Thanks Chris for your details. Notice, though, that all/most mailing lists, especially all using mailman, do have this issue, which is caused by the DMARC standard neglecting to mind how most mailing lists work(ed at the time). That is, prepending the original subject's line with the list's name in brackets. So this isn't an issue with this mailing list per se. More info (and how to circumvent this problem in the future) can be found here: https://wiki.list.org/DEV/DMARC Anyway, thanks David for your hard work! -----Ursprüngliche Nachricht----- Von: Chris Palmer <chris@xxxxxxxxxxxxxxxxxxxxx> Gesendet: Freitag, 7. August 2020 10:25 An: ceph-users@xxxxxxx Betreff: Re: Can you block gmail.com or so!!! While you are thinking about the mailing list configuration, can you consider that it is very DMARC-unfriendly, which is why I have to use an email address from an ISP domain that does not publish DMARC. If I post from my normal email accounts: * We publish SPF, DKIM & DMARC policies that request rejection of emails purportedly from our domain that fail both SPD & DKIM. We also request DMARC forensic reports. * I post to the list, and the list "forwards" the email to everyone with my email as the sender, and modifies the subject by prepending * Modifying the subject invalidates my DKIM signature * Many receiving domains check DMARC, and see that I fail SPF by trying to send from an unauthorised relay (i.e. the mailing list server) and that I fail DKIM as the signature is now invalid due to the subject change * All those domains reject my message, some sending me bounce messages * All of the domains send me daily reject reports so I can see that many are being rejected * Some send me a forensic report for each bounced message (I have this enabled after one of our domains was used as the sender address for a mass-spamming toolkit) * So for each message I post I can receive 50-100 blowback messages, and know that most people haven't seen my posts! Forwarding a message with the original sender, as well as modifying the message, is a no-no..... It's already a problem, and will continue to grow as a problem as spam mitigations increase. Hope that helps explain the issue. Regards, Chris On 06/08/2020 20:14, David Galloway wrote: > Oh, interesting. You appear to be correct. I'm running each of the > mailing lists' services in their own containers so the private IP > makes sense. > > I just commented on a FR for Hyperkitty to disable posting via Web UI: > https://gitlab.com/mailman/hyperkitty/-/issues/264 > > Aside from that, I can confirm my new SPF filter has already blocked > one spam e-mail from getting through so that's good. > > Thanks for the tip. > > On 8/6/20 2:34 PM, Tony Lill wrote: >> I looked at the received-from headers, and it looks to me like these >> messages are being fed into the list from the web interface. The >> first received from is from mailman web and a private IP. >> >> On 8/6/20 2:09 PM, David Galloway wrote: >>> Hi all, >>> >>> As previously mentioned, blocking the gmail domain isn't a feasible >>> solution since the vast majority of @gmail.com subscribers (about >>> 500 in >>> total) are likely legitimate Ceph users. >>> >>> A mailing list member recommended some additional SPF checking a >>> couple weeks ago which I just implemented today. I think what's >>> actually happening is a bot will subscribe using a gmail address and >>> then "clicks" the confirmation link. They then spam from a >>> different domain pretending to be coming from gmail.com but it's >>> not. The new config I put in place should block that. >>> >>> Hopefully this should cut down on the spam. I took over the Ceph >>> mailing lists last year and it's been a never-ending cat and mouse >>> game of spam filters/services, configuration changes, etc. I'm >>> still learning how to be a mail admin so your patience and >>> understanding is appreciated. >>> >> >> _______________________________________________ >> ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an >> email to ceph-users-leave@xxxxxxx >> > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an > email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |