Re: [Mailman-Users] About Spam Filtering
Hello, $ bin/config_list -o - REGISTER | grep -A20 header_filter_rules header_filter_rules = [('^X-Mailer: (?!Microsoft Outlook .*)$', 7, False), ('^X-Mailer-LID: .*$', 3, False), ('^X-Mailer-RecptId: .*$', 3, False), ('^X-Mailer-SID: .*$', 3, False), ('^X-Mailer-Sent-By: .*$', 3, False), ('^X-Spam-Status: Yes.*$', 3, False), ('^X-Spam-Flag: YES', 3, False), ('^X-Virus-Status: Yes', 3, False), ('^X-Bogosity-Metu: Yes', 3, False)] # Use this option to prohibit posts according to specific header values. # The target value is a regular-expression for matching against the # specified header. The match is done disregarding letter case. Lines # beginning with '#' are ignored as comments. # # For example:to: .*@public.com says to hold all postings with a To: # mail header containing '@public.com' anywhere among the addresses. # # Note that leading whitespace is trimmed from the regexp. This can be # circumvented in a number of ways, e.g. by escaping or bracketing it. bounce_matching_headers = '' ## Bounce options # # These policies control the automatic bounce processing system in # Mailman. Here's an overview of how it works. # # pWhen a bounce is received, Mailman tries to extract two pieces of # information from the message: the address of the member the message --- I will post the logs a few days later, just to make sure that it has the needed info. Thanks, On 02/06/2013 06:24 PM, Mark Sapiro wrote: METU E-List Admin wrote: ^X-Mailer: (?!Microsoft Outlook .*)$ has single spacing between the colon and the parenthesis. The screenshot is taken using Chrome on Ubuntu. The screenshot is problematic for the reason that it is incomplete. The whole page is not shown and the content of some of the text boxes is longer than the box. It would be much better to post something like the relevant part of bin/config_list -o - LISTNAME | grep -A20 header_filter_rules to provide this information. We have removed the Mailman version number using the configuration file. I think that configuration also removes the version number from the headers. If it is a problem, we can convert it to the original state. I don't think this would be a problem. The question still remains as to why your header_filter_rules rule is apparently not working. You could try applying the attached patch to Mailman/Handlers/SpamDetect.py and restarting Mailman. This will produce a 'debug' log in Mailman's logs/ directory with information about all the header_filter_rules hits which may help find what's going wrong. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
METU E-List Admin wrote: $ bin/config_list -o - REGISTER | grep -A20 header_filter_rules header_filter_rules = [('^X-Mailer: (?!Microsoft Outlook .*)$', 7, This regexp won't work. The negative lookahead does not advance the current position so your regexp says look for 'X-Mailer: ' at the beginning of the line not followed by 'Microsoft Outlook .*' but followed immediately by the end of the line, so it will only match a header like 'X-Mailer: ' not followed by anything. What you want is ^X-Mailer: (?!Microsoft Outlook .*).*$ or just ^X-Mailer: (?!Microsoft Outlook .*) or maybe even just ^X-Mailer: (?!Microsoft Outlook ) -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
