[Mailman-Users] Re: better filtering - help?

[eminmn]

On 5/27/2020 14:25, Mark Sapiro wrote:

On 5/27/20 9:46 AM, Jeffrey Westgate wrote:


When we try to block
guido.sardu...@spammer.phisher.it,   -- while we'd like to block all of .it,  
what we find is we can either do the individual address, or the entire 
spammer.phisher.it domain.
What's the magic combination?



To block anything from the .it tld in discard_these_nonmembers, use the
regexp

^.*\.it$


Why block all of Italy? Wouldn't something like this work? (emacs 
regexp, but you get the idea):


^.+@spammer\.phisher\..+$

Just a thought. It might even catch some other spammer.phisher emails.




You might also consider setting generic_nonmember_action to discard and
putting things like

^.*\.com$
^.*\.edu$
^.*\.us$

etc. in hold_these_nonmembers for those TLDs you want to hold rather
than discard.


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: better filtering - help?

[Brett Delmage]

On Wed, 27 May 2020, Jeffrey Westgate wrote:


We've been running a mailman server, pushing more than 45 lists, for as long as 
I've been here, and recently spammers and phishers have found us.


If you are running 45 lists then I would expect that you have a decent 
mail server (MTA) ahead of that. In that case, your first defence should 
be there. Enable RBL rejections. Is SpamAssassin 
tagging received emails? Enter a rule into Mailman to reject messages with 
a high spam level. I set a rejection rule based on asterisks in 
X-Spam-Level: which is easy.


Also, my mailhost firewall blocks traffic from .cn, .kr, .ro, ru addresses 
which eliminates a lot of spam and hacking attempts. I don't normally 
expect to get any traffic from those countries so this is an easy choice 
for me with great results. ymmv.


Check your MTA and find out what it can do for you first.
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: better filtering - help?

[Lucio Chiappetti]

On Wed, 27 May 2020, Jeffrey Westgate wrote:

We've been running a mailman server, pushing more than 45 lists, for as 
long as I've been here, and recently spammers and phishers have found 
us.


You do not specify which kind of lists you maintain. Are they closed (only 
subscribers can post) or open (anybody can post) ? Are subscriptions 
moderated (have to be approved) or anybody can subscribe ?


I manage a few lists on different servers (some very far from where I 
work) and they are rather hardened: subscribers have to be approved, and 
only subscribers can post. Some even more.


We're trying to find the right combination to filter in the "List of 
non-member addresses whose postings will be automatically discarded." 
under Privacy Options, Sender Filters.  All we've been able to come up 
with are individual domains.


Listing spammers in discard_these_nonmembers is a lost cause. You get one, 
add it, then he changes domain, you get another etc.


One of my lists is set relatively soft, generic_nonmember_action is set to 
suspend, so any non-subscriber stops in moderation. You can leave it there 
forever and after a few days it expires.


Another is set rather hard, generic_nonmember_action is set to discard, so 
in principle ANYTHING not coming from a subscriber is silently discarded,


However, since this could be too strict (often subscribers post from a 
different address than the one they subsceribed) we play also with

accept_these_nonmembers and hold_these_nonmembers.

The former usually list addresses (e.g. presid...@myorg.it) but can be 
populated automatically (the first time the moderator lets an alias pass, 
he can append it automatically at a tic).


The second forces the message into moderation, where one can (once per 
day?) discard it or let it pass. This makes use of REGULAR EXPRESSIONS 
(consult the online help). E.g. since our list is for a nationwide 
organization, it does not discard postings from our country (Italy, domain 
.it) and from another affiliated domain abroad e.g.


^.+@.+\.it
^.+@.+\.tng\.iac\.es




--
Lucio Chiappetti - INAF/IASF - via Corti 12 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html

"Can you see Enrico Fermi punching a time clock? There are effective
ways to measure scientific productivity; times clocks are not the way."
(Leon M. Lederman to INFN)
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: better filtering - help?

[Mark Sapiro]

On 5/27/20 9:46 AM, Jeffrey Westgate wrote:
> 
> When we try to block
> guido.sardu...@spammer.phisher.it,   -- while we'd like to block all of .it,  
> what we find is we can either do the individual address, or the entire 
> spammer.phisher.it domain.
> What's the magic combination?


To block anything from the .it tld in discard_these_nonmembers, use the
regexp

^.*\.it$

You might also consider setting generic_nonmember_action to discard and
putting things like

^.*\.com$
^.*\.edu$
^.*\.us$

etc. in hold_these_nonmembers for those TLDs you want to hold rather
than discard.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: better filtering - help?

[Andrew Hodgson]

Jeffrey Westgate wrote:

>We've been running a mailman server, pushing more than 45 lists, for as long 
>as I've been here, and recently spammers and phishers have found us.

