Re: [Mailman-Users] spam discard expressions

2017-09-29 Thread Phil Stracchino 
On 09/29/17 03:13, Jim Dory wrote:
> The
> spammers attacking us must not be very smart, though they are persistent.

The truth, I think, is that *most* spammers aren't very smart.  The
smart ones have figured out that the real money isn't in spamming, it's
in selling spamming tools and spam hosting to the ones who haven't
figured that out yet.


-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-29 Thread Mark Sapiro 
On 09/29/2017 12:13 AM, Jim Dory wrote:
> 
> I opened a trouble ticket to see if the host support had a solution to all
> the spam. They suggested setting the spam reject score in SpamAssassin for
> our VPS server at 3.5.  When I had it set earlier at 5, it started marking
> member's posts as spam and rejected them. Didn't seem to fix when I moved
> that score number to 1, though that might not be a proper number to use, I
> don't know.


SpamAssassin scores measure "spaminess"; the higher the score, the more
likely the message is spam. If a threshold of 5 gives false positives, 1
will give many more false positives. If you are getting too many false
positives, you need to raise the reject score, not lower it. Or, you can
adjust the score for rules that contribute too much to false positives.

There are a lot of things you can do with custom rules and scoring in
SpamAssassin, but this is not the list for discussing that.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-29 Thread Jim Dory 
Thanks for the reply Stephen,

I opened a trouble ticket to see if the host support had a solution to all
the spam. They suggested setting the spam reject score in SpamAssassin for
our VPS server at 3.5.  When I had it set earlier at 5, it started marking
member's posts as spam and rejected them. Didn't seem to fix when I moved
that score number to 1, though that might not be a proper number to use, I
don't know.

Anyway, the spam didn't really stop with that measure. No idea why.. the
list's domain is the only one on that vps server. So I have resorted to
using mailman settings. I have set the Sender Filters and the header
filters to filter out certain subject phrases and words and to
auto-discard. I get auto-discard notices of about 150 to 200 per day, but
since they are stacked in just a couple notices it isn't difficult to
delete. So I'm considering the problem solved unless the host complains
about our traffic. Whatever I did, I haven't had a single spam get through
my filters yet and no complaints from members about false positives. The
spammers attacking us must not be very smart, though they are persistent.

/jim

On Thu, Sep 28, 2017 at 10:46 PM, Stephen J. Turnbull <
turnbull.stephen...@u.tsukuba.ac.jp> wrote:

> Sorry, I've been ignoring Mailman for a few days, and I guess you've
> got a solution that works already.  This is a pair of alternatives
> that each have some advantages and disadvantages compared to your
> regexp-based solution.  FWIW, YMMV
>
> Jim Dory writes:
>
>  > Apparently our host provider performs spam tests only on outgoing,
>  > rather than incoming - since my spamassassin blacklists don't have
>  > any effect.
>
> Your spamassassin blacklists will have no effect on Mailman, since
> Mailman is not you.  Ask your provider how to configure this.  I
> strongly recommend this in preference to any measures in Mailman as it
> reduces the burden on the host.
>
>  > So I've discovered the filters offered in Mailman after being
>  > completely buried by spammers trying to post to our subscriber only
>  > list.
>
> I suppose you have cPanel, and I don't know much about their web
> management interface.  If it's similar to vanilla Mailman, in Privacy
> Filters -> Sender Filters near the bottom, there is an option
> "generic_nonmember_action".  You can set that to Discard if you're
> sufficiently sure that members always use their subscribed address, or
> are willing to have members using unsubscribed addresses to post have
> their posts silently discarded.
>
> I recommend STRONGLY against using Reject, as that often results in
> "backscatter", which is spam to "borrowed" addresses in "From".
>
> This measure will be effective against all of the spammers in the list
> below.  It will not work against spammers who spoof your subscribers'
> addresses.
>
> HTH
>
> Steve
>
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-22 Thread Mark Sapiro 
On 09/22/2017 07:22 PM, Jim Dory wrote:
> Maybe this is how to do it:
> 
> My spam filter is not working. I have this syntax: ^Subject: .*Example


And where are you putting this?

If you have that in bounce_matching_headers, you don't want the ^. The
syntax there is the header followed by a regexp to match. E.g.

subject: .*example

or even (I think)

subject: ^.*example

Both the header and regexp are case insensitive.

If it's in header_filter_rules

^Subject: .*Example

should work (and it too is case insensitive).


> And mail with this subject is still getting through:
> Subject: Desperate for a Example


If the above doesn't explain it, it's possible the header is rfc 2047
encoded as in

Subject: =?utf-8?b?RGVzcGVyYXRlIGZvciBhIEV4YW1wbGUK?=

which decodes to

Subject: Desperate for a Example

but headers should be rfc 2047 decoded for header_filter_rules but not
for bounce_matching headers.

