While you are thinking about the mailing list configuration, can you
consider that it is very DMARC-unfriendly, which is why I have to use an
email address from an ISP domain that does not publish DMARC.
If I post from my normal email accounts:
* We publish SPF, DKIM & DMARC policies that request rejection of
emails purportedly from our domain that fail both SPD & DKIM. We
also request DMARC forensic reports.
* I post to the list, and the list "forwards" the email to everyone
with my email as the sender, and modifies the subject by prepending
* Modifying the subject invalidates my DKIM signature
* Many receiving domains check DMARC, and see that I fail SPF by
trying to send from an unauthorised relay (i.e. the mailing list
server) and that I fail DKIM as the signature is now invalid due to
the subject change
* All those domains reject my message, some sending me bounce messages
* All of the domains send me daily reject reports so I can see that
many are being rejected
* Some send me a forensic report for each bounced message (I have this
enabled after one of our domains was used as the sender address for
a mass-spamming toolkit)
* So for each message I post I can receive 50-100 blowback messages,
and know that most people haven't seen my posts!
Forwarding a message with the original sender, as well as modifying the
message, is a no-no..... It's already a problem, and will continue to
grow as a problem as spam mitigations increase.
Hope that helps explain the issue.
Regards, Chris
On 06/08/2020 20:14, David Galloway wrote:
Oh, interesting. You appear to be correct. I'm running each of the
mailing lists' services in their own containers so the private IP makes
sense.
I just commented on a FR for Hyperkitty to disable posting via Web UI:
https://gitlab.com/mailman/hyperkitty/-/issues/264
Aside from that, I can confirm my new SPF filter has already blocked one
spam e-mail from getting through so that's good.
Thanks for the tip.
On 8/6/20 2:34 PM, Tony Lill wrote:
I looked at the received-from headers, and it looks to me like these
messages are being fed into the list from the web interface. The first
received from is from mailman web and a private IP.
On 8/6/20 2:09 PM, David Galloway wrote:
Hi all,
As previously mentioned, blocking the gmail domain isn't a feasible
solution since the vast majority of @gmail.com subscribers (about 500 in
total) are likely legitimate Ceph users.
A mailing list member recommended some additional SPF checking a couple
weeks ago which I just implemented today. I think what's actually
happening is a bot will subscribe using a gmail address and then
"clicks" the confirmation link. They then spam from a different domain
pretending to be coming from gmail.com but it's not. The new config I
put in place should block that.
Hopefully this should cut down on the spam. I took over the Ceph
mailing lists last year and it's been a never-ending cat and mouse game
of spam filters/services, configuration changes, etc. I'm still
learning how to be a mail admin so your patience and understanding is
appreciated.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
