[Mailman-Users] AV/AS on lists

Sun Mar 13 14:03:48 CET 2011

On Sat, Mar 12, 2011 at 10:02:48PM +0000, Andrew Hodgson wrote:
> Odhiambo Washington wrote:
> >On Sat, Mar 12, 2011 at 20:40, Andrew Hodgson <andrew at hodgsonfamily.org>wrote:
> >> Hi,
> >> What is the best practise for doing AV/AS on lists?  I do strip out 
> >> attachments which works well enough, but we are getting some spam 
> >> messages on the list which point people at dodgy sites etc., usually 
> >> through subscribed addresses which have been hijacked.

Have you tried user-education, and then setting compromized users to 
    (a) moderated,
    (b) removed from list, 
    (c) banned from all of your lists?

I know of a couple of organizations that, having been frustrated with
the inaction of various abuse@ and postmaster@ complaints have just
added several "well known" domains to their ban lists -- and
incorporated the ban list in the new list-creation process.

If there's a batch of senders, it could be worth quarantineing their
mails, and just testing those for nasties, rather than anything else;
or indeed, all mail from a specific domain/MX to your lists.

(I'd do that with senders in a file, and checking that with an Exim ACL.)

> >> I am worried that by installing SpamAssassin on the list that it will 
> >> reject good mail, and be yet another place to look for issues.
> >>
> >You must find a way to use the MTA to do it.

Not necessarily. Whilst it is preferable to tackle "nasties", as early
as possible, it may sometimes be expedient to defer tests for some
cases, to allow, for example, untrusted-user settings to be
considered; of course, with a competent MTA, these things ^could^ be
done early on, too.

> Oh yes I realise that I will need to do the spam management in the
> MTA, I just wondered whether anyone had specific suggestions on the
> best parameters for use with SpamAssassin etc for a list setup?

"Your mail-system, your rules".

My rules are probably entirely unsuitable for a lot of people; I use a
mixture of:

    DNS Blacklists
    Sender verification
    Malware detection
    Filters / Manual whitelists/blacklists

before handling over to SpamAssassin (SA) -- my global policy is to
mainly trust SA, and I discard all mails with a given SpamAssassin
score, worked out from a variety of tests, most of which are in the
standard distribution.

Others may use greylisting; I'm not a fan.

With Mailman mails, I don't use Bayesian filtering, although am aware
some folks do.

I add headers to mails that get through, which Mailman can interpret,
and act accordingly with.

-- 
"What a lot of parties. masked parties, Savage parties ... parties
 where one had to dress as somebody else, almost naked parties in St
 John's Wood, parties in flats and studios and houses and ships and
 hotels and night clubs, in windmills and swimming-baths..."