[Systems] Spam spike for list owners (sample header attached)

Samuel Cantero scanterog at gmail.com
Tue Sep 5 10:15:17 EDT 2017

Previous message (by thread): [Systems] Spam spike for list owners (sample header attached)
Next message (by thread): [Systems] Spam spike for list owners (sample header attached)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks a lot guys!

It seems we still have some spam that can't be catched easily by
spamassassin. I find some of them in systems at .


*X-Spam-Status: No, score=1.3 required=3.5 tests=HTML_MESSAGE,RDNS_NONE,
SPF_HELO_PASS,SPF_PASS,T_REMOTE_IMAGE *

*X-Spam-Status: No, score=3.0 required=3.5 tests=RDNS_NONE,SPF_HELO_PASS,
SPF_PASS,URIBL_BLACK*

Yes, the score is low...


On Tue, Sep 5, 2017 at 1:07 AM, Sebastian Silva <sebastian at fuentelibre.org>
wrote:

> Thanks Bernie for following up and pledging to continue your leadership
> in this regard.
>
> My email-fu is also out of date, but count on me for help.
>
> Regards,
> Sebastian
>
>
> On 05/09/17 00:02, Bernie Innocenti wrote:
> > On 09/04/2017 09:26 AM, Sebastian Silva wrote:
> >> I'm not aware of how sunjammer treats mail. Bernie, did you set this up
> >> originally?
> > Yes. We use Postfix + spamass-milter with a bunch of RBLs and other
> rules.
> >
> > The reason we're seeing mail with "X-Spam-Flag: YES" in mailman was that
> > there are two distinct thresholds: the one in /etc/spamassassin/local.cf
> > causes mail to be flagged as spam when it reaches the score 3.5. This
> > doesn't cause the mail to be rejected at SMTP time, just flagged so that
> > local delivery rules can move it to a spam folder where users can still
> > find it in case it was misclassified.
> >
> > Mailman doesn't have any knowledge of the SpamAssassin headers, but
> > there are per-list spam filtering rules. Looks like the "X-Spam-Flag:
> > YES" rule was not present on sugar-devel (it's present on systems@ and
> > other lists). So I just configured it to silently discard spam. You can
> > change it here:
> >
> >   http://lists.sugarlabs.org/admin/sugar-devel/privacy/spam
> >
> >
> > There's also a second threshold, which was conservatively set to 8.0,
> > which is used by spamass-milter to refuse incoming mail with a permanent
> > error to the sender. The email in question had a score of 7.7, so it
> > didn't make the cut. I lowered the threshold to 6, which should be safe
> > enough.
> >
> >
> >> Maintaining mailservers is often time consuming and frustrating because
> >> of spam.
> > Indeed :-(
> >
> > Even using with a well configured SpamAssassin, with DKIM and RBLs,
> > there is way too much spam that makes it through. The only way to filter
> > spam effectively is to rely on signals from a massive number of users to
> > train an advanced spam classifier (and SpamAssassin is an ancient
> > codebase mostly based on manually crafted rules).
> >
> >
> >> I don't even fully understand what James said (does gmail consider this
> >> spam as originating from SL?).
> >>
> >> Perhaps we should disable mail processing altogether if no sysadmin can
> >> manage it.
> >>
> >> While I am in infrastructure team, mail is just too time consuming to
> >> configure for me.
> >>
> >> If there's no other volunteer I can look into scaling our mail services
> >> down to just mailing lists.
> > My experience administering email is 6 years out of date, but I can
> > pledge to keep the current system running until we switch to mailman3
> > which (hopefully?) has a modern, well thought way to deal with spam.
> >
> > There shouldn't be much to do for the forwarding email addresses, since
> > spam filtering belongs in the receiving endpoint.
> >
> > The other thing that can get tricky is ensuring reliable delivery on IPs
> > that can be used to send out occasional spam (from local email accounts
> > or web apps). This is why we're not encouraging hosted email accounts on
> > sunjammer.
> >
> >
> >> Regards,
> >>
> >> Sebastian
> >>
> >>
> >> On 03/09/17 17:14, James Cameron wrote:
> >>> This will do significant reputational damage to Sugar Labs mail
> >>> domain, identifying the mailman instance as an open relay, making the
> >>> upcoming election harder to run.
> >>>
> >>> About a thousand messages so far.  I'm intercepting with procmail.
> >>>
> >>> Each has UTF 6616c.com in subject, with remainder of subject and body
> >>> text in Chinese.  6616c.com is an alias for 006cc.com, which looks to
> >>> be gambling focused.
> >>>
> >>
> >> _______________________________________________
> >> Systems mailing list
> >> Systems at lists.sugarlabs.org
> >> http://lists.sugarlabs.org/listinfo/systems
> >>
>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20170905/8c1b9f86/attachment.html>

Previous message (by thread): [Systems] Spam spike for list owners (sample header attached)
Next message (by thread): [Systems] Spam spike for list owners (sample header attached)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list