From list-managers-owner@greatcircle.com Fri Jan 26 11:41:45 2007 X-Original-To: list-managers@greatcircle.com X-Greylist: delayed 63 seconds by postgrey-1.24 at mycroft; Fri, 26 Jan 2007 11:41:44 PST Received: from zoso.net (zoso.net [204.122.18.193]) by mycroft.greatcircle.com (Postfix) with ESMTP id 247EF2900D8 for ; Fri, 26 Jan 2007 11:41:43 -0800 (PST) Received: from zoso.net (localhost [127.0.0.1]) by zoso.net (8.13.8/8.13.8) with ESMTP id l0QJdnos013825 for ; Fri, 26 Jan 2007 11:39:49 -0800 Received: from localhost (zuess007@localhost) by zoso.net (8.13.8/8.13.8/Submit) with ESMTP id l0QJdmfk013822 for ; Fri, 26 Jan 2007 11:39:49 -0800 Date: Fri, 26 Jan 2007 11:39:48 -0800 (PST) From: zuess007@zoso.net To: list-managers@greatcircle.com Subject: spam being sent through list-digest-outgoing Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Archive-Number: 200701/1 X-Sequence-Number: 1879 I will call my mailing list "list" in hopes to finding a solution to my problem. What is happening is spammers have found a way to send spam directly to the digesters by using "list-digest-outgoing" This spam does not generate with the digest nor does it archive. But it finds its way to all the people in digest mode. I do have root access to this machine as well as the mail aliases, but I am clueless on how to stop this without stopping the digest. Any and all help would be so much appreciated. I am also willing to send a copy of my majordomo aliases if this would help. Please Please! I need help Thanks in advance Bob zuess007@zoso.net From list-managers-owner@greatcircle.com Fri Jan 26 13:01:14 2007 X-Original-To: list-managers@greatcircle.com X-Greylist: delayed 1925 seconds by postgrey-1.24 at mycroft; Fri, 26 Jan 2007 13:01:14 PST Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mycroft.greatcircle.com (Postfix) with ESMTP id 0BDDC2900EF for ; Fri, 26 Jan 2007 13:01:14 -0800 (PST) Received: from out1.internal (unknown [10.202.2.149]) by out1.messagingengine.com (Postfix) with ESMTP id 1B36C95F4D for ; Fri, 26 Jan 2007 15:29:08 -0500 (EST) Received: from web1.messagingengine.com ([10.202.2.210]) by out1.internal (MEProxy); Fri, 26 Jan 2007 15:29:08 -0500 Received: by web1.messagingengine.com (Postfix, from userid 99) id AC64627F7F; Fri, 26 Jan 2007 15:29:07 -0500 (EST) Message-Id: <1169843347.13301.1171430527@webmail.messagingengine.com> X-Sasl-Enc: RI3LqLKC+APhJ0yEr/cGfoXpZDW8zOWk5XmtsT2f+4+A 1169843347 From: "Tom Neff" To: list-managers@greatcircle.com Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface References: Subject: Re: spam being sent through list-digest-outgoing In-Reply-To: Date: Fri, 26 Jan 2007 15:29:07 -0500 X-Archive-Number: 200701/2 X-Sequence-Number: 1880 On Fri, 26 Jan 2007 11:39:48 -0800 (PST), zuess007@zoso.net said: > I will call my mailing list "list" in hopes to finding a solution to my > problem. What is happening is spammers have found a way to send spam > directly to the digesters by using "list-digest-outgoing" This spam does > not generate with the digest nor does it archive. But it finds its way to > all the people in digest mode. I do have root access to this machine as > well as the mail aliases, but I am clueless on how to stop this without > stopping the digest. Any and all help would be so much appreciated. I am > also willing to send a copy of my majordomo aliases if this would help. This is mentioned in section 3.6 of the Majordomo FAQ at http://www.greatcircle.com/majordomo/majordomo-faq.html . If you are not "tech-y" you will need to have an admin type help you. My favorite technique (not mentioned in the FAQ) was to use Procmail ( http://www.procmail.org/ ) to handle the -outgoing alias, and in the Procmail config for the alias, put in a filter so that only messages coming from the local Majordomo processor are passed through. I have long since switched to Mailman but this technique should still work. From list-managers-owner@greatcircle.com Fri Jan 26 13:28:44 2007 X-Original-To: list-managers@greatcircle.com Received: from penguin.postmodern.com (server.postmodern.com [216.240.39.3]) by mycroft.greatcircle.com (Postfix) with ESMTP id 8B3B42900C7 for ; Fri, 26 Jan 2007 13:28:43 -0800 (PST) Received: from [192.168.0.100] (heathrow.postmodern.com [216.240.39.14]) by penguin.postmodern.com (8.12.11/mcb2004-04-16-SBL-and-CBL) with ESMTP id l0QLSeAU016704; Fri, 26 Jan 2007 13:28:40 -0800 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: list-managers@greatcircle.com Content-Transfer-Encoding: 7bit From: "Michael C. Berch" Subject: Re: spam being sent through list-digest-outgoing Date: Fri, 26 Jan 2007 13:28:55 -0800 To: zuess007@zoso.net X-Mailer: Apple Mail (2.752.2) X-Archive-Number: 200701/3 X-Sequence-Number: 1881 On Jan 26, 2007, at 11:39 AM, zuess007@zoso.net wrote: > I will call my mailing list "list" in hopes to finding a solution > to my problem. What is happening is spammers have found a way to > send spam directly to the digesters by using "list-digest-outgoing" > This spam does not generate with the digest nor does it archive. > But it finds its way to all the people in digest