Re: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?)

2019-04-06 Thread Stephen J. Turnbull 
Grant Taylor via Mailman-Users writes:

 > Note:  SPF by itself won't do anything to protect against From: header 
 > spoofing.

Sure, but if configured correctly, it gives you exactly the
information you need.  The problem with SPF is that a lot of header
spoofing is legitimate (at least from the point of view of the
sender).  For example, using your school address as From on your Gmail
account.

 > I would suggest that you also look into DKIM and particularly DMARC
 > filtering.

These don't help with the fundamental problem of host-based sender
authentication.  You still need to use a school MTA to send mail with
your school address, and that often sucks from the point of view of
the users.

If Valentin is willing to enforce that (in my experience, pretty
draconian) restriction, SPF is good enough for the application at
hand, DKIM is more robust against many kinds of forwarding.  DMARC
policy (other than "none") is likely a disaster in an educational
setting.

Steve

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?)

2019-04-05 Thread Grant Taylor via Mailman-Users 

On 4/5/19 11:59 AM, Valentin Schwarze via Mailman-Users wrote:
Are there any settings that we as administrators of the list could 
change to end that behavior? For example, is it possible in any way, 
that Mailman only accepts emails that passed a SPF check? Or any other 
option to prevent email with forged sender adresses to be distributed 
through the mailman list?


As Mark and Carl have stated, you are better off implementing email 
hygiene in your MTA and only passing clean messages to Mailman.


Note:  SPF by itself won't do anything to protect against From: header 
spoofing.  I would suggest that you also look into DKIM and particularly 
DMARC filtering.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?)

2019-04-05 Thread Carl Zwanzig 

On 4/5/2019 10:59 AM, Valentin Schwarze via Mailman-Users wrote:

 We happend to have some spam
issues on our mailman lists. These spammers were able to send emails on
our lists through mail spoofing (only faking the From: field in the
header is sufficient to get accepted). 


Do you have any mail/virus scanning in the pipeline before mailman? They're 
usually better tools for the job.



PS: Used Mailman Version isĀ 2.1.18


Consider upgrading to the current version, too.

(Looks like Mark just posted about this, too.)

z!
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?)

2019-04-05 Thread Mark Sapiro 
On 4/5/19 10:59 AM, Valentin Schwarze via Mailman-Users wrote:
> 
> I am the administrator of some mailman lists of the student 
> self-administration of our university. We happend to have some spam issues on 
> our mailman lists. These spammers were able to send emails on our lists 
> through mail spoofing (only faking the From: field in the header is 
> sufficient to get accepted). With a faked sender email adress, which was in 
> accept_these_nonmembers of the list, they were to send spam mails on the 
> lists.
> 
> Are there any settings that we as administrators of the list could change to 
> end that behavior? For example, is it possible in any way, that Mailman only 
> accepts emails that passed a SPF check? Or any other option to prevent email 
> with forged sender adresses to be distributed through the mailman list?


These kinds of tests are better implemented in the incoming MTA before
the mail ever gets to Mailman.

Mailman itself, without code modification or implementation of a custom
handler (see ), has no way to check
things like SPF.

You can use Privacy options... -> Spam filters ->
header_filter_rules to take various actions based on regexp matches
against message headers. This can be useful if you can identify things
that separate the spam from the ham. Also, if you want to do certain
tests in the MTA, but not reject the mail at SMTP time, you can have the
MTA add a header which is checked by header_filter_rules.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org