[Systems] Spam spike for list owners (sample header attached)

Bernie Innocenti bernie at codewiz.org
Tue Sep 5 01:02:39 EDT 2017


On 09/04/2017 09:26 AM, Sebastian Silva wrote:
> I'm not aware of how sunjammer treats mail. Bernie, did you set this up
> originally?

Yes. We use Postfix + spamass-milter with a bunch of RBLs and other rules.

The reason we're seeing mail with "X-Spam-Flag: YES" in mailman was that
there are two distinct thresholds: the one in /etc/spamassassin/local.cf
causes mail to be flagged as spam when it reaches the score 3.5. This
doesn't cause the mail to be rejected at SMTP time, just flagged so that
local delivery rules can move it to a spam folder where users can still
find it in case it was misclassified.

Mailman doesn't have any knowledge of the SpamAssassin headers, but
there are per-list spam filtering rules. Looks like the "X-Spam-Flag:
YES" rule was not present on sugar-devel (it's present on systems@ and
other lists). So I just configured it to silently discard spam. You can
change it here:

  http://lists.sugarlabs.org/admin/sugar-devel/privacy/spam


There's also a second threshold, which was conservatively set to 8.0,
which is used by spamass-milter to refuse incoming mail with a permanent
error to the sender. The email in question had a score of 7.7, so it
didn't make the cut. I lowered the threshold to 6, which should be safe
enough.


> Maintaining mailservers is often time consuming and frustrating because
> of spam.

Indeed :-(

Even using with a well configured SpamAssassin, with DKIM and RBLs,
there is way too much spam that makes it through. The only way to filter
spam effectively is to rely on signals from a massive number of users to
train an advanced spam classifier (and SpamAssassin is an ancient
codebase mostly based on manually crafted rules).


> I don't even fully understand what James said (does gmail consider this
> spam as originating from SL?).
> 
> Perhaps we should disable mail processing altogether if no sysadmin can
> manage it.
>
> While I am in infrastructure team, mail is just too time consuming to
> configure for me.
> 
> If there's no other volunteer I can look into scaling our mail services
> down to just mailing lists.

My experience administering email is 6 years out of date, but I can
pledge to keep the current system running until we switch to mailman3
which (hopefully?) has a modern, well thought way to deal with spam.

There shouldn't be much to do for the forwarding email addresses, since
spam filtering belongs in the receiving endpoint.

The other thing that can get tricky is ensuring reliable delivery on IPs
that can be used to send out occasional spam (from local email accounts
or web apps). This is why we're not encouraging hosted email accounts on
sunjammer.


> Regards,
> 
> Sebastian
> 
> 
> On 03/09/17 17:14, James Cameron wrote:
>> This will do significant reputational damage to Sugar Labs mail
>> domain, identifying the mailman instance as an open relay, making the
>> upcoming election harder to run.
>>
>> About a thousand messages so far.  I'm intercepting with procmail.
>>
>> Each has UTF 6616c.com in subject, with remainder of subject and body
>> text in Chinese.  6616c.com is an alias for 006cc.com, which looks to
>> be gambling focused.
>>
> 
> 
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
> 



More information about the Systems mailing list