FAQ
I have a list that started getting a lot of spam from a particular
address. Most of them get sent to moderation because of "Too many
recipients" and they are easily dealt with.

The address in question was an alternate address for one member and
after speaking with him, we decided it would be OK to take the address
off the list completely. I have done so but continue to receive spam
from that address. The list has generic_nonmember_action set to discard
but the messages continue to come in, although they still mostly go to
moderation rather than the list. But I don't see how they are getting
there. I tried adding the address to discard_these_nonmembers but that,
too, seems to have no effect.

Looking at the header of one of the message, however, and I see that
although they show up as From that single banned address, there are
multiple addresses in the From field. At least one other of the
addresses is a valid list address. I assume that as long as at least one
From address is valid, mailman will let it through the gate. Is that
right? Should there be some setting to only let in mail with a single
From address? I can't see any reason to allow multiple From values. Or
possibly a setting that says "all From addresses must be on the list".

Or am I missing something?

--
Henry

Search Discussions

  • Mark Sapiro at May 2, 2011 at 3:05 pm

    Henry Hartley wrote:
    Looking at the header of one of the message, however, and I see that
    although they show up as From that single banned address, there are
    multiple addresses in the From field. At least one other of the
    addresses is a valid list address. I assume that as long as at least one
    From address is valid, mailman will let it through the gate. Is that
    right?

    Yes, that is correct. Mailman considers a post to be from a member if
    an address in any place defined in SENDER_HEADERS is a list member.
    The default setting is

    SENDER_HEADERS = ('from', None, 'reply-to', 'sender')

    Which means that if any of the From: header, the envelope sender, the
    Reply-To: header or the Sender: header contains a member address, the
    post is considered to be from that member.

    Should there be some setting to only let in mail with a single
    From address? I can't see any reason to allow multiple From values.

    The message standards (RFC 822, RFC 2822 and RFC 5322) allow multiple
    addresses in From: headers.

    Or
    possibly a setting that says "all From addresses must be on the list".

    Perhaps that would be useful, but it doesn't currently exist.


    If this is your Mailman installation, you could try putting

    SENDER_HEADERS = (None,)

    in mm_cfg.py. This would say that the post is considered to be from a
    member only if the envelope sender is a member.

    This could potentially block legitimate mail From: a member with a
    non-member envelope sender, e.g. if user at example.com is a member and
    the message is From: user at example.com, but the envelope is from
    user at mail.example.com or users_alter_ego at example.com, but I suspect it
    might actually work OK, but you would need to set
    generic_nonmember_action to Hold or Reject rather than Discard, at
    least initially, to find the cases in which it doesn't work.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Henry Hartley at May 2, 2011 at 4:45 pm

    On 5/2/2011 11:05 AM, Mark Sapiro wrote:
    Henry Hartley wrote:
    possibly a setting that says "all From addresses must be on the list".
    Perhaps that would be useful, but it doesn't currently exist.
    Or at the least something that says if a specifically banned address is
    in the From field, then don't allow it. That might be simpler to
    impliment, and is more likely to always be the right thing to do.
    If this is your Mailman installation, you could try putting

    SENDER_HEADERS = (None,)

    in mm_cfg.py. This would say that the post is considered to be from a
    member only if the envelope sender is a member.
    I've done this. Thanks for the suggestion. I'll report back if that
    doesn't solve the problem but it seems like it should. It occurs to me
    that this is site-wide, however. Is that right? I have a half dozen
    lists so now does this apply to all of them? They are all small and it's
    probably OK, but I should know.

    --
    Henry
  • Mark Sapiro at May 2, 2011 at 8:52 pm

    On 5/2/11 9:45 AM, Henry Hartley wrote:
    On 5/2/2011 11:05 AM, Mark Sapiro wrote:
    Henry Hartley wrote:
    possibly a setting that says "all From addresses must be on the list".
    Perhaps that would be useful, but it doesn't currently exist.
    Or at the least something that says if a specifically banned address is
    in the From field, then don't allow it. That might be simpler to
    impliment, and is more likely to always be the right thing to do.

    Actually, while standards allow multiple addresses in From:, I can see
    that they would be rare to non-existent in legitimate list posts.
    Possibly a hold along the lines of "Post contains multiple From:
    addresses.", either unconditional or enabled by a list setting would be
    a good thing.

