I have one list that has suddenly been receiving an increase in
bounces, and in looking at the bounce emails they appear to be spam
sent directly to the bounce address (ex. list1-
bounces at listdomain.org). From what I can see this email (with
attachments, sometimes virus/trojans) then gets sent as a bounce to
the admins. The admin for this list is receiving all of these emails,
with attachments, and is getting concerned about the volume of
infected attachments she's getting.

Is there any way to filter these emails sent to the bounce address so
that if they are spam they just get discarded. I do have filters set
up for emails sent to the list that filter them out, but since these
don't actually go to the list, but to the bounce address, they don't
appear to be run through that filter system.

Any recommendations on what to do about this, short of creating a new
list, would be appreciated.

An example of the header from an email is pasted below:
Received: (qmail 3486 invoked from network); 18 Sep 2008 14:08:58
-0000
Received: from unknown (HELO pre-
smtp36-01.prod.mesa1.secureserver.net) ([10.0.19.136])
(envelope-sender <mailman-bounces at ascls-lists.org>)
by smtp30.prod.mesa1.secureserver.net (qmail-1.03) with SMTP
for <jrc at rodricon.com>; 18 Sep 2008 14:08:58 -0000
Received: (qmail 10030 invoked from network); 18 Sep 2008 14:08:58
-0000
Received: from frodo.clshost.com ([72.249.28.134])
(envelope-sender <mailman-bounces at ascls-lists.org>)
by pre-smtp36-01.prod.mesa1.secureserver.net (qmail-
ldap-1.03) with SMTP
for <jrc at rodricon.com>; 18 Sep 2008 14:08:58 -0000
Received: from localhost ([127.0.0.1] helo=frodo.clshost.com)
by frodo.clshost.com with esmtp (Exim 4.69)
(envelope-from <mailman-bounces at ascls-lists.org>)
id 1KgKBj-0004gT-CX
for jrc at rodricon.com; Thu, 18 Sep 2008 08:08:56 -0600
Subject: Uncaught bounce notification
From: mailman-bounces at ascls-lists.org
To: ascls-sd-members-owner at ascls-lists.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==============10536534=="
Message-ID: <mailman.121.1221746927.9819.ascls-sd-members_ascls-lists.org at ascls-lists.org
Date: Thu, 18 Sep 2008 08:08:47 -0600
Precedence: bulk
X-BeenThere: ascls-sd-members at ascls-lists.org
X-Mailman-Version: 2.1.9.cp2
List-Id: <ascls-sd-members_ascls-lists.org.ascls-lists.org>
X-List-Administrivia: yes
Sender: mailman-bounces at ascls-lists.org
Errors-To: mailman-bounces at ascls-lists.org
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - frodo.clshost.com
X-AntiAbuse: Original Domain - rodricon.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ascls-lists.org
X-Source:
X-Source-Args:
X-Source-Dir:
X-Nonspam: Whitelist

--==============10536534=> Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

The attached message was received as a bounce, but either the bounce
format was not recognized, or no member addresses could be extracted
from it. This mailing list has been configured to send all
unrecognized bounce messages to the list administrator(s).

For more information see:
http://ascls-lists.org/mailman/admin/ascls-sd-members_ascls-lists.org/bounce



--==============10536534=> Content-Type: message/rfc822
MIME-Version: 1.0

Received: from [88.241.214.209] (helo=dsl88.241-54993.ttnet.net.tr)
by frodo.clshost.com with esmtp (Exim 4.69)
(envelope-from <auh at eastern-marine.com>) id 1KgKBD-0004X8-ET
for ascls-sd-members-bounces at ascls-lists.org;
Thu, 18 Sep 2008 08:08:39 -0600
Message-ID: <41363.vortigern at chungen>
Date: Thu, 18 Sep 2008 12:20:44 +0000
From: "christof suvendu" <auh at eastern-marine.com>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: <ascls-sd-members-bounces at ascls-lists.org>
Subject: Why is your love life such a disaster? 1
Content-Type: multipart/alternative;
boundary="=_lOWyABl8u1FaKt"
X-WhitelistedRCPT-nohdrfromcallback: Yes

This is a multi-part message in MIME format.

Thanks,

J.R. Constance

Search Discussions

  • Stephen J. Turnbull at Sep 19, 2008 at 1:58 am
    J.R. Constance writes:
    Is there any way to filter these emails sent to the bounce address so
    that if they are spam they just get discarded.
    Procmail, ClamAV, etc. You should be running such filters on all
    received mail. If you can't reconfigure the MTA to do this for some
    reason, the admin can usually run procmail through his/her .forward
    file.
  • J.R. Constance at Oct 4, 2008 at 2:58 pm
    OK, I have looked at the FAQ and other resources and as technically
    proficient as I like to think I am I cannot for the life of me figure
    out how to configure this in my environment.

    Is there anyone out there who would be willing to assist me with
    figuring out how to set this up?

    Apache Linux.
    Mailman 2.1.9.cp2 (cPanel 11.23.6)

    If anyone has any experience with getting this set up in a cPanel
    environment I'd appreciate any help you're willing to offer.

    Thanks,

    J.R.

    J.R. Constance



    On Sep 18, 2008, at 7:58 PM, Stephen J. Turnbull wrote:

    J.R. Constance writes:
    Is there any way to filter these emails sent to the bounce address so
    that if they are spam they just get discarded.
    Procmail, ClamAV, etc. You should be running such filters on all
    received mail. If you can't reconfigure the MTA to do this for some
    reason, the admin can usually run procmail through his/her .forward
    file.
  • Mark Sapiro at Oct 4, 2008 at 3:16 pm

    J.R. Constance wrote:
    Is there anyone out there who would be willing to assist me with
    figuring out how to set this up?

    Apache Linux.
    Mailman 2.1.9.cp2 (cPanel 11.23.6)

    If anyone has any experience with getting this set up in a cPanel
    environment I'd appreciate any help you're willing to offer.
    On Sep 18, 2008, at 7:58 PM, Stephen J. Turnbull wrote:

    J.R. Constance writes:
    Is there any way to filter these emails sent to the bounce address so
    that if they are spam they just get discarded.
    Procmail, ClamAV, etc. You should be running such filters on all
    received mail. If you can't reconfigure the MTA to do this for some
    reason, the admin can usually run procmail through his/her .forward
    file.

    You want to run spamassassin and ClamAV or equivalents or possibly
    MailScanner on incoming mail. You set this up in the MTA (exim on
    cPanel ?). You possibly set this up in the MTA directly or by having
    the MTA invoke Procmail to deliver the mail and using Procmail recipes
    to scan the mail for spam/viruses.

    This all happens before Mailman and is a cPanel/MTA question, not a
    Mailman question.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedSep 18, '08 at 3:08p
activeOct 4, '08 at 3:16p
posts4
users3
websitelist.org

People

Translate

site design / logo © 2022 Grokbase