One thing *I* have discovered is that "bogus" messages (eg phishing, etc. spam), often have various envlope headers that give them away. One is a "Reveived: " from a mail server with no reverse DNS ('Reveived: from ... (unknown [ddd.ddd.ddd.ddd])', so a spam filter rule like this:
"Received: from.*(unknown \[\d+\.\d+\.\d+\.\d+\])" catches them. Set this filter to "Hold", since *some* E-Mail clients/providers seem to use machines with non routing addresses either internally or otherwise (typically AOL over a Satelite Internet connection), which you will want to pass though manually. I also use Spamassassin on my server, so having a rule like: "X-Spam-Score: \d" is also helpful at catching spam and phishing mail. At Mon, 25 Sep 2017 21:31:05 -0700 Mark Sapiro <m...@msapiro.net> wrote: > > On 09/25/2017 03:49 AM, Ralf Hildebrandt wrote: > > Recent phishing mails are targeting mailing-lists -- and do pass. > > > > From our logs: > > Sep 25 12:10:41 2017 (1940) post to rundmail-it from > > sabishi.meis...@charite.de, size=4760, > > message-id=<486320030245.201792592...@charite.de>, success > > > > But the headers of the mail that was automatically passed (since > > sabishi.meis...@charite.de is a member) was: > > > > From: "Sabishi.Meister@" <charite.de eve...@tryphotels.ae> > > > A post is considered to be from a list member if any of the headers in > the Defaults.py/mm_cfg.py SENDER_HEADERS setting contains a member > address. The default setting is > > SENDER_HEADERS = ('from', None, 'reply-to', 'sender') > > (None means the envelope sender). Assuming you have the default setting, > the sabishi.meis...@charite.de address was either the envelope sender or > in Reply-To: or Sender:. > > You could set > > SENDER_HEADERS = ('from',) > > in mm_cfg.py to test only the From: for list membership. > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org