Re: [Mailman-Users] Finding list user in redacted FBL reports
On Fri, Aug 9, 2019 at 2:55 AM Stephen J. Turnbull < turnbull.stephen...@u.tsukuba.ac.jp> wrote: > Have you had any luck with this in the last couple of days? > Hi Stephen (and all). Indeed, I am having MUCH luck with this! First, the option to base64 encode the recipient's email as a new header with the RCPT_BASE64_HEADER_NAME config setting (discussed in my last post) is working great! In addition, as you mentioned, I am ALSO getting lucky in reviewing the headers for the queue id... and I am using this successfully on one older server that has an older version of Mailman (which does not have the base64 option). So, I am in really good shape at this point... thank you!!! - Scott Scott Neader writes: > > > I have Personalization enabled, and have the subscriber's email > > address in the footer, but Comcast redacts the email address. > > Unfortunately, there are quite a few comcast.net users on this > > list, making this really difficult to find the offender. > > Does the returned mail contain the full trace of "Received" fields? > If you're very lucky, one of them may contain the offender's address. > > Otherwise, the oldest one frequently has an MTA queue id from your MTA > (and depending on your network, there may be a couple of these under > your control in the Received chain), and that can be matched with the > queue id in the MTA's log, which will typically tell you who it was > sent to. Since you have full personalization enabled, there should be > one such queue id per message. Here is an example of my own: > > Received: from steve by turnbull.sk.tsukuba.ac.jp with local (Exim 4.92) > (envelope-from ) > id 1htOUc-Rx-F5; Fri, 02 Aug 2019 12:44:34 +0900 > > 2019-08-02 12:44:39 1htOUc-Rx-F5 => mailman-develop...@python.org > R=dn... > > The log line is truncated by me since the rest is irrelevant, the MTA > is Exim. Note that some MTAs don't do this, some MTAs don't do it by > default, but you can reconfigure the log message and the Received > header this way. And some MTAs that do it change the prefix or suffix > of the queue id at various stages, so you may need to search on a > truncated portion of the full id. > > > I've read through the Mailman Users archives and have seen others with > this > > problem, and it seems some of you have come up with your own creative > > solutions, but no solutions have been posted, > > Here's a partial solution from Mailman-Developers: > > https://mail.python.org/pipermail/mailman-developers/2012-June/022200.html > > (the "partial" is because you'll have to come up with your own way to > iterate over the mailing list and match MD5s). I suspect you can get > the same effect by base64- or base85-encoding the email address, or > even simply %-encoding (or removing!) all the punctuation, instead of > MD5-ing. Those are easily reversible, and the punctuation-munging > solutions can be "decoded" by eye! > > Note that it's barely possible you're using the Sendmail.py module, in > which case you will have the line "DELIVERY_MODULE = 'Sendmail'" in > mm_cfg.py. If so, come back and we can discuss the "cons" (there are > no "pros") of that module, and what to do next. > > -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Finding list user in redacted FBL reports
On Tue, Aug 6, 2019 at 7:24 AM David Gibbs via Mailman-Users < mailman-users@python.org> wrote: > On Mon, Aug 5, 2019 at 11:40 PM Scott Neader wrote: > > Do any of you have any ideas for me to identify this serial > > 'mark-as-spammer'? Could I hack something together temporarily that > would > > put maybe the first few characters of their email in the footer? (so that > > Comcast won't sense it as an email and won't redact it?) Other ideas? > > Check out the RCPT_BASE64_HEADER_NAME setting in Defaults.py. That > will let you tag personalized & verped deliveries with the base64 > encoding of the recipient's email address. I want to send a BIG thanks to David Gibbs on this one. This actually worked perfectly! The body of the FBL report shows just the basic To, From, Subject, Date/Time and Body, so I did not think adding a new header would do diddly-squat. I *wrongly* assumed that the FBL reports do not include any header information. David and I traded some direct emails on the topic and he finally convinced me to do a "View Original" or "View Source" (depending on your email client) on the FBL report from Comcast and low and behold... the full headers are exposed... not only from the FBL itself, but *also* from the original offending message that the ISP forwarded in the FBL. So, you have two sets of headers to scroll through... but, sure enough, my new header was there, exposing the culprit list subscriber that was flagging all emails as spam. Here's a step-by-step (not hard) to get this going: 1) At the server level, Personalization or VERP must be enabled. I chose Personalization since I already had it enabled. This is done by adding "OWNERS_CAN_ENABLE_PERSONALIZATION = Yes" to mm_cfg.py 2) At the list level, Personalization needs to be set to Yes (Non-Digest options > Personalize) 3) At the server level, add " RCPT_BASE64_HEADER_NAME = 'X-Mailman-R-Data' " to mm_cfg.py This will add a new header to each email, like this: X-Mailman-R-Data: Ym9ndXNzcGFtcmVwb3J0ZXJAY29tY2FzdC5uZXQ= > My next goal is to try VERP, and see if I can use that to find the habitual "mark as spam" folks on some Digest emails. Personalization doesn't work for Digests, but maybe VERP will? Again, thanks David Gibbs for sticking with me on this!! - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Finding list user in redacted FBL reports
On Tue, Aug 6, 2019 at 7:38 PM Grant Taylor via Mailman-Users < mailman-users@python.org> wrote: > On 8/5/19 10:14 PM, Scott Neader wrote: > > Hi all! I have a list member with a comcast.net email address that is > > marking most every list message as spam. I have Personalization enabled, > > and have the subscriber's email address in the footer, but Comcast > redacts > > the email address. Unfortunately, there are quite a few comcast.net > users > > on this list, making this really difficult to find the offender. > > Oy vey! > > > Do any of you have any ideas for me to identify this serial > > 'mark-as-spammer'? > > Are you using VERP? I would think that the VERP data would survive > Comcast's redaction. > I appreciate the suggestion, but VERP (as I understand it) changes the return-path. I do not get to see any headers, including return-path, other than the ones I mentioned (To, From, CC, BCC, Subject and the Body itself). So, I do not believe VERP will help. I need a way to put some clue about the recipient into the footer, when personalization is enabled. I've seen some past solutions where admins were successful in adding some type of hash or encoded version of the recipient's email address into the footer, but the steps to get that done were not shared. Open to other ideas. - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Finding list user in redacted FBL reports
On Tue, Aug 6, 2019 at 7:24 AM David Gibbs via Mailman-Users < mailman-users@python.org> wrote: > On Mon, Aug 5, 2019 at 11:40 PM Scott Neader wrote: > > Do any of you have any ideas for me to identify this serial > > 'mark-as-spammer'? Could I hack something together temporarily that > would > > put maybe the first few characters of their email in the footer? (so that > > Comcast won't sense it as an email and won't redact it?) Other ideas? > > Check out the RCPT_BASE64_HEADER_NAME setting in Defaults.py. That > will let you tag personalized & verped deliveries with the base64 > encoding of the recipient's email address. > Thanks, David! Unfortunately, Comcast does not supply the full email with headers. It only supplies the FROM, TO, CC, BCC, DATE and SUBJECT lines, plus the BODY. Unless I'm missing something... adding a new header won't help. Please correct me if I'm wrong, or if anyone has any ideas on getting this info into the footer. Here's an example Comcast FBL report. As you can see, full headers are not revealed. They even redact the name of the list, but based on the Subject line, that has been easy to determine. This is a Comcast Abuse Report for an email message received from domain > example.com, IP 1.2.3.4, on Tue, 06 Aug 2019 06:57:45 +. > > -- Forwarded message -- > From: Some User > To: c0821b696901c42c9a510bec8e5a3c17 < > c0821b696901c42c9a510bec8e5a3...@myserver.com> > Cc: > Bcc: > Date: Tue, 6 Aug 2019 06:57:45 + > Subject: [c0821b696901c42c9a510bec8e5a3c17] This is the Subject > Body Content is Here > > __ > c0821b696901c42c9a510bec8e5a3c17 mailing list > List Info: > http://myserver.com/mailman/listinfo/c0821b696901c42c9a510bec8e5a3c17 > Post: mailto:c0821b696901c42c9a510bec8e5a3...@myserver.com > Again, any ideas or help appreciated! - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Finding list user in redacted FBL reports
Hi all! I have a list member with a comcast.net email address that is marking most every list message as spam. I have Personalization enabled, and have the subscriber's email address in the footer, but Comcast redacts the email address. Unfortunately, there are quite a few comcast.net users on this list, making this really difficult to find the offender. I've read through the Mailman Users archives and have seen others with this problem, and it seems some of you have come up with your own creative solutions, but no solutions have been posted, hence my request here. Do any of you have any ideas for me to identify this serial 'mark-as-spammer'? Could I hack something together temporarily that would put maybe the first few characters of their email in the footer? (so that Comcast won't sense it as an email and won't redact it?) Other ideas? Thank you in advance! - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] digest_send_periodic not sending digests daily when set to Yes
