fedora-infrastructure

Clone
Source Code
GIT

#9610 fedora list owners getting hit with filter-evading spam
Closed: Fixed 3 years ago by kevin. Opened 3 years ago by mattdm.

Closed: Fixed
Reopen Issue

I think the empty "To" line is doing it? Can we filter these out and /dev/null them earlier somehow?

Example below.

Return-Path: <announce-bounces+mattdm=fedoraproject.org@lists.fedoraproject.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on disco.bu.edu
X-Spam-Status: No, score=3.9 required=5.0 tests=BAYES_50,BODY_8BITS,
        BOGO_T25_UNKN_CLOSE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FORGED_HOTMAIL_RCVD2,
        FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
        HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS
        autolearn=no autolearn_force=no version=3.4.0
X-Spam-Level: xxx
X-Original-To: mattdm@mattdm.org
Delivered-To: mattdm@disco.bu.edu
Received: from bastion.fedoraproject.org (bastion-iad01.fedoraproject.org [38.145.60.11])
        by disco.bu.edu (Postfix) with ESMTP id 3C06BB89DDAD
        for <mattdm@mattdm.org>; Fri, 29 Jan 2021 02:48:23 -0500 (EST)
Received: by bastion01.iad2.fedoraproject.org (Postfix)
        id 4D45C30BBFBC; Fri, 29 Jan 2021 07:48:20 +0000 (GMT)
Delivered-To: mattdm@fedoraproject.org
Received: from mailman01.iad2.fedoraproject.org (mailman01.iad2.fedoraproject.org [10.3.163.57])
        by bastion01.iad2.fedoraproject.org (Postfix) with ESMTP id 9150C30004C8
        for <mattdm@fedoraproject.org>; Fri, 29 Jan 2021 07:48:19 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bastion01.iad2.fedoraproject.org 9150C30004C8
Authentication-Results: bastion01.iad2.fedoraproject.org;
        dkim=pass (2048-bit key) header.d=hotmail.com header.i=@hotmail.com header.b="fwjvgkzC"
Received: from mailman01.iad2.fedoraproject.org (localhost [IPv6:::1])
        by mailman01.iad2.fedoraproject.org (Postfix) with ESMTP id 8DDA776CA1E6D
        for <mattdm@fedoraproject.org>; Fri, 29 Jan 2021 07:48:19 +0000 (UTC)
Received: by mailman01.iad2.fedoraproject.org (Postfix, from userid 991)
        id 22DA076CA1E6D; Fri, 29 Jan 2021 07:48:17 +0000 (UTC)
Received: from smtp-mm-cc-rdu01.fedoraproject.org (smtp-mm-cc-rdu01.vpn.fedoraproject.org [192.168.1.55])
        by mailman01.iad2.fedoraproject.org (Postfix) with ESMTP id D484576CA1E6C
        for <announce-owner@lists.fedoraproject.org>; Fri, 29 Jan 2021 07:48:13 +0000 (UTC)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-oln040092253056.outbound.protection.outlook.com [40.92.253.56
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK))
        by smtp-mm-cc-rdu01.fedoraproject.org (Postfix) with ESMTPS id 0E647306A3AC
        for <announce-owner@lists.fedoraproject.org>; Fri, 29 Jan 2021 07:48:12 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=R+JMIi0w63yqN2hT6G+cSX6FBRej1889daUPF9SiIAXmKun4jIeWiA6wAtV43NwdV3NfjsMJhyLb6uU2gQHYFpes9lnLyZcLaGeblIgIYBO6JtAzOw+cIT+8kSWkI
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OmcltUOwOiNfqY6QO/vC/WUSfOgA4j2rwjiIa2EZnQw=;
 b=F9Sfza4hgcu6QD8yBYQ5/3wtGcg6V0ETrApT49vnabY796tzWk6/b1YDuDtbyCyVLhHOep3eZ4/MBcyhHPknqlWm4dL7Usd5QVLGfiDcuq2FK2cqPNiCRswJYSSNV
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OmcltUOwOiNfqY6QO/vC/WUSfOgA4j2rwjiIa2EZnQw=;
 b=fwjvgkzCPfy+i8OWiDJ5NNG+GiAdp5LB5rnTC9reJvrytrIbG59bKGq4FBreH8C3aOEBL/6vPpGbcsJgBxm749zVws46PO6/IU4AMXRWUDXfAWJ8RzaLPJuJiwb7q
Received: from HK2APC01FT015.eop-APC01.prod.protection.outlook.com
 (2a01:111:e400:7ebc::4d) by
 HK2APC01HT198.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::257)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.11; Fri, 29 Jan
 2021 07:46:23 +0000
Received: from ME1PR01MB1857.ausprd01.prod.outlook.com (10.152.248.56) by
 HK2APC01FT015.mail.protection.outlook.com (10.152.248.167) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3784.11 via Frontend Transport; Fri, 29 Jan 2021 07:46:23 +0000
X-IncomingTopHeaderMarker: 
 OriginalChecksum:DCB4BC76D8D88F3FDD8783F9F52327423D431DFB33243A522BDE2547739CB56E;UpperCasedChecksum:50E5A8C641D8D50F57D3B5C3D1
Received: from ME1PR01MB1857.ausprd01.prod.outlook.com
 ([fe80::6d83:d723:4402:1e8b]) by ME1PR01MB1857.ausprd01.prod.outlook.com
 ([fe80::6d83:d723:4402:1e8b%8]) with mapi id 15.20.3805.019; Fri, 29 Jan 2021
 07:46:22 +0000
From: accel <theseseaebibf@hotmail.com>
To: 
Subject: accel
Date: Fri, 29 Jan 2021 15:46:03 +0800
Message-ID: 
 <ME1PR01MB18571A087D035F6DDF0B1771BDB99@ME1PR01MB1857.ausprd01.prod.outlook.com>
Content-Type: multipart/related;
        boundary="----=_NextPart_000_0BEB_01318F4C.1CC11440"
X-Mailer: Microsoft Outlook 16.0
X-TMN: [7aRYe+dTN+y63UHhqQD9/3KuamH7yS5r]
X-ClientProxiedBy: HK0PR01CA0058.apcprd01.prod.exchangelabs.com
 (2603:1096:203:a6::22) To ME1PR01MB1857.ausprd01.prod.outlook.com
 (2603:10c6:200:21::11)
X-Microsoft-Original-Message-ID: <00f662d687c4$b910d398$9ce5cc76$@oosr>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from oosr (222.67.186.87) by HK0PR01CA0058.apcprd01.prod.exchangelabs.com (2603:1096:203:a6::22) with Microsoft SMTP S
X-MS-PublicTrafficType: Email
X-IncomingHeaderCount: 43
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-Correlation-Id: cd0771bb-73c9-4bdc-85f0-08d8c429f570
X-MS-TrafficTypeDiagnostic: HK2APC01HT198:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
        b39lW0gAFvdsQZKVQnM0goAxn/zhgtG0Wx7FcUrtwiALeJmhgg5GaFNXJeVCHWlCDcX+z2vz6iVVRqyW79iB3JapNsWh/wAibg9WTdnFLBxPg7ITPcVJy1TX
X-MS-Exchange-AntiSpam-MessageData: 
        YhyIMgCodgfd/qxFQbtZLCeEbpKBsfgdUluInvQQPxGza8BUiQjGM15ZrgQPrs1GFzeN/8vH42Xuj8m1ZUhoyOkEZ9n8Klslvv3ubjEN9JBAlPYpzLUHeK+R
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cd0771bb-73c9-4bdc-85f0-08d8c429f570
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2021 07:46:22.7551
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource: 
        HK2APC01FT015.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
        00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT198
Message-ID-Hash: BPPSI4YUW4FTZLM7HEMDGGOWR7FQNB4D
X-Message-ID-Hash: BPPSI4YUW4FTZLM7HEMDGGOWR7FQNB4D
X-MailFrom: theseseaebibf@hotmail.com
X-Bogo25: U 0.985864

