[Mailman-Users] getting lots of approval requests for spammers
mark at msapiro.net
Thu Oct 27 21:07:14 EDT 2016
On 10/27/2016 08:24 AM, Jim Dory wrote:
> I'm getting a ton of spam posting attempts to our subscriber only email
> list - in the order of about 100 to 150 per day and growing. As I need to
> keep a look out for actual member requests (sometimes a member wants to
> unsubscribe or is having some problem - a non member wants to subscribe) I
> have to look through these approval headers to make sure it isn't a local
> person wanting something. So it becomes a pain. Most spammers use obvious
> emails so I can mass delete them (harder on my phone when managing the
> mail) but I'm wondering if there is something I can do to stem the flow.
> I'm with Hawkhost on a VPS plan (virtual private server) so I have a bit of
> control - but don't know much about what to do - if there are access/deny
> lists I can somehow use.
At a minimum you should have SpamAssassin and ClamAV scanning your mail
during incoming mail processing before it ever gets to Mailman.
Greylisting can also help. See
<http://wiki.apache.org/spamassassin/IntegratedInMta> for Spamassassin
and for ClamAV see <http://www.clamav.net/documentation> and google
Also see <http://sanesecurity.com/usage/signatures> for info about 3rd
party ClamAV signatures for detecting spam.
For a more comprensive package, see <https://www.mailscanner.info/>.
> I did enable some spam controls but it didn't seem
> to do anything. It would have to a server level deny list I assume like
> iptables or something to reject known spammers at least, or whole domains
> like from foreign companies (.it, .br, .ch , etc) and perhaps some spoofing
> going on from the likes of domains such as hilton.k12.ny.us
> <cortez_josephine at hilton.k12.ny.us>.
You can do things in the MTA itself. For example Postfix can do header
checks and body checks and take various actions based on regexp matches.
There are many other tools and techniques beyond the scope of this list.
Within Mailman itself, you can use Privacy options... -> Spam filters ->
header_filter_rules to take various actions based of regexp matcthes on
the message headers, and there's also the possibility to use regexps in
Privacy options... -> Sender filters -> discard_these_nonmembers.
The caveat here is you want to discard and not reject because reject
causes backscatter to the generally innocent spoofed sender. This means
with header_filter_rules in particular you need to avoid false positives
to avoid silently discarding legitimate mail.
Avoiding backscatter is the main reason why the best solutions reject
the mail at incoming SMTP time.
Note that you can't use iptables because a great deal of spam comes from
botnets and the IPs are all over and not consistent.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users