Also note that bounce_matching_headers is called "Legacy anti-spam
filters" for a reason.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-22 Thread Mark Sapiro 
On 09/22/2017 07:19 PM, Jim Dory wrote:
> I'm trying to ask a question about spam filters, using an example of spam
> I'm getting, but I'm getting this error:
> 
> The response was:
> 
> 554 permanent error Contact your postmaster/admin for assistance. Please
> provide the following information in your problem report: time (Sep 22
> 22:16:42) and client (2607:f8b0:400e:c05::231).

Your email client is not giving you the reject reason which from
mail.python.org's log is

Sep 22 22:16:42 mail postfix/smtpd[18989]: NOQUEUE: reject_warning: RCPT
from mail-pg0-x231.google.com[2607:f8b0:400e:c05::231]: 554 5.7.1
: Recipient address rejected: You must be a
member to send to this address.; from=
to= proto=ESMTP helo=


I.e. post from your subscribed address which is ja...@dorydesign.com,
not jim.d...@gmail.com

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-22 Thread Jim Dory 
Maybe this is how to do it:

My spam filter is not working. I have this syntax: ^Subject: .*Example

And mail with this subject is still getting through:
Subject: Desperate for a Example

What would be correct way to catch messages with "Example"?

thanks, jim

On Fri, Sep 22, 2017 at 6:19 PM, Jim Dory  wrote:

>
> I'm trying to ask a question about spam filters, using an example of spam
> I'm getting, but I'm getting this error:
>
> The response was:
>
> 554 permanent error Contact your postmaster/admin for assistance. Please
> provide the following information in your problem report: time (Sep 22
> 22:16:42) and client (2607:f8b0:400e:c05::231).
>
>
> Anyway around this?   /jim
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-22 Thread Jim Dory 
I'm trying to ask a question about spam filters, using an example of spam
I'm getting, but I'm getting this error:

The response was:

554 permanent error Contact your postmaster/admin for assistance. Please
provide the following information in your problem report: time (Sep 22
22:16:42) and client (2607:f8b0:400e:c05::231).


Anyway around this?   /jim
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-20 Thread Jim Dory 
Great, thanks!

This should help a lot,

regards, Jim

On Wed, Sep 20, 2017 at 1:29 PM, Robert Heller  wrote:

> At Wed, 20 Sep 2017 11:59:37 -0800 Jim Dory  wrote:
>
> >
> > Apparently our host provider performs spam tests only on outgoing, rather
> > than incoming - since my spamassassin blacklists don't have any effect.
> >
> > So I've discovered the filters offered in Mailman after being completely
> > buried by spammers trying to post to our subscriber only list.
> >
> > I've started putting these in Sender Filters:
> >
> > ^[^@]+@bcira\.com$
> > ^[^@]+@airablo\.com$
> > ^[^@]+@bfklaw\.com$
> > ^[^@]+@bettella\.com$
> > ^[^@]+@areallycool\.com$
> > ^[^@]+@aristo-tec\.com$
> > ^[^@]+@benallgood\.com$
> > ^[^@]+@al-meshkah\.com$
> > ^[^@]+@atoccs\.stream$
> > ^[^@]+@authors\.com$
> > ^[^@]+@aulson\.com$
> > ^[^@]+@atmyx\.bid$
> > ^[^@]+@airtecperforms\.com$
> >
> > but what is the syntax for blocking domains ending in
> > .loan
> > .stream
> > .trade
>
> ^[^@]+@.+\.loan$
> ^[^@]+@.+\.stream$
> ^[^@]+@.+\.trade$
>
> etc.
>
> Just replace the "host" part with .+ (== 1 or more of any character) and
> replace com with loan, stream, trade, etc.  Thus, for example:
>
> ^[^@]+@.+\.loan$
>
> matches any of these:
>
> someid...@getaloan.loan
> freemo...@instantloan.loan
> brreakyourl...@loanshark.loan
>
> (and many more).
>
> >
> > etc, other than .com.
> >
> > I've been reading up on python expressions but at first reading it is a
> bit
> > overwhelming - hoping for a simple example.
> >
> > I've also started adding in words under Spam filters such as:
> >
> > ^Subject: .*Phentermine
> > ^Subject: .*F\*buddy
> > ^Subject: .*H00kup
> > ^Subject: .*InstaF\*ck
> > ^Subject: .*Instacheat
> >
> > Wondering if anyone would care to share their lists of filters - or a
> good
> > resource?
> >
> > thanks, Jim
> > --
> > Mailman-Users mailing list Mailman-Users@python.org
> > https://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Security Policy: http://wiki.list.org/x/QIA9
> > Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> > Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> heller%40deepsoft.com
> >
> >
>
> --
> Robert Heller -- 978-544-6933
> Deepwoods Software-- Custom Software Services
> http://www.deepsoft.com/  -- Linux Administration Services
> hel...@deepsoft.com   -- Webhosting Services
>
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] spam discard expressions

2017-09-20 Thread Phil Stracchino 
On 09/20/17 15:59, Jim Dory wrote:
> Apparently our host provider performs spam tests only on outgoing, rather
> than incoming - since my spamassassin blacklists don't have any effect.
> 
> So I've discovered the filters offered in Mailman after being completely
> buried by spammers trying to post to our subscriber only list.


You might try deploying rspamd.


-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org