On 9/24/07, Steve Waage wrote: > I'm running Mailman 2.1.5 on FreeBSD 5.5 and have been getting lots > of entries like the following in my syslog email every morning.
Syslog e-mail? I'm not sure I understand what you're talking about. So far as I know, syslog is written to a file, and you can look at that file with any program that can pull in standard ASCII text. But that file doesn't look anything like what you've displayed. > The bounce addresses are disguised but legitimate ... the addresses > that have been "Deferred" are not on my lists. I may be missing a basic > "spam-proofing" setting ?? Or have they just harvested my listnames in > an attempt to get their junk-mail past others email spam-blockers?? Odds are, they tried to spam you, you tried to auto-respond to them to tell them that their message is being held pending human review, but the auto-responses are not able to get back to them because they had forged a fake address in the first place. This is a typical side-effect of the spam problem when combined with auto-replies from mailing list management software. The technical term for this is "back scatter", which is being generated by your server in response to the spam. > Can I prevent this? You could configure Mailman to avoid auto-replies to messages where the sender is not subscribed and the message is being held for moderation, but that would be pretty unfriendly to the real human beings who try to use your list. You've got to decide where you want to try to strike this balance with your servers. If Mailman wasn't smart about avoiding excessive auto-replies to the same address, then you could be abused as a DDOS amplifier. As it is, Mailman will only send a small number of auto-replies per day per sender address, so while it may generate a small amount of "back scatter" when configured like this, it can't really effectively be used as a DDOS amplifier. Which means it's not all that dangerous to other sites. So, it's annoying to you, but that's really the biggest problem it poses. But there are some sites out there that will put you on a "back scatter" black list if you generate even one single example of back scatter to them, and you've got to weigh the risk of that against the significantly increased hassle to real human beings when they try to post legitimate messages to your system. -- Brad Knowles <[EMAIL PROTECTED]> LinkedIn Profile: <http://tinyurl.com/y8kpxu> ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