------=_NextPart_000_0BEB_01318F4C.1CC11440
Content-Type: multipart/alternative;
        boundary="----=_NextPart_001_03B7_01318F4C.1CC11440"

------=_NextPart_001_03B7_01318F4C.1CC11440
Content-Type: text/plain;
        charset="utf-8"

That is an email telling you as the list owner what it did on your behalf. Someone tried to send an email which was bounced and the email system alerted you in case it should not have been bounced. So it killed the email and sent announce-bounces+mattdm=fedoraproject.org@lists.fedoraproject.org its action.

I do not think we do much filtering on this because any filtering always ends up causing someone else to say 'that wasn't spam that was an important way I have always sent emails to XYZ list.' or 'that was a legitimate patch why did you mark it as anything else.'

That said, we need to rethink how all our mailing lists are done as the current system is running a beta and has a large technical debt. It needs a team of people to keep it working in Fedora versus the herculean work on 1-2 people.

Metadata Update from @smooge:
- Issue tagged with: lists, medium-gain, medium-trouble, ops
3 years ago

Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
3 years ago

I think we do filter these on spamassassin, but it looks like it passed though another spamassassin (which would have overwritten the headers).

Are you still getting these? Do they all lack anything in To: ?

It seems like they are bccing the list and leaving To: blank, which I suppose is valid, but anoying.

Let us know if you are still having an issue with these...

Metadata Update from @kevin:
- Issue close_status updated to: Insufficient data
- Issue status updated to: Closed (was: Open)
3 years ago

Seems to have settled down, or else my spamassassin caught on and is zapping them. Either way leaving closed is ok.

Issue status updated to: Open (was: Closed)
3 years ago

Issue status updated to: Closed (was: Open)
Issue close_status updated to: Fixed
3 years ago

Login to comment on this ticket.

Metadata
None

ops medium-gain medium-trouble lists

None
None
Waiting on Assignee
Boards 1
ops Status: Done
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.