Re: Can you block gmail.com or so!!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



While you are thinking about the mailing list configuration, can you consider that it is very DMARC-unfriendly, which is why I have to use an email address from an ISP domain that does not publish DMARC.

If I post from my normal email accounts:

 * We publish SPF, DKIM & DMARC policies that request rejection of
   emails purportedly from our domain that fail both SPD & DKIM. We
   also request DMARC forensic reports.
 * I post to the list, and the list "forwards" the email to everyone
   with my email as the sender, and modifies the subject by prepending
* Modifying the subject invalidates my DKIM signature
 * Many receiving domains check DMARC, and see that I fail SPF by
   trying to send from an unauthorised relay (i.e. the mailing list
   server) and that I fail DKIM as the signature is now invalid due to
   the subject change
 * All those domains reject my message, some sending me bounce messages
 * All of the domains send me daily reject reports so I can see that
   many are being rejected
 * Some send me a forensic report for each bounced message (I have this
   enabled after one of our domains was used as the sender address for
   a mass-spamming toolkit)
 * So for each message I post I can receive 50-100 blowback messages,
   and know that most people haven't seen my posts!

Forwarding a message with the original sender, as well as modifying the message, is a no-no..... It's already a problem, and will continue to grow as a problem as spam mitigations increase.

Hope that helps explain the issue.

Regards, Chris


On 06/08/2020 20:14, David Galloway wrote:
Oh, interesting.  You appear to be correct.  I'm running each of the
mailing lists' services in their own containers so the private IP makes
sense.

I just commented on a FR for Hyperkitty to disable posting via Web UI:
https://gitlab.com/mailman/hyperkitty/-/issues/264

Aside from that, I can confirm my new SPF filter has already blocked one
spam e-mail from getting through so that's good.

Thanks for the tip.

On 8/6/20 2:34 PM, Tony Lill wrote:
I looked at the received-from headers, and it looks to me like these
messages are being fed into the list from the web interface. The first
received from is from mailman web and a private IP.

On 8/6/20 2:09 PM, David Galloway wrote:
Hi all,

As previously mentioned, blocking the gmail domain isn't a feasible
solution since the vast majority of @gmail.com subscribers (about 500 in
total) are likely legitimate Ceph users.

A mailing list member recommended some additional SPF checking a couple
weeks ago which I just implemented today.  I think what's actually
happening is a bot will subscribe using a gmail address and then
"clicks" the confirmation link.  They then spam from a different domain
pretending to be coming from gmail.com but it's not.  The new config I
put in place should block that.

Hopefully this should cut down on the spam.  I took over the Ceph
mailing lists last year and it's been a never-ending cat and mouse game
of spam filters/services, configuration changes, etc.  I'm still
learning how to be a mail admin so your patience and understanding is
appreciated.


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux