Opened 8 years ago
Closed 7 years ago
#1778 closed task (fixed)
Spam to mailing list -owner addresses
Reported by: | jsanz | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | SysAdmin | Keywords: | mailman, spam |
Cc: | rafroset@… |
Description
Hi SAC,
Not sure if there's anything that can be done but an admin of one of our lists has noted me that he's been receiving some spam from the list-owner@lists.osgeo.org
address.
I'm admin of quite a lot of lists and I receive also some spam. My only concern is that for some reason my client (gmail) almost always fail to detect them so I have to remove it manually. You know, normally GMail is quite good detecting spam but for some reason these mails look legit.
There's any way to prevent this spam to be filtered? I mean without filtering all e-mails sent to the owner of course.
Cheers!
Change History (10)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Some mail associated with being a list owner is in a technical sense not spam and should not be classified as spam. The content is certainly spam.
As a list owner, I get a lot of "Uncaught bounce notification" from people trying to spam the list but they are not subscribed. The email is actually sent by "mailman-bounces@…" and is a valid, legitimate email from OSGeo.
comment:3 by , 7 years ago
As Jorge and Astrid have mentioned, I also get spam from (at)qq.com domain constantly now (at least once a day, as I am the list owner of so many OSGeo mailing lists). The subject is always written in Chinese letters such as the latest email "Are you tired?..." from the address 2811743208@…
Unfortunately I am not sure if we can handle this. Annoying for sure.
-jeff
PS. yes I am tired, ha.
comment:4 by , 7 years ago
Actually I remember qq.com email problems before: checked and this was handled through ticket# 2001 last year: "@qq.com gets rejected in postfix now." https://trac.osgeo.org/osgeo/ticket/2001#comment:28
Will re-open that ticket.
comment:5 by , 7 years ago
more info from the headers of one of the many @qq.com spams received today, showing how OSGeo postfix processes it:
from osgeo6.osgeo.osuosl.org (localhost [127.0.0.1]) by lists.osgeo.org (Postfix) with ESMTP id 23FB8605B830 for <jmckenna@gatewaygeomatics.com>; Tue, 5 Jun 2018 10:12:28 -0700 (PDT) from plasticscrap.us (unknown [123.8.242.201]) by lists.osgeo.org (Postfix) with SMTP id CC8D960650B2 for <atlanticcanada-owner@lists.osgeo.org>; Tue, 5 Jun 2018 10:12:24 -0700 (PDT) from plasticscrap.us (unknown (96.164.231.142]) by plasticscrap.us with SMTP id e2ef1992-d623-451a-a68c-94630c9eefdc; for <2498073052@qq.com>;Wed, 06 Jun 2018 01:12:34 +08:00 }}
comment:6 by , 7 years ago
I notice a spike in queued emails recently on the OSGeo email server, which I think has to do with these @qq.com spam messages : http://webextra.osgeo.osuosl.org/munin/static/dynazoom.html?plugin_name=osgeo.org%2Fosgeo6.osgeo.org%2Fpostfix_mailqueue&start_iso8601=2018-05-01T06%3A26%3A12-0300&stop_iso8601=2018-06-18T12%3A26%3A12-0300&start_epoch=1525166772&stop_epoch=1529335572&lower_limit=&upper_limit=&size_x=800&size_y=400&cgiurl_graph=%2Fmunin-cgi%2Fmunin-cgi-graph
comment:7 by , 7 years ago
I've examined the logs closely and spent my whole day on this. (funding, anyone?)
The original issue reported in this ticket (spam from qq.com domain) still exists.
- Typical log message today showing successful emails sent to our list owners from the qq.com domain:
Jun 18 11:08:51 osgeo6 postfix/qmgr[23549]: 173A7600C6B7: from=<123725849@qq.com>, size=956, nrcpt=1 (queue active) Jun 18 11:08:51 osgeo6 postfix/pipe[24762]: 173A7600C6B7: to=<mapguide-internals-owner@lists.osgeo.org>, relay=mailman, delay=0.69, delays=0.54/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailman service)
- So I examined our postfix config files.
- /etc/postfix/access contains: qq.com REJECT
- so something wasn't right, because the qq.com domain is not being rejected
- I noticed that the config file /etc/postfix/main.cf was missing the important line:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
- restarted service
- logs say that qq.com now REJECTS the qq.com domain:
Jun 18 11:35:04 osgeo6 postfix/smtpd[17873]: NOQUEUE: reject: RCPT from unknown[114.228.74.19]: 554 5.7.1 <676479210@qq.com>: Sender address rejected: Access denied; from=<676479210@qq.com> to=<discuss-bounces@lists.osgeo.org> proto=SMTP helo=<mail.tofine.com>
- but that slows the queue as postfix tries to send a rejection email to a broken qq.com sender. So updated the access file to DISCARD instead, when allows postfix to crunch faster:
Jun 18 11:40:23 osgeo6 postfix/smtpd[20305]: NOQUEUE: discard: RCPT from unknown[125.121.117.70]: <491235343@qq.com>: Sender address triggers DISCARD action; from=<491235343@qq.com> to=<gdal-dev-owner@lists.osgeo.org> proto=SMTP helo=<chinarida.com.cn>
I am watching the logs being processed now. I hope this change helps!!!
comment:10 by , 7 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Marking as fixed. (if you get more spam from qq.com domain let me know)
Hello, same happens with announce-owner@… and mapbender_dev-owner@…
I get many mails from 1192302386@…