>We're trying to find the right combination to filter in the "List of 
>non-member addresses whose postings will be automatically discarded." under 
>Privacy Options, Sender Filters.  All we've been able to come up with are 
>individual >domains.  When we try to block
>guido.sardu...@spammer.phisher.it,   -- while we'd like to block all of .it,  
>what we find is we can either do the individual address, or the entire 
>spammer.phisher.it domain.
>What's the magic combination?

I gave up with this and now run SpamAssassin as part of my MTA config, it gets 
rid of all the rubbish that gets sent to my list addresses.  Another good thing 
is that I reject this mail at SMTP time, so I am not sending out lots of admin 
messages to bad or backscatter email accounts.

I am running latest Debian which has a sane and up-to-date SpamAssassin so had 
minimal changes, but if your distro is older you may need to do more work.

Andrew. 
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: DNSException: No Nameservers available for ...

[Mark Sapiro]

On 5/27/20 1:32 AM, Lars Bjørndal wrote:
> Hello
> 
> One member of a mailman mailing list on my system receives an error
> message when posting to the list:
> 
>   You are not allowed to post to this mailing list From: a domain which
>   publishes a DMARC policy of reject or quarantine, and your message has been
>   automatically rejected.  If you think that your messages are being rejected
>   in error, contact the mailing list owner at nssf-styre-ow...@nssf.us.


The list is configured with dmarc_moderation_action = Reject. I suspect
you know that.


> In /var/log/mailman/error, I have:
> 
>   DNSException: No Nameservers available for
>   usern...@blindeforbundet.no (_dmarc.blindeforbundet.no)
> 
> There are not published any DMARC policy for the domain.


The attempt to retrieve the policy at _dmarc.blindeforbundet.no via
Python's dns.resolver.Resolver().query raised
dns.resolver.NoNameservers.  We say this in comments:

# Typically this means a dnssec validation error.  Clients that don't
# perform validation *may* successfully see a _dmarc RR whereas a
# validating mailman server won't see the _dmarc RR.  We should
# mitigate this email to be safe.


I.e, in the face of uncertainty, we choose to err on the side of
applying unneeded mitigation rather than not applying a needed mitigation.

> I'm running mailman-2.1.30-1.fc31.x86_64 on a Fedora 31 server.
> 
> I hope someone on tis list can help me figure out what's going on, and
> hopefully a fix.


The first question is why is this query raising
dns.resolver.NoNameservers. I've tried this from a couple of different
servers

import dns.resolver
from dns.exception import DNSException
resolver = dns.resolver.Resolver()
txt_recs = resolver.query('_dmarc.blindeforbundet.no', dns.rdatatype.TXT)

and in both cases, I get

raise NXDOMAIN(qnames=qnames_to_try, responses=nxdomain_responses)
dns.resolver.NXDOMAIN: None of DNS query names exist:
_dmarc.blindeforbundet.no., ...

I.e. the expected response when there is no record for
_dmarc.blindeforbundet.no

If this is a persistent error, there may be an issue with the way your
server does DNS lookups.

You could avoid this in a couple of ways.

1) Change the list's dmarc_moderation_action to Wrap Message.
or
2) Patch Mailman to not mitigate on this exception.

To do the latter, find the `except (dns.resolver.NoNameservers):` clause
at line 1322 in Mailman/Utils.py and change the return at the end of
that clause from `return True` to `return False`.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: DNSException: No Nameservers available for ...

[David Gibbs via Mailman-Users]

Try setting up a caching name server on the local machine.

On Wed, May 27, 2020 at 12:02 PM Lars Bjørndal  wrote:
>
> Hello
>
> One member of a mailman mailing list on my system receives an error
> message when posting to the list:
>
>   You are not allowed to post to this mailing list From: a domain which
>   publishes a DMARC policy of reject or quarantine, and your message has been
>   automatically rejected.  If you think that your messages are being rejected
>   in error, contact the mailing list owner at nssf-styre-ow...@nssf.us.
>
> In /var/log/mailman/error, I have:
>
>   DNSException: No Nameservers available for
>   usern...@blindeforbundet.no (_dmarc.blindeforbundet.no)
>
> There are not published any DMARC policy for the domain.
>
> I'm running mailman-2.1.30-1.fc31.x86_64 on a Fedora 31 server.
>
> I hope someone on tis list can help me figure out what's going on, and
> hopefully a fix.
>
> Thanks in advance
> Lars
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/



-- 
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding in the American Diabetes Association's Tour de Cure to
raise money for diabetes research, education, advocacy, and awareness.
You can make a tax-deductible donation to my ride by visiting
https://mideml.diabetessucks.net.

You can see where my donations come from by visiting my interactive
donation map ... https://mideml.diabetessucks.net/map (it's a geeky
thing).

I may have diabetes, but diabetes doesn't have me!
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: better filtering - help?

[Gretchen M Beck]

Hi Jeff,


When checking regular expressions for the accept/block/reject lists (as well as 
other places), I highly recommend this website:


https://regex101.com

Online regex tester and debugger: PHP, PCRE, Python, Golang and 
JavaScript
regex101.com
Online regex tester, debugger with highlighting for PHP, PCRE, Python, Golang 
and JavaScript.





