Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

mailman anti-spam filters

There has been a recent spate of spammers forging list member or list admin emails, and thus are able to post directly to the corresponding targeted list (as typically list members are always allowed to post to the list they are members of).

All external email passing through the University’s mail servers are given a spam rating, and headers added to the email with its spam score. eg.

X-Spam-Score: 5
X-Spam-Level: *****
X-Spam-Status: hits=5.502 tests=HEADER_FROM_DIFFERENT_DOMAINS,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,LOCAL_ACCTPHISH1l3,RP_MATCHES_RCVD,SYSADMIN version=3.4.0

A score of 4 or above is likely to be spam. The higher the number, the more likely it is to be spam. Though as the classification is an automated process, there can be false positives.

We can use mailman’s spam filter to match on any header, but in the above example the X-Spam-Score is the simplest to use.

We’ve recently added the following filters to all mailman lists that are not already filtering the mail based on the spam score.

mailman anti-spam page

Example of mailman spam filter page, highlighting the options you may want to change.

If your list was called “test”, then the URL for this page would be http://lists.inf.ed.ac.uk/mailman/admin/test/privacy/spam

What the two rules do is to hold for moderation any messages (regardless of who sent them) if the spam score for the message is 4 or greater (9 being the highest score). Note that the matching is actually a regular expression.

The reason they are split into two rules, is to show that you could choose to automatically discard posts with higher scores. So for example the current “[89]” rule could be changed to “Discard” (remember to press the “Submit Your Changes” button at the bottom of the page). From then on, any posts sent to the list with a spam score of 8 or 9 will silently disappear. Note there is no notification this has happened, and you cannot recover any information about what has been automatically deleted. So you should only do this if you are happy with those facts.

One last point, the “Defer” option on the filter page, actually means “disable this rule”, not “defer any matching post”.

If you want help changing any of these settings, submit a support ticket in the usual manner.

Neil

mailman anti-spam filters / Computing Systems by is licensed under a

Posted by

Categories

Service Update

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

mailman anti-spam filters / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel