[Mailman-Users] Preventing spam to list owners

Sun Sep 30 19:54:10 CEST 2007

On Sunday, September 30, 2007, 12:30:44 AM, Gary Spivey wrote:

GS> My lists are locked down to only allow posts from members, so my
GS> members are not getting any [spam]. However, as list owner, every
GS> one of my lists is getting a large amount of [spam] - generally
GS> sent to the listname-owner or to mailman-owner.

I run only a small handful of lists, with anywhere from 20 to 200
members each, and filter out at least 200 spams to the various list
addresses daily by running everything through SpamAssassin via a
small bit of procmail.

I've been doing this for about a year now, and very few spams get
through, resulting in very few messages for a moderator and uncaught
bounce notifications.  Legitimate bounces (e.g. a user submitting
a message from a recently changed email addresses) still occur as
expected & desired.

Wholesale bouncing of list mail to non-subscribers is totally
unacceptable due to the amount of outscatter this will cause. (see
http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam )

It only took one list member from one of the smaller lists (which is
private and not listed anywhere) who had their address book
harvested by a trojan to cause about 50 spam emails a day to that
list alone on an ongoing basis... so hiding the list addresses
doesn't guarantee that they won't eventually leak out and get on the
spam lists.

Aliases file entries and procmail script is below.  I'm currently
tagging list filtered spam and shunting it to a specific folder
which I periodically review and flush, but it could just as easily
be sent to /dev/null.

From the aliases file:

## listname mailing list
listname: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc post listname"
listname-admin: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc admin listname"
listname-bounces: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc bounces listname"
listname-confirm: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc confirm listname"
listname-join: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc join listname"
listname-leave: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc leave listname"
listname-owner: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc owner listname"
listname-request: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc request listname"
listname-subscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc subscribe
listname"
listname-unsubscribe: "| /usr/bin/procmail -m /etc/procmailrcs/mailman.rc unsubscribe
listname"

The mailman.rc file is:

VERBOSE=yes
LOGFILE=/var/log/mailman-procmail.log

MMCOMMAND=$1
MMLIST=$2

:0fw
* < 256000
|/usr/bin/spamc

# Send on to Mailman if not marked as spam
:0 H
* !^X-Spam-Status: Yes
|/var/mailman/mail/mailman $MMCOMMAND $MMLIST

# Otherwise add tag and send to abuse mailbox
:0
* ^Subject:[    ]*\/[^  ].*
{
        SUBJECT=$MATCH
}

# create the new subject token
SUBJECT="[$MMLIST Filtered] $MATCH"

# insert it into the headers
:0hf
| formail -I "Subject: $SUBJECT"

# and forward

:0
! spam

-- 
Best regards,
 Robert Braver
 rbraver at ohww.norman.ok.us