Hi all. Running Mailman v2.1.26 on CentOS 6. When the list has digest_send_periodic set to Yes, and a size of 100kb, users are seeing digests with upwards of a week's worth of mail, if the list has been quiet. i.e. it seems to be respecting the 100kb limit, but not the digest_send_periodic setting as Yes (to send the digest daily, no matter the size.) I've confirmed that the senddigests cron runs every day at Noon. Any ideas on other things to check? - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Retention policy for archives
I love this idea. If anyone actually modifies the script to do this, please let me know. At the very least, it preserves the "history" that the message existed, along with the subject line. Sometimes, that is enough to be very helpful! - Scott On Tue, Jan 16, 2018 at 12:46 PM, Grant Taylor via Mailman-Users < mailman-users@python.org> wrote: > On 01/16/2018 11:17 AM, Mark Sapiro wrote: > >> The down side of this is each time you run it, the messages in the >> archive will be renumbered and prior saved URLs to archived messages will >> no longer work. >> > > It seems like it would be possible to augment the prune_arch script to add > place holder messages for pruned messages thus making sure that the prior > saved URLs would still be valid. I.e.: > > | From: Pruned> | To: Mail List > | Subject: Pruned > | Date: $originalDate > | > | This message has been pruned from the archive. > > I think that the ~160 bytes that each pruned message would consume would > be worth retaining the functionality of the prior saved URLs. > > Just my 2¢ worth. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Targeted attack against german universities using mailman
> > On May 9, 2017, at 8:17 AM, Sebastian Hagedorn> wrote: > > > > The bigger issue is that clearly the admin addresses of all lists were > scraped from the public listinfo pages. This means that the same thing > could happen again anytime. :-( > > On Tue, May 9, 2017 at 9:47 AM, Bryan Blackwell > wrote: > Some years ago I ran into this problem, we turned off all the "Advertise > this list" options and instead refer to them from other general info pages > for the group. That cut down the spam to the lists, admins, and -owners > addresses considerably. > Another option to help with the "listinfo admin email scraping" issue is to enable Moderation on the admin email address(es) that are listed on the public listinfo pages. So, regular members can post freely, but if the admin posts, he/she needs to approve their own post. If the admin is a regular poster he/she could create a forwarder of some type, and only list the forwarder as the admin (and moderate it), then subscribe to the list with their regular address and make that unmoderated. This way, they can post with their primary email address, but also receive any administrative emails. Hope this makes sense. - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] list-admin on gmail ?
On Fri, Mar 31, 2017 at 2:45 AM, Håkon Alstadheim via Mailman-Users < mailman-users@python.org> wrote: > I have a list administrator who is on gmail. Forwarding held spam-messages > to him does not work, since google rejects mail that has spam attached. Is > it possible to send notification of pending actions *without* attaching the > held message? Hi Håkon. This is an interesting question, and I'm interested in the answer. However, since your user happens to be using GMail, you DO have a good option to solve this: The approval emails will come from: FROM: listname-ow...@example.com The GMail user can simply create a "Filter" in GMail, that looks for messages "from:listname-ow...@example.com" and check the box that says "Never send it to Spam". Here's how: http://blog.simplelists.com/make-sure-real-emails-dont-get-sent-to-spam-gmail-2015/ - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] How to track down Digest spam reporter
We have a fairly active mailing list where at least one Hotmail user is marking every Digest message they receive as "spam". We receive the reports from Hotmail, but we have no way of knowing which subscriber is causing these spam reports (or we'd remove them, of course). Normally we can turn on "Personalization" and add the subscriber's email address to the footer... but this can't be done for Digests. Any other ideas on how we can track down this spam reporter and get them off the list, short of moving every Hotmail user off the digests? And, as a side question, I'm curious about the technical reasons why Personalization can't be available for Digests. Thanks, in advance! - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Recent trouble with DMARC Munging
On Tue, Jan 17, 2017 at 1:49 PM, Lindsay Haisleywrote: > Scott, I apologize to you, and to anyone else, if you feel that I was > looking down on you. It was not my intent. I have my opinions about > Linux and system administration, and they're not shared by everyone. > ... > Again, I'm sorry for any insult or offense to anyone on this list. > ...and I didn't intend to pin that on you... was more thanking Mark for being patient and understanding on this situation. But... apology certainly accepted, since you offered. Thanks! > Can I have some barbecue sauce on my crow ;) > Only if you'll share. I eat plenty of that fine cuisine myself. - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Recent trouble with DMARC Munging