Thank you for your support. I have changed the regexp to ^X-Mailer: (?!Microsoft Outlook .*).*$ and I will watch for the next emails. I will also watch for the logs for a few days, then revert back to original file. Thanks On 02/12/2013 08:37 AM, Mark Sapiro wrote: METU E-List Admin wrote: $ bin/config_list -o - REGISTER | grep -A20 header_filter_rules header_filter_rules = [('^X-Mailer: (?!Microsoft Outlook .*)$', 7, This regexp won't work. The negative lookahead does not advance the current position so your regexp says look for 'X-Mailer: ' at the beginning of the line not followed by 'Microsoft Outlook .*' but followed immediately by the end of the line, so it will only match a header like 'X-Mailer: ' not followed by anything. What you want is ^X-Mailer: (?!Microsoft Outlook .*).*$ or just ^X-Mailer: (?!Microsoft Outlook .*) or maybe even just ^X-Mailer: (?!Microsoft Outlook ) -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
METU E-List Admin wrote: ^X-Mailer: (?!Microsoft Outlook .*)$ has single spacing between the colon and the parenthesis. The screenshot is taken using Chrome on Ubuntu. The screenshot is problematic for the reason that it is incomplete. The whole page is not shown and the content of some of the text boxes is longer than the box. It would be much better to post something like the relevant part of bin/config_list -o - LISTNAME | grep -A20 header_filter_rules to provide this information. We have removed the Mailman version number using the configuration file. I think that configuration also removes the version number from the headers. If it is a problem, we can convert it to the original state. I don't think this would be a problem. The question still remains as to why your header_filter_rules rule is apparently not working. You could try applying the attached patch to Mailman/Handlers/SpamDetect.py and restarting Mailman. This will produce a 'debug' log in Mailman's logs/ directory with information about all the header_filter_rules hits which may help find what's going wrong. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan --- test-mailman-2.1/Mailman/Handlers/SpamDetect.py 2012-02-05 13:28:46.0 -0800 +++ test-mailman/Mailman/Handlers/SpamDetect.py 2013-02-06 08:16:35.390728500 -0800 @@ -34,6 +34,7 @@ from Mailman import i18n from Mailman.Utils import GetCharSet from Mailman.Handlers.Hold import hold_for_approval +from Mailman.Logging.Syslog import syslog try: True, False @@ -107,6 +108,7 @@ if not pattern.strip(): continue if re.search(pattern, headers, re.IGNORECASE|re.MULTILINE): +syslog('debug', 'pattern: %s\naction: %s', pattern, action) if action == mm_cfg.DISCARD: raise Errors.DiscardMessage if action == mm_cfg.REJECT: -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
On 1/30/2013 11:42 PM, METU E-List Admin wrote: The message was addressed to the list address. The email address I have registered is not the owner of the list. The message headers are: [...] X-BeenThere: fethiy...@googlegroups.com I don't know why it would matter, but it seems your regis...@metu.edu.tr list a member of this fethiy...@googlegroups.com google group. Do you want that? Is all the problem mail coming via that google group? Do you have any list settings to allow mail from that group? However, if you haven't reordered the pipeline for this list, SpamDetect which processes header_filter_rules comes first and should take precedence. [...] X-Mailer: Microsoft CDO for Windows 2000 It's hard to see from your jpeg image, but is it possible that your ^X-Mailer: (?!Microsoft Outlook .*)$ actually contains more than one space after the colon? [...] X-Mailman-Version: Odd that this is empty ... Reply-To: fethiy...@googlegroups.com [...] -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
