what's in the
MTA log from the arrival of the original to the delivery if the message
to you.

That may not be necessary. Upon closer inspection of the message in the
pastebin, it looks most like a message which was sent to the list-owner
address. You could check your MTA logs and find the incoming message. I
expect you'll find the envelope was to the list-owner address.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list