Thanks for the reply Stephen, I opened a trouble ticket to see if the host support had a solution to all the spam. They suggested setting the spam reject score in SpamAssassin for our VPS server at 3.5. When I had it set earlier at 5, it started marking member's posts as spam and rejected them. Didn't seem to fix when I moved that score number to 1, though that might not be a proper number to use, I don't know.
Anyway, the spam didn't really stop with that measure. No idea why.. the list's domain is the only one on that vps server. So I have resorted to using mailman settings. I have set the Sender Filters and the header filters to filter out certain subject phrases and words and to auto-discard. I get auto-discard notices of about 150 to 200 per day, but since they are stacked in just a couple notices it isn't difficult to delete. So I'm considering the problem solved unless the host complains about our traffic. Whatever I did, I haven't had a single spam get through my filters yet and no complaints from members about false positives. The spammers attacking us must not be very smart, though they are persistent. /jim On Thu, Sep 28, 2017 at 10:46 PM, Stephen J. Turnbull < turnbull.stephen...@u.tsukuba.ac.jp> wrote: > Sorry, I've been ignoring Mailman for a few days, and I guess you've > got a solution that works already. This is a pair of alternatives > that each have some advantages and disadvantages compared to your > regexp-based solution. FWIW, YMMV > > Jim Dory writes: > > > Apparently our host provider performs spam tests only on outgoing, > > rather than incoming - since my spamassassin blacklists don't have > > any effect. > > Your spamassassin blacklists will have no effect on Mailman, since > Mailman is not you. Ask your provider how to configure this. I > strongly recommend this in preference to any measures in Mailman as it > reduces the burden on the host. > > > So I've discovered the filters offered in Mailman after being > > completely buried by spammers trying to post to our subscriber only > > list. > > I suppose you have cPanel, and I don't know much about their web > management interface. If it's similar to vanilla Mailman, in Privacy > Filters -> Sender Filters near the bottom, there is an option > "generic_nonmember_action". You can set that to Discard if you're > sufficiently sure that members always use their subscribed address, or > are willing to have members using unsubscribed addresses to post have > their posts silently discarded. > > I recommend STRONGLY against using Reject, as that often results in > "backscatter", which is spam to "borrowed" addresses in "From". > > This measure will be effective against all of the spammers in the list > below. It will not work against spammers who spoof your subscribers' > addresses. > > HTH > > Steve > > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
