#9523 Amount of spam received through @fedoraproject.org alias increased greatly
Opened a month ago by ttorcz. Modified 15 days ago

Describe what you would like us to do:

Sometime during this year I've started to receive noticeable amount of spam email messages, relayed through Fedora servers. The spam is sent to my ttorcz@fedoraproject.org alias.

Please check anti-spam measures on Fedora email servers. Something clearly stopped to work, as I was not receiving such spam in previous years.

I only have mail logs reaching back 3 months, but I can confirm the spam is a daily occurence:

LC_ALL=C LANG=C journalctl -u postfix | grep ttorcz=fedor | cut -f1,2 -d" " | uniq -c
5 Oct 31
10 Nov 01
10 Nov 02
6 Nov 03
6 Nov 04
7 Nov 09
9 Nov 10
10 Nov 11
9 Nov 12
8 Nov 13
8 Nov 14
1 Nov 17
8 Nov 18
5 Nov 19
4 Nov 20
3 Nov 21
5 Nov 22
10 Nov 23
10 Nov 24
9 Nov 25
8 Nov 26
9 Nov 27
8 Nov 28
8 Nov 29
9 Nov 30
8 Dec 01
9 Dec 02
6 Dec 03
9 Dec 04
11 Dec 05
9 Dec 06
5 Dec 07
12 Dec 08
9 Dec 09
1 Dec 10

(first digit is number of spam messages received through Fedora on that day).

This is an example of spam message:
Oct 31 16:11:49 mother.pipebreaker.pl postfix/qmgr[279868]: C5425650971C: from=overstock_wines_splash_wines-ttorcz=fedoraproject.org@feelingaboutyourself.com, size>

As you can see in forged "from", "ttorcz=fedoraproject.org" is an alias of my FAS account. You can grep you maillogs for this token to uncover the spam pattern.

When do you need this to be done by? (YYYY/MM/DD)

ASAP? ;)

Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, medium-trouble, ops

a month ago

So Fedora does not have any spam checking on its forwarding mail servers and hasn't had any. The spam checking for fedoraproject.org domains is done as always via Red Hat (since at least 2008). Emails go through the MX records for redhat, through multiple spam check tools and then to the bastion servers which relay it out.

The last time spam started showing in numbers, it was caused because a developer complained that they were losing kernel.org or similar development list emails and so things were tuned down for @fedoraproject.org mailing lists. I will ask what changes were made and see what can be done to fix.

Metadata Update from @smooge:
- Issue assigned to smooge

a month ago

@ttorcz Could you collect some of these and put them in a tar ball to add to this ticket. The internal teams need to see what is not getting found. [And would need times etc to know when it slipped through.]

Thanks i will pass these on to the internal mail team.

Has this gotten any better/worse? I am not sure what we can really do here aside from asking redhat.com admins to try and filter fedoraproject.org email more heavily. ;(

Slightly better; numbers for the last week:
2 Jan 01
2 Jan 02
0 Jan 03
3 Jan 04
4 Jan 05
2 Jan 06

It was 6-10 spams daily in November.
I've "fixed" the problem on my side by filtering mails with "ttorcz=fedoraproject.org@" in From: field, but it doesn't address the root cause.

Login to comment on this ticket.

Boards 1
ops Status: Backlog
Attachments 1
Attached a month ago View Comment