Opened 8 years ago

Closed 6 years ago

#1778 closed task (fixed)

Spam to mailing list -owner addresses

Reported by: jsanz Owned by: sac@…
Priority: normal Milestone:
Component: SysAdmin Keywords: mailman, spam
Cc: rafroset@…



Not sure if there's anything that can be done but an admin of one of our lists has noted me that he's been receiving some spam from the address.

I'm admin of quite a lot of lists and I receive also some spam. My only concern is that for some reason my client (gmail) almost always fail to detect them so I have to remove it manually. You know, normally GMail is quite good detecting spam but for some reason these mails look legit.

There's any way to prevent this spam to be filtered? I mean without filtering all e-mails sent to the owner of course.


Change History (10)

comment:1 by astrid_emde, 6 years ago

Hello, same happens with announce-owner@… and mapbender_dev-owner@…

I get many mails from 1192302386@…

comment:2 by EliL, 6 years ago

Some mail associated with being a list owner is in a technical sense not spam and should not be classified as spam. The content is certainly spam.

As a list owner, I get a lot of "Uncaught bounce notification" from people trying to spam the list but they are not subscribed. The email is actually sent by "mailman-bounces@…" and is a valid, legitimate email from OSGeo.

comment:3 by Jeff McKenna, 6 years ago

As Jorge and Astrid have mentioned, I also get spam from (at) domain constantly now (at least once a day, as I am the list owner of so many OSGeo mailing lists). The subject is always written in Chinese letters such as the latest email "Are you tired?..." from the address 2811743208@…

Unfortunately I am not sure if we can handle this. Annoying for sure.


PS. yes I am tired, ha.

comment:4 by Jeff McKenna, 6 years ago

Actually I remember email problems before: checked and this was handled through ticket# 2001 last year: " gets rejected in postfix now."

Will re-open that ticket.

comment:5 by Jeff McKenna, 6 years ago

more info from the headers of one of the many spams received today, showing how OSGeo postfix processes it:

from (localhost []) by (Postfix) with ESMTP id 23FB8605B830 for <>; Tue,  5 Jun 2018 10:12:28 -0700 (PDT)

from (unknown []) by (Postfix) with SMTP id CC8D960650B2 for <>; Tue,  5 Jun 2018 10:12:24 -0700 (PDT)

from (unknown (]) by with SMTP id e2ef1992-d623-451a-a68c-94630c9eefdc; for <>;Wed, 06 Jun 2018 01:12:34 +08:00

comment:7 by Jeff McKenna, 6 years ago

I've examined the logs closely and spent my whole day on this. (funding, anyone?)

The original issue reported in this ticket (spam from domain) still exists.

  • Typical log message today showing successful emails sent to our list owners from the domain:
Jun 18 11:08:51 osgeo6 postfix/qmgr[23549]: 173A7600C6B7: from=<>, size=956, nrcpt=1 (queue active)
Jun 18 11:08:51 osgeo6 postfix/pipe[24762]: 173A7600C6B7: to=<>, relay=mailman, delay=0.69, delays=0.54/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailman service)
  • So I examined our postfix config files.
  • /etc/postfix/access contains: REJECT
  • so something wasn't right, because the domain is not being rejected
  • I noticed that the config file /etc/postfix/ was missing the important line:
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
  • restarted service
  • logs say that now REJECTS the domain:
    Jun 18 11:35:04 osgeo6 postfix/smtpd[17873]: NOQUEUE: reject: RCPT from unknown[]: 554 5.7.1 <>: Sender address rejected: Access denied; from=<> to=<> proto=SMTP helo=<>
  • but that slows the queue as postfix tries to send a rejection email to a broken sender. So updated the access file to DISCARD instead, when allows postfix to crunch faster:
    Jun 18 11:40:23 osgeo6 postfix/smtpd[20305]: NOQUEUE: discard: RCPT from unknown[]: <>: Sender address triggers DISCARD action; from=<> to=<> proto=SMTP helo=<>

I am watching the logs being processed now. I hope this change helps!!!

Last edited 6 years ago by Jeff McKenna (previous) (diff)

comment:8 by Jeff McKenna, 6 years ago

I also have removed all requests from the queue.

comment:9 by Jeff McKenna, 6 years ago

it's crunching away now!!!

comment:10 by Jeff McKenna, 6 years ago

Resolution: fixed
Status: newclosed

Marking as fixed. (if you get more spam from domain let me know)

Note: See TracTickets for help on using tickets.