On Wed, 2011-07-20 at 05:13 -0500, Ace... wrote: > Martin Gregorie wrote: > > > > Now 8% of the mail I receive is spam, but most of that (80-90%) arrives > > via the Wine mailing list and, whenever I've looked at the source, its > > almost all been submitted via the CodeWeavers forum, which also feeds > > into the Wine mailing list with, judging from the headers, no spam > > filtering used. > > > > > Your saying 'the CodeWeavers forum feeds into the Wine mailing list' > Yes: exactly that. Here's an example. 13 spams arrived last night, all with the same From address, all following the same delivery route and all advertising the same Vietnamese electronics shop. Here are the relevant headers: >From wine-users-bounces@xxxxxxxxxx Wed Jul 20 08:31:06 2011 .... ....some headers removed..... .... Received: from wine.codeweavers.com ([209.46.25.134]) by m1pismtp01-012.prod.mesa1.secureserver.net with ESMTP; 20 Jul 2011 00:24:17 -0700 Received: from localhost ([127.0.0.1] helo=localhost.localdomain ident=list) by wine.codeweavers.com with esmtp (Exim 4.69) (envelope-from <wine-users-bounces@xxxxxxxxxx>) id 1QjR8Z-000558-Vt; Wed, 20 Jul 2011 02:24:11 -0500 Received: from www-data by wine.codeweavers.com with local (Exim 4.69) (envelope-from <www-data@xxxxxxxxxxxxxxxxxxxx>) id 1QjR8U-00054y-Ll for wine-users@xxxxxxxxxx; Wed, 20 Jul 2011 02:24:02 -0500 Message-ID: <1311146642.m2f.64016@xxxxxxxxxxxxxxxx> From: "tony_toan" <wineforum-user@xxxxxxxxxx> X-Generated-By: M2F: www.mail2forum.com Date: Wed, 20 Jul 2011 02:24:02 -0500 To: wine-users@xxxxxxxxxx Subject: ABRACON - GNN Components, Co.Ltd X-BeenThere: wine-users@xxxxxxxxxx X-Mailman-Version: 2.1.11 Precedence: list Reply-To: wine-users@xxxxxxxxxx List-Id: Wine Users Mailing List <wine-users.winehq.org> List-Unsubscribe: <http://www.winehq.org/mailman/options/wine-users>, <mailto:wine-users-request@xxxxxxxxxx?subject=unsubscribe> List-Archive: <http://www.winehq.org/pipermail/wine-users> List-Post: <mailto:wine-users@xxxxxxxxxx> List-Help: <mailto:wine-users-request@xxxxxxxxxx?subject=help> List-Subscribe: <http://www.winehq.org/mailman/listinfo/wine-users>, <mailto:wine-users-request@xxxxxxxxxx?subject=subscribe> Sender: wine-users-bounces@xxxxxxxxxx Errors-To: wine-users-bounces@xxxxxxxxxx The headers I removed show the mail's path from my domain name host (secureserver.net) to this computer, so are not relevant. As you can see, the envelope sender is wine-users-bounces@xxxxxxxxxx The message was originated by 'www-data' in the Codeweavers domain. I know its there because their copy of the Exim MTA says the www-data message source is local to itself, i.e. on the same server. This message clearly didn't originate from a mail client or there would be a header showing this and the message-ID would have identified the mail client. The message then went through M2F, which is a bridge program that transfers messages between web forums and mail systems. This added the message ID and all the headers related to the wine-users.winehq.org mailing list before passing it to the codeweavers mailserver, which sent it to my domain host. > It's not clear to me what is meant by this. > It means that spam that appears on the Wine users mailing list is being input through web forum software at Codeweavers. It also appears that more of the Wine project is hosted by Codeweavers than I realised. The headers indicate that they host the Wine forums and mailing lists. Its also quite clear that the only spam filters are on my side of the Internet because these have all added headers. They are: - my domain host, which is running IronPort - my ISP, which is running DSPAM - I'm running SpamAssassin on the feed to my Postfix MTA. There are no other spam filters anywhere along the delivery chain. > Is their forum using phpbb? > I can't tell. There's nothing in the headers that identifies the forum software. > Are we sharing the same email transports sys, so that all the mail > appears to originate from the same source? > Yes, I think so. Your message has the same set of headers as the spam I analysed. > If this is the case, then there is no point in me contacting the ISP > admin, cos they could say that we ARE the source of spam. > Correct. > Is this not something that should be worked out with php, with an > implementation of anti-spam measures, such as those you have outlined? > Thats pretty much the case. Adding a spam filter between the web forums and the Codeweavers MTA may catch some spam, but doing this is hard because you're limited to looking at the body of the message: the mail headers showing where the message originated, etc. simply aren't there yet or have been given fixed values by the forum software and/or M2F. General consensus seems to be that keeping spammers out of forums is the best approach. I can't recall getting spam from a mail list or forum that uses an e-mail challenge/response system as part of the sign-up process. > But what I do know is that it's a bit of a bummer when WineHQ is > considered such a source of spam, that its emails are simply blocked > by certain ISP's. > Agreed. Keeping spammers out, or at least vastly reducing spamming, is the essential first step to getting off ISP blacklists. Martin
