[Systems] Spam spike for list owners (sample header attached)

James Cameron quozl at laptop.org
Fri Sep 1 15:27:43 EDT 2017


As I'm seeing the same headers as Sebastian, on the same list owner
alias, the rejection must be incomplete.

On Fri, Sep 01, 2017 at 10:24:29AM -0400, Bernie Innocenti wrote:
> I think we reject spam even before mailman gets to see it. Check if it's actually working
> 
> On September 1, 2017 9:32:49 AM EDT, Sebastian Silva <sebastian at fuentelibre.org> wrote:
> >I'm getting one of these every few minutes for several hours now.
> >
> >Do you know if we could filter `X-Spam-Level: *******` messages to list
> >owners?
> >
> >Delivered-To: sebastian at fuentelibre.org
> >Received: by 10.31.138.69 with SMTP id m66csp957032vkd;
> >        Fri, 1 Sep 2017 06:02:29 -0700 (PDT)
> >X-Google-Smtp-Source:
> >ADKCNb6oWRiyxZUthqoYZt3wOfQ3iAcv304b/cGe+UeQVvrZjhJwq7dXRCRnJHugAPnVlEXcGiVW
> >X-Received: by 10.200.22.34 with SMTP id
> >p31mr2628703qtj.310.1504270949456;
> >        Fri, 01 Sep 2017 06:02:29 -0700 (PDT)
> >ARC-Seal: i=1; a=rsa-sha256; t=1504270949; cv=none;
> >        d=google.com; s=arc-20160816;
> >   b=mHynEf4QKZQk3lEyU2sDbc0OfPBGdhNI9d2RvNk29nP1xqL0YliGmboiVVjipH/xMW
> >   qJJzcLcSq5aeKr5TJ5QJT7sQJJr7SnmZq56NQa3758nqv3yierCIisVnoejef+VhEQVd
> >   /yxrCjLPzepOFCIlyyLY04WvVlaHnRgbcod67MTTnJ42MoTFByYBEK+PSRQcLNmA9+Og
> >   +r0E/DEdj/K2j8m+iAdIDhE9pvTLGxV5EUSOaP5hVFwdLhiwgFuAFTQ6ZLQDFTF69k1/
> >   x6Q68x0yWFlm0WJsvsG3P/KgBLwJryuCT1horg+gXJ5wtRbVcYHJu2IaijQVVkE2knlW
> >         GOWA==
> >ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
> >d=google.com; s=arc-20160816;
> >        h=sender:errors-to:from:to:subject:message-id:date:mime-version
> >         :delivered-to:arc-authentication-results;
> >        bh=i2de/C2GErF09DjfjZ/J/eyNjRXvN3KiLtBS4knLuDE=;
> >   b=COUuvU+VrjFe01CLW0yVMzdciY5EgyStyxyZbTziHVCsnmjXv4WMbWYLoSSEdjolgh
> >   k7DJXffxnZ0niVIh3zoabCYM4mSbc0e3DYdBJGAqppj5wOQs53JKs5iDxrGd2XtAe5qi
> >   S4uYpp6+g21NiNCsDoUxUmdSSQGZGUVmm2+o9xHbRCMV+umhFAvw4wOGX0saAEX633hB
> >   IGzh3/B7YhmNkku3Vlesi+eHKYXAetnNXsADO2Fkcr55EXaT7JioToUN23kjUGd6Eomm
> >   rPM3asJGsxYu0egQvmRfWS+G66XbIMzQMRLypsNDrnkPWxmCIMUzmANrQzmoCBW5MBjD
> >         05jw==
> >ARC-Authentication-Results: i=1; mx.google.com;
> >spf=pass (google.com: domain of mailman-bounces at lists.sugarlabs.org
> >designates 208.118.235.53 as permitted sender)
> >smtp.mailfrom=mailman-bounces at lists.sugarlabs.org;
> >       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=qq.com
> >Return-Path: <mailman-bounces at lists.sugarlabs.org>
> >Received: from sunjammer.sugarlabs.org (sunjammer.sugarlabs.org.
> >[208.118.235.53])
> >by mx.google.com with ESMTP id
> >a129si10097287qkf.434.2017.09.01.06.02.29
> >        for <sebastian at fuentelibre.org>;
> >        Fri, 01 Sep 2017 06:02:29 -0700 (PDT)
> >Received-SPF: pass (google.com: domain of
> >mailman-bounces at lists.sugarlabs.org designates 208.118.235.53 as
> >permitted sender) client-ip=208.118.235.53;
> >Authentication-Results: mx.google.com;
> >spf=pass (google.com: domain of mailman-bounces at lists.sugarlabs.org
> >designates 208.118.235.53 as permitted sender)
> >smtp.mailfrom=mailman-bounces at lists.sugarlabs.org;
> >       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=qq.com
> >Received: by sunjammer.sugarlabs.org (Postfix)
> >	id 4DFAF120C6F; Fri,  1 Sep 2017 09:02:28 -0400 (EDT)
