[Mailman-Users] specific (1) LHS and (2) sender rules to frustrate spam/phishing
Rich Kulawiec writes: Any incoming mail message whose putative sender matches: do-not-reply@ and which is directed to any of the Mailman standard aliases can be rejected (not bounced [1]) with SMTP status 550 (extended status 5.7.1) since either: (a) it's a forgery, therefore there's no point in letting Mailman attempt to emit a reply -- or even in accepting the message to begin with. (a) it's not a forgery, therefore there's no point in trying to reply to it. You have to be careful, though. For several years on one of my lists I had a subscriber whose address was something like (I don't recall exactly) [EMAIL PROTECTED], which was a perfectly valid address and at which he/she/it did receive mail and from which he/she/it would reply. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] specific (1) LHS and (2) sender rules to frustrate spam/phishing
On Fri, Jun 29, 2007 at 01:25:15PM -0700, John W. Baxter wrote: I wasn't referring to sender verification callbacks (which we do not use). I was referring to recipient verification callforwards, where the edge MTA doesn't know valid recipients but some internal (or even customer) MTA does. Exim can configure these easily (but that doesn't help because Mailman doesn't act like an MTA). I don't know about any other MTAs in this regard. Ah, understood. *Those* I highly approve of, since they at least help mitigate accept-then-bounce issues due to non-existent recipient addresses at the final/internal/destination MTA. Whether it's done by callforwards, or LDAP lookups, or script-generated virtual user tables, or aliases, or whatever, I'm all for it. ---Rsk -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] specific (1) LHS and (2) sender rules to frustrate spam/phishing
On Sat, Jun 30, 2007 at 10:36:19PM +0900, Stephen J. Turnbull wrote: You have to be careful, though. For several years on one of my lists I had a subscriber whose address was something like (I don't recall exactly) [EMAIL PROTECTED], which was a perfectly valid address and at which he/she/it did receive mail and from which he/she/it would reply. Agreed, care is needed in order to avoid false positives. (nobody, by the way, is often aliased thus in stock sendmail installations on various 'nix boxes: nobody: /dev/null so while there's nothing wrong with it per se -- and it's not a special address per RFC 2142 -- I find myself wondering how many people have hardwired it into various anti-spam setups. ;-) ) I should probably mention that I'm not a fan of [EMAIL PROTECTED] and similar addresses, which seem to be often used these days for one-way mailing lists: I think *all* messages should be replyable. But I figure that, as a practical matter, as long as so many sites are using that convention, we might as well leverage it to our advantage. ---Rsk -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] specific (1) LHS and (2) sender rules tofrustrate spam/phishing
On Fri, Jun 29, 2007 at 01:35:51PM -0700, Mark Sapiro wrote: If I were trying to do it, I would use the KNOWN_SPAMMERS list in mm_cfg.py. For example just listing a few of yours KNOWN_SPAMMERS = [ ('from', '^(.*[\s])?do-not-reply@'), ('from', '^(.*[\s])[EMAIL PROTECTED]([\s].*)?'), ] That's *very* handy to know. I'm going to do some limited experiments with it over the next week or two, and will be back with results. Thanks! ---Rsk -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp