[Systems] Spam spike for list owners (sample header attached)

[Sebastian Silva]

Thanks Bernie for following up and pledging to continue your leadership
in this regard.

My email-fu is also out of date, but count on me for help.

Regards,
Sebastian


On 05/09/17 00:02, Bernie Innocenti wrote:
> On 09/04/2017 09:26 AM, Sebastian Silva wrote:
>> I'm not aware of how sunjammer treats mail. Bernie, did you set this up
>> originally?
> Yes. We use Postfix + spamass-milter with a bunch of RBLs and other rules.
>
> The reason we're seeing mail with "X-Spam-Flag: YES" in mailman was that
> there are two distinct thresholds: the one in /etc/spamassassin/local.cf
> causes mail to be flagged as spam when it reaches the score 3.5. This
> doesn't cause the mail to be rejected at SMTP time, just flagged so that
> local delivery rules can move it to a spam folder where users can still
> find it in case it was misclassified.
>
> Mailman doesn't have any knowledge of the SpamAssassin headers, but
> there are per-list spam filtering rules. Looks like the "X-Spam-Flag:
> YES" rule was not present on sugar-devel (it's present on systems@ and
> other lists). So I just configured it to silently discard spam. You can
> change it here:
>
>   http://lists.sugarlabs.org/admin/sugar-devel/privacy/spam
>
>
> There's also a second threshold, which was conservatively set to 8.0,
> which is used by spamass-milter to refuse incoming mail with a permanent
> error to the sender. The email in question had a score of 7.7, so it
> didn't make the cut. I lowered the threshold to 6, which should be safe
> enough.
>
>
>> Maintaining mailservers is often time consuming and frustrating because
>> of spam.
> Indeed :-(
>
> Even using with a well configured SpamAssassin, with DKIM and RBLs,
> there is way too much spam that makes it through. The only way to filter
> spam effectively is to rely on signals from a massive number of users to
> train an advanced spam classifier (and SpamAssassin is an ancient
> codebase mostly based on manually crafted rules).
>
>
>> I don't even fully understand what James said (does gmail consider this
>> spam as originating from SL?).
>>
>> Perhaps we should disable mail processing altogether if no sysadmin can
>> manage it.
>>
>> While I am in infrastructure team, mail is just too time consuming to
>> configure for me.
>>
>> If there's no other volunteer I can look into scaling our mail services
>> down to just mailing lists.
> My experience administering email is 6 years out of date, but I can
> pledge to keep the current system running until we switch to mailman3
> which (hopefully?) has a modern, well thought way to deal with spam.
>
> There shouldn't be much to do for the forwarding email addresses, since
> spam filtering belongs in the receiving endpoint.
>
> The other thing that can get tricky is ensuring reliable delivery on IPs
> that can be used to send out occasional spam (from local email accounts
> or web apps). This is why we're not encouraging hosted email accounts on
> sunjammer.
>
>
>> Regards,
>>
>> Sebastian
>>
>>
>> On 03/09/17 17:14, James Cameron wrote:
>>> This will do significant reputational damage to Sugar Labs mail
>>> domain, identifying the mailman instance as an open relay, making the
>>> upcoming election harder to run.
>>>
>>> About a thousand messages so far.  I'm intercepting with procmail.
>>>
>>> Each has UTF 6616c.com in subject, with remainder of subject and body
>>> text in Chinese.  6616c.com is an alias for 006cc.com, which looks to
>>> be gambling focused.
>>>
>>
>> _______________________________________________
>> Systems mailing list
>> Systems at lists.sugarlabs.org
>> http://lists.sugarlabs.org/listinfo/systems
>>