[SAC] [OSGeo] #1778: Spam to mailing list -owner addresses

Committees SAC mailing list
1

#1778: Spam to mailing list -owner addresses
---------------------------+--------------------
Reporter: jsanz | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: mailman, spam |
---------------------------+--------------------

Comment (by Jeff McKenna):

I've examined the logs closely and spent my whole day on this. (funding,
anyone?)

The original issue reported in this ticket (spam from qq.com domain) still
exists.

* Typical log message today showing successful emails sent to our list
owners:

{{{
Jun 18 11:08:51 osgeo6 postfix/qmgr[23549]: 173A7600C6B7:
from=<123725849@qq.com>, size=956, nrcpt=1 (queue active)
Jun 18 11:08:51 osgeo6 postfix/pipe[24762]: 173A7600C6B7: to=<mapguide-
internals-owner@lists.osgeo.org>, relay=mailman, delay=0.69,
delays=0.54/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailman
service)
}}}

* So I examined our postfix config files.
* /etc/postfix/access contains: qq.com REJECT
* so something wasn't right, because the qq.com domain is not being
rejected
* I noticed that the config file /etc/postfix/main.cf was missing the
important line:
{{{
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
}}}
* restarted service
* logs say that qq.com now REJECTS the qq.com domain:
{{{
Jun 18 11:35:04 osgeo6 postfix/smtpd[17873]: NOQUEUE: reject: RCPT from
unknown[114.228.74.19]: 554 5.7.1 <676479210@qq.com>: Sender address
rejected: Access denied; from=<676479210@qq.com> to=<discuss-
bounces@lists.osgeo.org> proto=SMTP helo=<mail.tofine.com>
}}}
* but that slows the queue as postfix tries to send a rejection email to a
broken qq.com sender. So updated the access file to DISCARD instead, when
allows postfix to crunch faster:
{{{
Jun 18 11:40:23 osgeo6 postfix/smtpd[20305]: NOQUEUE: discard: RCPT from
unknown[125.121.117.70]: <491235343@qq.com>: Sender address triggers
DISCARD action; from=<491235343@qq.com> to=<gdal-dev-
owner@lists.osgeo.org> proto=SMTP helo=<chinarida.com.cn>

I am watching the logs being processed now. I hope this change helps!!!

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1778#comment:7&gt;
OSGeo <https://osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.