I have added ^X-Mailer: (?!Microsoft Outlook .*)$ as the first rule and set to Hold according to your instructions. I tried to block all mails except the mails from MS Outlook. However today, I received an email with header like: X-Mailer: Microsoft CDO for Windows 2000 I couldn't understand why this header did not go to pending moderator requests. On 01/30/2013 12:33 AM, Mark Sapiro wrote: METU E-List Admin wrote: In some of our lists, we are receiving excessive spam messages. We analyzed the spam messages and found that they have similar headers. As a result, we developed the following list: ^X-Mailer: (?!Microsoft Outlook .*)$ ^X-mailer: .*$ This includes the one above it. ^X-Mailer-LID: .*$ ^X-Mailer-RecptId: .*$ ^X-Mailer-SID: .*$ ^X-Mailer-Sent-By: .*$ ^X-Spam-Status: Yes.*$ ^X-Spam-Flag: YES ^X-Virus-Status: Yes We don't want to receive any mails from external mail systems, only real persons can send emails. We enter this list to the bounce_matching_headers part (in the admin panel, under Spam Filtering). bounce_matching_headers doesn't work that way. See the '(Details for bounce_matching_headers' link. Regexps like the above should go in header_filter_rules with an appropriate action. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
METU E-List Admin wrote: I have added ^X-Mailer: (?!Microsoft Outlook .*)$ as the first rule and set to Hold according to your instructions. I tried to block all mails except the mails from MS Outlook. However today, I received an email with header like: X-Mailer: Microsoft CDO for Windows 2000 I couldn't understand why this header did not go to pending moderator requests. Was the message addressed to the list address or to the list-owner address? header_filter_rules with Hold action are not applied to -owner mail. If this doesn't explain it, please post the entire content of header_filter_rules and the full headers of the message you received. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] About Spam Filtering
The message was addressed to the list address. The email address I have registered is not the owner of the list. The message headers are: Return-Path: register-boun...@metu.edu.tr X-Original-To: bin...@metu.edu.tr Delivered-To: bin...@metu.edu.tr Received: from abdera.general.services.metu.edu.tr (abdera.general.services.metu.edu.tr [144.122.144.135]) by arikanda.general.services.metu.edu.tr (Postfix) with ESMTP id 8BA8C4D92; Wed, 30 Jan 2013 14:46:03 +0200 (EET) Received: from abdera.general.services.metu.edu.tr (localhost [127.0.0.1]) by abdera.general.services.metu.edu.tr (Postfix) with ESMTP id 1B5F13A46F; Wed, 30 Jan 2013 14:46:03 +0200 (EET) X-Original-To: regis...@mailman.metu.edu.tr Delivered-To: regis...@mailman.metu.edu.tr Received: from arikanda.general.services.metu.edu.tr (arikanda.general.services.metu.edu.tr [144.122.144.179]) by abdera.general.services.metu.edu.tr (Postfix) with ESMTP id 5D9133A328 for regis...@mailman.metu.edu.tr; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Received: by arikanda.general.services.metu.edu.tr (Postfix) id 2A20D5153; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Delivered-To: regis...@metu.edu.tr Received: from varya.cc.metu.edu.tr (varya.general.services.metu.edu.tr [144.122.145.141]) by arikanda.general.services.metu.edu.tr (Postfix) with ESMTP id 118DF4D11; Wed, 30 Jan 2013 14:45:31 +0200 (EET) Received: from mail-wi0-f186.google.com (mail-wi0-f186.google.com [209.85.212.186]) by varya.cc.metu.edu.tr (Postfix) with ESMTP id 0C2D560099; Wed, 30 Jan 2013 14:45:29 +0200 (EET) Received: by mail-wi0-f186.google.com with SMTP id hq4sf574786wib.23 for multiple recipients; Wed, 30 Jan 2013 04:45:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=x-received:x-beenthere:x-received:x-received:x-received :received-spf:thread-topic:thread-index:reply-to:from:sender:to :subject:date:organization:message-id:mime-version:x-mailer :importance:priority:x-mimeole:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-google-group-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe:content-type:content-class; bh=FdFbVDlNean5sSj9PA4NFtgR31tbLrE1ohLudRAmxjE=; b=dSsb+1QyDzJizefQgoPTQ9XXbJ8CjcaUTuf2tNPEN8JABqO81ca6HMXByOZEzF46HB bdx52DmaQUAewajjVREM4bXpHrlVR7xQaLRgo8bRtjj5LgTqUqwJYJ4DTSXWkfUGNmEM 1fbE4T7vT6RtKJcgJQZDSEJFXvJHKRzGx4im1KgJgm6luN/CMA0tKOhYhdsgGFhwWLQM a0SdH4bAKAQQHwe+hpvMLgY+ZKblGyi6FEKJruIgpe6hgQZkhAPOL7hSWYobuTJf+97G /1G6FhSRNzVtXK4AAOz+CFtLN6UhC1mzU4IDYGOKdVDiLih/4vcEps9iF8BcsAzeKC0v SBjQ== X-Received: by 10.180.88.231 with SMTP id bj7mr442627wib.5.1359549928950; Wed, 30 Jan 2013 04:45:28 -0800 (PST) X-BeenThere: fethiy...@googlegroups.com Received: by 10.180.91.46 with SMTP id cb14ls409844wib.10.gmail; Wed, 30 Jan 2013 04:45:06 -0800 (PST) X-Received: by 10.180.19.66 with SMTP id c2mr1471014wie.6.1359549906477; Wed, 30 Jan 2013 04:45:06 -0800 (PST) Received: by 10.194.71.193 with SMTP id x1mswju; Wed, 30 Jan 2013 04:43:54 -0800 (PST) X-Received: by 10.204.4.217 with SMTP id 25mr299939bks.1.1359549827269; Wed, 30 Jan 2013 04:43:47 -0800 (PST) X-Received: by 10.204.4.217 with SMTP id 25mr299938bks.1.1359549827241; Wed, 30 Jan 2013 04:43:47 -0800 (PST) Received: from forward1.mail.yandex.net (forward1.mail.yandex.net. [2a02:6b8:0:602::1]) by gmr-mx.google.com with ESMTP id s1si6897bkt.3.2013.01.30.04.43.47; Wed, 30 Jan 2013 04:43:47 -0800 (PST) Received-SPF: neutral (google.com: 2a02:6b8:0:602::1 is neither permitted nor denied by domain of sum...@tatilkampanyasi.com) client-ip=2a02:6b8:0:602::1; Received: from smtp2.mail.yandex.net (smtp2.mail.yandex.net [77.88.46.102]) by forward1.mail.yandex.net (Yandex) with ESMTP id 01FF5124247B for fethiy...@googlegroups.com; Wed, 30 Jan 2013 16:42:43 +0400 (MSK) Received: from smtp2.mail.yandex.net (localhost [127.0.0.1]) by smtp2.mail.yandex.net (Yandex) with ESMTP id DBFA8E20611 for fethiy...@googlegroups.com; Wed, 30 Jan 2013 16:42:43 +0400 (MSK) Received: from 37-123.96-67.salay.com.tr (37-123.96-67.salay.com.tr [37.123.96.67]) by smtp2.mail.yandex.net (nwsmtp/Yandex) with ESMTP id gee8SK65-ggeagdsL; Wed, 30 Jan 2013 16:42:42 +0400 Thread-Topic: =?iso-8859-9?Q?G=FCn=FCbirlik_Kartepe_Turu_39_TL_/_G=FCn=FCbirlik_U?= =?iso-8859-9?Q?luda=F0_Turu__55_TL_/_Haftasonu_Tek_Gece_Kartepe_349_TL?= thread-index: Ac3+50nGprLpO0AYQHSkem91XQB4DQ== From: KayakTurunuz.com sum...@tatilkampanyasi.com To: fethiy...@googlegroups.com Date: Wed, 30 Jan 2013 14:42:39 +0200 Organization: http://www.tatilkampanyasi.com Message-ID: A9C0D628767B41BC8A1EBF7AB208CED4@WINQWZB03J61IN MIME-Version: 1.0 X-Mailer: Microsoft CDO for Windows 2000 Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18645
Re: [Mailman-Users] About Spam Filtering
METU E-List Admin wrote: In some of our lists, we are receiving excessive spam messages. We analyzed the spam messages and found that they have similar headers. As a result, we developed the following list: ^X-Mailer: (?!Microsoft Outlook .*)$ ^X-mailer: .*$ This includes the one above it. ^X-Mailer-LID: .*$ ^X-Mailer-RecptId: .*$ ^X-Mailer-SID: .*$ ^X-Mailer-Sent-By: .*$ ^X-Spam-Status: Yes.*$ ^X-Spam-Flag: YES ^X-Virus-Status: Yes We don't want to receive any mails from external mail systems, only real persons can send emails. We enter this list to the bounce_matching_headers part (in the admin panel, under Spam Filtering). bounce_matching_headers doesn't work that way. See the '(Details for bounce_matching_headers' link. Regexps like the above should go in header_filter_rules with an appropriate action. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org