> >Delivered-To: icarito at sugarlabs.org
> >Received: from sunjammer.sugarlabs.org (localhost [127.0.0.1])
> >	by sunjammer.sugarlabs.org (Postfix) with ESMTP id 45C461209E7;
> >	Fri,  1 Sep 2017 09:02:28 -0400 (EDT)
> >Received: from wdpa.org.tw (unknown [180.118.2.105])
> > by sunjammer.sugarlabs.org (Postfix) with ESMTP id E0F231209E7
> > for <sugar-devel-owner at lists.sugarlabs.org>;
> > Fri,  1 Sep 2017 09:02:23 -0400 (EDT)
> >MIME-Version: 1.0
> >Date: Fri, 01 Sep 2017 21:02:05 +0800
> >Message-ID: <857db7965c70b6a5 at bb4016527c799541>
> >Subject:
> >=?utf-8?Q?=E6=9C=8B=E5=8F=8B=E5=8A=A0=E7=BE=8E=E5=A5=B3924555777=E5=B2=AD=E5=A8=B628-=E7=B6=B5=E9=87=91=EF=BC=886616c=E5=B7=85co?=
> > =?utf-8?Q?m=EF=BC=89?=
> >To: sugar-devel-owner at lists.sugarlabs.org
> >Received: from wdpa.org.tw (unknown (60.117.14.235])
> > by wdpa.org.tw with SMTP id 6a9d2826-a05c-4147-a201-1b2287d4d3df;
> >for <sugar-devel-owner at lists.sugarlabs.org>;Fri, 01 Sep 2017 21:02:06
> >+08:00
> >From: =?utf-8?Q?=E6=A2=81=E8=B4=B5=E7=9C=89?= <71534485 at qq.com>
> >Content-Type: multipart/alternative;
> > boundary="d4c63b9d-5c4f-4358-8462-9faf7880e7bf"
> >X-Spam-Flag: YES
> >X-Spam-Status: Yes, score=7.7 required=3.5
> >tests=FREEMAIL_ENVFROM_END_DIGIT,
> > FREEMAIL_FROM,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,
> >MIME_HTML_ONLY_MULTI,MSGID_FROM_MTA_HEADER,RCVD_IN_PBL,RDNS_NONE,SPF_FAIL,
> > UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.1
> >X-Spam-Report: *  3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus
> >PBL
> > *      [180.118.2.105 listed in zen.spamhaus.org]
> >*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
> >provider
> > *      (71534485[at]qq.com)
> >*  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
> >in
> > *      digit (71534485[at]qq.com)
> > *  0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
> > *      [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
> > id=71534485%40qq.com; ip=180.118.2.105; r=sunjammer.sugarlabs.org]
> > *  1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> > *  0.0 HTML_MESSAGE BODY: HTML included in message
> >*  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
> >lines
> >*  0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
> >parts
> >*  0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
> >tag
> > *  1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
> > *  0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
> >X-Spam-Level: *******
> >X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
> > sunjammer.sugarlabs.org
> >Errors-To: mailman-bounces at lists.sugarlabs.org
> >Sender: "Sugar-devel" <mailman-bounces at lists.sugarlabs.org>
> >
> >--d4c63b9d-5c4f-4358-8462-9faf7880e7bf
> >Content-Type: text/html;
> >	charset="utf-8"
> >Content-Transfer-Encoding: quoted-printable
> >
> >=e4=bb=96=e5=95=8a=ef=bc=8c=e6=98=af=e4=b8=8d=e6=98=af=e5=b0=b1=e6=98=af=e9=
> >=82=a3=e4=b8=aa=e5=9c=a8=e5=ad=a6=e9=99=a2=e5=ad=a6=e4=b9=a0=e4=ba=86=e4=b8=
> >=a4=e5=b9=b4=e5=a4=9a
> >--d4c63b9d-5c4f-4358-8462-9faf7880e7bf--
> >
> >
> >_______________________________________________
> >Systems mailing list
> >Systems at lists.sugarlabs.org
> >http://lists.sugarlabs.org/listinfo/systems
> 
> -- 
> ベルニー
> Sent from my Android device with K-9 Mail.
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems

-- 
James Cameron
http://quozl.netrek.org/


More information about the Systems mailing list