On 01/17/2017 08:57 AM, Lindsay Haisley wrote: > > This all underscores the problems of relying on other people's > > organization, and the resulting dependency on other people's confusion > > that comes from blind reliance on über-packages (especially proprietary > > über-packages) such as cPanel which obfuscate and complicate solutions > > to simple problems. The following quoted "explanation", presumably from > > cPanel, is a perfect example. Exactly _which_ python DNS module are we > > talking about here? It's clear as mud! > On Tue, Jan 17, 2017 at 1:04 PM, Mark Sapirowrote: > Agreed, but such packaged solutions have a place. I don't know what > Scott's situation is or his reasons for using cPanel, but I know Brian > operates a shared hosting service, and I know from his participation on > this list that he is conscientious in providing good service to his > customers, and without something like cPanel, his business might not be > viable. Same situation as Brian... we are a provider of shared hosting services (since 1996). Like Brian's business, we also strive to provide excellent service to our customers, which drove me to dig into this situation. You are correct that we'd have no business, without a "control panel" for our hosting customers to use. cPanel does an outstanding job, considering all the piece-parts that come together... their 'eco-system' is normally very reliable and well tested. I also am a list owner of several lists, and was personally seeing the effects of the lack of munging. Thanks for your support and understanding, Mark, and especially for not making us feel bad or looking down upon us for utilizing such a control panel system to support our customers and their myriad needs. - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Recent trouble with DMARC Munging
On Mon, Jan 16, 2017 at 9:37 PM, Mark Sapiro <m...@msapiro.net> wrote: > On 01/16/2017 07:29 PM, Scott Neader wrote: > > On Mon, Jan 16, 2017 at 12:23 PM, Mark Sapiro <m...@msapiro.net> wrote: > > > >> Also, in this case try > >> > >> python -c "import dns.resolver" > >> > >> to see if it reports any error. > >> > > > > Yes... not good results: > > > > # python -c "import dns.resolver" > > Traceback (most recent call last): > > File "", line 1, in > > ImportError: No module named dns.resolver > > > If this is cPanel, it is almost certainly a bad cPanel update, but see > the posts at > <https://mail.python.org/pipermail/mailman-users/2017-January/081826.html> > and > <https://mail.python.org/pipermail/mailman-users/2017-January/081827.html > >. > > Basically, your installation lost the dnspython module > <https://pypi.python.org/pypi/dnspython/1.15.0> and you need to > reinstall it. Thanks, Mark. I'm opening a ticket with cPanel and will share the results with the group. I appreciate you narrowing down the problem! - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Recent trouble with DMARC Munging
I'm using Mailman version 2.1.23. Since late 2014, I've been successfully using the "Munge From" option under Privacy Options > Sender filters > "Action to take when anyone posts to the list from a domain with a DMARC Reject/Quarantine Policy." Mail from users using AOL, Yahoo and others with a DMARC policy of quarantine or reject had the FROM field munged: FROM: John Doebecomes FROM: John Doe via Listname Again, this has been working GREAT for over two years. Now, mysteriously, this has stopped working. When yahoo.com or AOL.com users post to our lists, the Munging is not working. When I query for a DMARC record from the mail server, it can see the record, so I think it's not a resolver issue. I'm really stumped... any pointers/ideas on where to look would be greatly appreciated! - Scott -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] problem with Digest options
I had this same problem on a cPanel server. Turned out to be the mailman cron job was disappearing... was traced to a problem in a cPanel update script. Not sure if you are running cPanel or not. If you are, you should upgrade cPanel, as this problem has been fixed for about a month or so. If you are not running cPanel, then you might still check your mailman cron job. - Scott --- Scott Neader, Owner QTH.com - Internet Solutions http://www.QTH.com [EMAIL PROTECTED] At 07:30 AM 7/27/2004 -0400, you wrote: I submitted a post to [EMAIL PROTECTED] Saturday and it appeared in the Archive. However, it was not sent out to the Digest mailing list until I triggered its so doing manually. However,in the Digest options I have the item checked for it to send out the digest daily even if the messages do not meet the limit. we are running 2.14 -- Joseph Cain [EMAIL PROTECTED] (850) 385-0227 or fax after prior call to setup http://www.tfn.net/~cain -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/