Handling of SPAM mails in mailman3 - Check for X-Spam Header
Hi,
we migrated successfully to mailman3 so far. I have some questions regarding handling of SPAM mails in mailman, this is the second question:
Such SPAM mails are currently hold for moderation with reason "not from a list member". Is there no check for the "X-Spam: Yes" header or is this check done later? I would prefer that a check for such a header is done first and is reported as the reason. Which is IMHO a very important information. Or maybe show "This is detected as SPAM" in big bold red letters in a new column in the list of mails to moderate for such a mail. Maybe there is more eye-candy solution for it.
Sometimes mail accounts of allowed users are hacked and we do not want spread SPAM accidently. On my setup all mails are checked by rspamd before local delivery and I see that the "X-Spam" header is set for such mails. So even mails from allowed members with header "X-Spam: Yes" should be hold for moderation. Maybe this is already the case, did not gave it a try yet.
Best regards Torge
On 1/16/20 10:51 AM, Torge Riedel wrote:
Such SPAM mails are currently hold for moderation with reason "not from a list member". Is there no check for the "X-Spam: Yes" header or is this check done later?
If you set a Header Filter (in Postorius the Header filters tab) those checks are done before non-member moderation.
This won't work for posts from members because the header checks are done between member moderation checks and non-member moderation checks, but if you create a Header Filter for header 'x-spam' and pattern 'yes' with action hold, a message from a non-member which has an X-Spam: Yes header should be held for that reason.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am 16.01.20 um 21:43 schrieb Mark Sapiro:
On 1/16/20 10:51 AM, Torge Riedel wrote:
Such SPAM mails are currently hold for moderation with reason "not from a list member". Is there no check for the "X-Spam: Yes" header or is this check done later?
If you set a Header Filter (in Postorius the Header filters tab) those checks are done before non-member moderation.
This won't work for posts from members because the header checks are done between member moderation checks and non-member moderation checks, but if you create a Header Filter for header 'x-spam' and pattern 'yes' with action hold, a message from a non-member which has an X-Spam: Yes header should be held for that reason.
Hi Mark,
thank you for your answer. Just to understand that right: In case a posting with an "X-Spam: Yes" header comes from a member, it will not be held? It will be directly forwarded to the list?
If yes, is there any chance to change or extend this?
Best regards Torge
On 1/18/20 6:58 AM, Torge Riedel wrote:
Am 16.01.20 um 21:43 schrieb Mark Sapiro:
This won't work for posts from members because the header checks are done between member moderation checks and non-member moderation checks, but if you create a Header Filter for header 'x-spam' and pattern 'yes' with action hold, a message from a non-member which has an X-Spam: Yes header should be held for that reason.
Hi Mark,
thank you for your answer. Just to understand that right: In case a posting with an "X-Spam: Yes" header comes from a member, it will not be held? It will be directly forwarded to the list?
No. I apologize for being unclear.
A post from a member will first be handled according to that member's moderation action which may be the list's default action for posts from members or a specific action for that member.
If that moderation action is reject, discard or hold, the post will be rejected, discarded or held as a moderated member post regardless of any header filters.
If the action is accept, the post will be accepted without any further checks including the header checks.
If the action is defer (default processing) the message will be held for matching the X-Spam: Yes header.
What I meant was if the member's (or default) action was hold, the post would be held, but the reason would be moderated member, not header match.
The bottom line here is the moderation action of accept should only be used in cases of a highly trusted member (such as a list owner) because it bypasses other checks, but the address is still subject to spoofing. In the normal case where a moderation hold is not desired, use the defer (default processing) action.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am 18.01.20 um 19:38 schrieb Mark Sapiro:
On 1/18/20 6:58 AM, Torge Riedel wrote:
Am 16.01.20 um 21:43 schrieb Mark Sapiro:
This won't work for posts from members because the header checks are done between member moderation checks and non-member moderation checks, but if you create a Header Filter for header 'x-spam' and pattern 'yes' with action hold, a message from a non-member which has an X-Spam: Yes header should be held for that reason.
Hi Mark,
thank you for your answer. Just to understand that right: In case a posting with an "X-Spam: Yes" header comes from a member, it will not be held? It will be directly forwarded to the list? No. I apologize for being unclear.
A post from a member will first be handled according to that member's moderation action which may be the list's default action for posts from members or a specific action for that member.
If that moderation action is reject, discard or hold, the post will be rejected, discarded or held as a moderated member post regardless of any header filters.
If the action is accept, the post will be accepted without any further checks including the header checks.
If the action is defer (default processing) the message will be held for matching the X-Spam: Yes header.
What I meant was if the member's (or default) action was hold, the post would be held, but the reason would be moderated member, not header match.
The bottom line here is the moderation action of accept should only be used in cases of a highly trusted member (such as a list owner) because it bypasses other checks, but the address is still subject to spoofing. In the normal case where a moderation hold is not desired, use the defer (default processing) action.
Hi Mark,
thanks for clarification. I will add a header filter.
One final question: When adding a new header filter I can select between different actions. And there is one named "Default Anti-Spam action" (roughly translated from German). I cannot find anything else about this somewhere else in the settings (Postorius). So what it is the "Default Anti-Spam action"?
Best regards Torge
On 1/19/20 6:42 AM, Torge Riedel wrote:
One final question: When adding a new header filter I can select between different actions. And there is one named "Default Anti-Spam action" (roughly translated from German). I cannot find anything else about this somewhere else in the settings (Postorius). So what it is the "Default Anti-Spam action"?
There is a configuration setting with default
[antispam] jump_chain: hold
"Default Anti-Spam action" should set the action for that rule to None which means use the configured [antispam]jump_chain: value.
However, there is a bug in REST in core that doesn't allow setting
None so you can't chose that setting anyway. See
<https://gitlab.com/mailman/mailman/issues/671>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro -
Torge Riedel