Re: Spam mail being sent via the FreeBSD mailing lists

From: Philip Paeps <philip_at_freebsd.org>
Date: Thu, 27 May 2021 09:04:53 +0800
On 2021-05-26 22:50:57 (+0800), Julian H. Stacey wrote:
> Kurt Jaeger wrote:
>> Hi!
>>>> On May 25, 2021, at 8:53 PM, jake h <jakehfreebsd_at_gmail.com> wrote:
>>>> I have recently received several pieces of spam mail, apparently 
>>>> sent via
>>>> this mailing list. These pieces of mail are the usual spam formula; 
>>>> Your
>>>> phone has a virus, Ads, Fake blackmail, so on and so forth.
>>>> Has anyone else noticed these spam emails, or is it just me?
>>> I'm receiving these too. It looks like the servers are bouncing some 
>>> of them just for me, even. And I'm receiving not just from this 
>>> list; also from freebsd-hackers_at_ and ports_at_.
>>
>> postmaster_at_ is aware of the problem, we do not yet have a clear-cut
>> solution and we're investigating.
>> -- 
>> pi_at_opsec.eu            +49 171 3101372                    Now what ?
>
> I'm on most lists & also seen much spam lately.
>
> Changing Mailman list configs to only allowing postings from 
> subscribed
> addresses could dump nearly all spam;  (I'm a Mailman admin elsewhere 
> ).

This was how the majority of FreeBSD mailing lists were configured.  
Most lists were set to discard postings from non-subscribers.  Some were 
set to hold.  A few were set to reject.

> But _at_freebsd.org has prefered open lists for near all lists.
> Best only for the initial fresh- after- install- questions_at_, IMO.

This has not been true for a good while now.  Historically, nearly all 
our lists were indeed open.  In recent years, we've made most lists 
subscriber-only, with some exceptions and whitelists.

> List back end responses to eg isp_at_ & hackers_at_ have recently migrated
> from Mailman to Mlmmj, I guess that shouldn't directly affect spam
> protection ?  but it'd be interesting to know what advantage the
> migration might bring _at_freebsd.org ?

For one thing, running supported software means we can continue 
upgrading our mailservers with fewer worries.  Mailman 2 relies on 
Python 2, which has unfortunately become abandonware.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
Received on Thu May 27 2021 - 01:04:53 UTC

Original text of this message