You can enter the expression you are thinking of using, then test what it 
matches (so you can be sure it matches what you want and not what you don't, 
and tweak it until it works).


Hope this helps!


--Gretchen


Gretchen Beck

Carnegie Mellon



From: Jeffrey Westgate 
Sent: Wednesday, May 27, 2020 12:46 PM
To: mailman-users@python.org
Subject: [Mailman-Users] better filtering - help?

We've been running a mailman server, pushing more than 45 lists, for as long as 
I've been here, and recently spammers and phishers have found us.

We're trying to find the right combination to filter in the "List of non-member 
addresses whose postings will be automatically discarded." under Privacy 
Options, Sender Filters.  All we've been able to come up with are individual 
domains.  When we try to block
guido.sardu...@spammer.phisher.it,   -- while we'd like to block all of .it,  
what we find is we can either do the individual address, or the entire 
spammer.phisher.it domain.
What's the magic combination?

And the hints say use ^, we found * worked for us   confusion abounds

using mailman version 2.1.20

--
Jeff
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] DNSException: No Nameservers available for ...

[Lars Bjørndal]

Hello

One member of a mailman mailing list on my system receives an error
message when posting to the list:

  You are not allowed to post to this mailing list From: a domain which
  publishes a DMARC policy of reject or quarantine, and your message has been
  automatically rejected.  If you think that your messages are being rejected
  in error, contact the mailing list owner at nssf-styre-ow...@nssf.us.

In /var/log/mailman/error, I have:

  DNSException: No Nameservers available for
  usern...@blindeforbundet.no (_dmarc.blindeforbundet.no)

There are not published any DMARC policy for the domain.

I'm running mailman-2.1.30-1.fc31.x86_64 on a Fedora 31 server.

I hope someone on tis list can help me figure out what's going on, and
hopefully a fix.

Thanks in advance
Lars
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] better filtering - help?

[Jeffrey Westgate]

We've been running a mailman server, pushing more than 45 lists, for as long as 
I've been here, and recently spammers and phishers have found us.

We're trying to find the right combination to filter in the "List of non-member 
addresses whose postings will be automatically discarded." under Privacy 
Options, Sender Filters.  All we've been able to come up with are individual 
domains.  When we try to block
guido.sardu...@spammer.phisher.it,   -- while we'd like to block all of .it,  
what we find is we can either do the individual address, or the entire 
spammer.phisher.it domain.
What's the magic combination?

And the hints say use ^, we found * worked for us   confusion abounds

using mailman version 2.1.20

--
Jeff
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: What is character set of the log files?

[Brett Delmage]

On Tue, 26 May 2020, Mark Sapiro wrote:


What is the character set coding for the log files, please?
I'm using MM 2.1.29


Basically unknown. For the most part, log files are us-ascii, but some
entries contain user entered data such as names or (malformed) email
addresses that might contain non-ascii and might be encoded in the
character set of the list's preferred language or something else.


Thanks. I thought it might be something like that. It's not critical for 
me, as the list admin / mdoerator just needs to look at logs sometimes for 
possible troublshooting. If the log files don't all render perfectly it's 
not a major issue.


A few weeks ago his MSP started bouncing his list emails. He noticed after 
he was suspended for excessive bounces. While the problem could not (or 
would not?) be explained, I suspect he tagged a list "via" message (or 
many) as spam, causing his MSP to block the list address. But who knows.



I have done this with nothing special in Apache. I just put a symlink to
the respective log(s) in a browser accessible place giving it a .txt
extension, e.g. vette.txt -> /var/lib/mailman/logs/vette.log.


Thanks for the tip.

Prior to my inquiry, I ended up with this Apache config stanza to permit 
viewing all the log files using Apache autoindex, allowing Apache and the 
web browser to do the work.


Adding "AddEncoding x-gzip .gz" allows direct viewing of the compressed 
(rotated) log files in the log directory. Adding "ForceType text/plain" 
avoids the need for the .txt extension for MIME setting. I was also going 
to set the charset, but being as it's random... :-)


# Mailman logs
Alias /logs /var/log/mailman/

AuthType Basic
AuthName "Mailman admins"
AuthUserFile "/home/.../passwd"
Require valid-user

# ENable autoindex!
DirectoryIndex disabled

AddEncoding x-gzip .gz
ForceType text/plain

Options FollowSymlinks Indexes
AllowOverride None


I also created a subdirctory "latest" in /logs with symlinks to the 
current versions of the log files. Hmm, I think I could probably do a 
virtual location in Apache itself for this.



Thanks for your incredible support for Mailman users over the past 20 
years, Mark! I posted this message, then told me partner (another list and 
Linux user for 20 years)  that I expected you might be responding at 
dinner -- and here you are!


Brett
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/