    If this is your Mailman installation, you could try putting

    SENDER_HEADERS = (None,)

    in mm_cfg.py. This would say that the post is considered to be from a
    member only if the envelope sender is a member.
    I've done this. Thanks for the suggestion. I'll report back if that
    doesn't solve the problem but it seems like it should. It occurs to me
    that this is site-wide, however. Is that right? I have a half dozen
    lists so now does this apply to all of them? They are all small and it's
    probably OK, but I should know.

    Yes, this is a global setting and affects all lists.

    My impression is that this will be pretty safe in most environments,
    i.e. most MUA's mail submission processes seem to set the envelope
    sender to the same address as From:, but there may be cases where this
    isn't true for legitimate list mail. I suspect if there are legitimate
    posts From: a list member with a non-member envelope sender, that the
    sender would be able to "fix" it.

    --
    Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
    San Francisco Bay Area, California Better use your sense - B. Dylan
  • 菊地時夫 at May 3, 2011 at 12:39 am
    Hi,

    (11/05/02 20:50), Henry Hartley wrote:
    Looking at the header of one of the message, however, and I see that
    although they show up as From that single banned address, there are
    multiple addresses in the From field. At least one other of the
    addresses is a valid list address.
    How about putting that spam address in header_filter_rules in
    private/spam interface and set it 'discard'.

    Spam filter regex might be look like:

    from:.*spammer at example\.com

    Cheers,
    --
    Tokio Kikuchi, tokio.kikuchi at gmail.com
  • Stephen J. Turnbull at May 3, 2011 at 2:50 am
    ???? writes:
    How about putting that spam address in header_filter_rules in
    private/spam interface and set it 'discard'.
    He's already doing that, with an address that the user has abandoned.
    The new problem address is "legitimate", which I presume means a list
    member.
  • 菊地時夫 at May 3, 2011 at 4:38 am

    (11/05/03 11:50), Stephen J. Turnbull wrote:
    ???? writes:
    How about putting that spam address in header_filter_rules in
    private/spam interface and set it 'discard'.
    He's already doing that, with an address that the user has abandoned.
    The new problem address is "legitimate", which I presume means a list
    member.
    No. He put the address in discard_these_nonmembers on the
    private/sender page but not have mentioned the private/spam settings.

    I believe if you set the spam address in header_filter_rules of
    privacy/spam page, the message should be discarded even if other
    legitimate addresses are listed in from header.

    If you can't find header_filter_rules in private/spam interface, its
    time to upgrade your mailman installation. It was 2006 when I
    introduced this function in SpamDetect.py (mailman-2.1.8).

    --
    Tokio Kikuchi, tokio.kikuchi at gmail.com
  • Stephen J. Turnbull at May 3, 2011 at 5:17 am
    ???? writes:
    No. He put the address in discard_these_nonmembers on the
    private/sender page but not have mentioned the private/spam settings. >
    I believe if you set the spam address in header_filter_rules of
    privacy/spam page, the message should be discarded even if other
    legitimate addresses are listed in from header.
    Ah, OK. He still should consider setting it to 'hold' for a trial
    period; the risk of accidentally discarding a real post is pretty high
    here IMO. But that's something he can judge better than we can.
  • Henry Hartley at May 3, 2011 at 1:11 pm

    On 5/3/2011 1:17 AM, Stephen J. Turnbull wrote:
    ???? writes:
    No. He put the address in discard_these_nonmembers on the
    private/sender page but not have mentioned the private/spam settings.

    I believe if you set the spam address in header_filter_rules of
    privacy/spam page, the message should be discarded even if other
    legitimate addresses are listed in from header.
    Ah, OK. He still should consider setting it to 'hold' for a trial
    period; the risk of accidentally discarding a real post is pretty high
    here IMO. But that's something he can judge better than we can.
    Yes, putting a regular expression in header_filter_rules seems like a
    good solution. As Mr. Turnbull suggests, I set that rule to Hold for
    now, to see if it catches anything unintended. But this has the
    advantage of being list specific, rather than affecting all lists. Any
    mail that has the non-allowed address anywhere in the from field should
    be deleted. The user has said that he does not (ever) send mail from
    that address so it should not be a problem. Thanks, both of you, for
    your help.

    I suppose I should have said, this is mailman 2.1.9 on CentOS 5.

    --
    Henry

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedMay 2, '11 at 11:50a
activeMay 3, '11 at 1:11p
posts9
users4
websitelist.org

People

Translate

site design / logo © 2022 Grokbase