mode. I do have > root access to this machine as well as the mail aliases, but I am > clueless on how to stop this without stopping the digest. Any and > all help would be so much appreciated. I am also willing to send a > copy of my majordomo aliases if this would help. My low-tech solution to this was just to rename list-digest-outgoing to something not easily guessable, like "list-digest-outgoing-xyzzy" and changing the other aliases for the list to conform. It's unlikely to be discovered, since a spammer has to get their grubby little hands on an actual message to read the headers, but if it is, you can change it again. -- Michael C. Berch mcb@postmodern.com From list-managers-owner@greatcircle.com Fri Jan 26 13:32:03 2007 X-Original-To: list-managers@greatcircle.com Received: from zoso.net (zoso.net [204.122.18.193]) by mycroft.greatcircle.com (Postfix) with ESMTP id 56B362900B1 for ; Fri, 26 Jan 2007 13:32:00 -0800 (PST) Received: from zoso.net (localhost [127.0.0.1]) by zoso.net (8.13.8/8.13.8) with ESMTP id l0QLUm3U010562; Fri, 26 Jan 2007 13:30:49 -0800 Received: from localhost (zuess007@localhost) by zoso.net (8.13.8/8.13.8/Submit) with ESMTP id l0QLUkU9010559; Fri, 26 Jan 2007 13:30:47 -0800 Date: Fri, 26 Jan 2007 13:30:46 -0800 (PST) From: zuess007@zoso.net To: Tom Neff Cc: list-managers@greatcircle.com Subject: Re: spam being sent through list-digest-outgoing In-Reply-To: <1169843347.13301.1171430527@webmail.messagingengine.com> Message-ID: References: <1169843347.13301.1171430527@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Archive-Number: 200701/4 X-Sequence-Number: 1882 I am assuming I should make this entry in my .procmailrc? And where should I put the .procmailrc entry? In my root dir? or my majordomo dir? I hate to sound stupid but I have never had this problem before. Could I ask what your procmail entry looked like? I really appreciate this and your help. I am also gonna print out 3.6 of the faq. Thanks again On Fri, 26 Jan 2007, Tom Neff wrote: > > On Fri, 26 Jan 2007 11:39:48 -0800 (PST), zuess007@zoso.net said: >> I will call my mailing list "list" in hopes to finding a solution to my >> problem. What is happening is spammers have found a way to send spam >> directly to the digesters by using "list-digest-outgoing" This spam does >> not generate with the digest nor does it archive. But it finds its way to >> all the people in digest mode. I do have root access to this machine as >> well as the mail aliases, but I am clueless on how to stop this without >> stopping the digest. Any and all help would be so much appreciated. I am >> also willing to send a copy of my majordomo aliases if this would help. > > This is mentioned in section 3.6 of the Majordomo FAQ at > http://www.greatcircle.com/majordomo/majordomo-faq.html . > > If you are not "tech-y" you will need to have an admin type help you. > > My favorite technique (not mentioned in the FAQ) was to use Procmail ( > http://www.procmail.org/ ) to handle the -outgoing alias, and in the > Procmail config for the alias, put in a filter so that only messages > coming from the local Majordomo processor are passed through. I have > long since switched to Mailman but this technique should still work. > From list-managers-owner@greatcircle.com Fri Jan 26 18:42:48 2007 X-Original-To: list-managers@greatcircle.com Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mycroft.greatcircle.com (Postfix) with ESMTP id 8CA8421BE45 for ; Fri, 26 Jan 2007 18:42:46 -0800 (PST) Received: from out1.internal (unknown [10.202.2.149]) by out1.messagingengine.com (Postfix) with ESMTP id 92DDF98AFD for ; Fri, 26 Jan 2007 21:42:45 -0500 (EST) Received: from web1.messagingengine.com ([10.202.2.210]) by out1.internal (MEProxy); Fri, 26 Jan 2007 21:42:45 -0500 Received: by web1.messagingengine.com (Postfix, from userid 99) id 490CB3574A; Fri, 26 Jan 2007 21:42:45 -0500 (EST) Message-Id: <1169865765.17476.1171470227@webmail.messagingengine.com> X-Sasl-Enc: xw++JB2rZ0RbkWNvzXwXKR5jAPi7QW0b9DrWsJd3QXv1 1169865765 From: "Tom Neff" To: list-managers@greatcircle.com Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface References: <1169843347.13301.1171430527@webmail.messagingengine.com> Subject: Re: spam being sent through list-digest-outgoing In-Reply-To: Date: Fri, 26 Jan 2007 21:42:45 -0500 X-Archive-Number: 200701/5 X-Sequence-Number: 1883 On 1/26/07, Michael C. Berch wrote: > My low-tech solution to this was just to rename list-digest-outgoing > to something not easily guessable, like > "list-digest-outgoing-xyzzy" and changing the other aliases for the > list to conform. It's unlikely to be discovered, since a spammer has > to get their grubby little hands on an actual message to read the > headers, but if it is, you can change it again. This is one of the solutions mentioned in the FAQ. It's definitely better than nothing, but it does not protect you from spammers because infected machines can see the mail headers in their spool. On 1/26/07, zuess007@zoso.net wrote: > I am assuming I should make this entry in my .procmailrc? And where should > I put the .procmailrc entry? In my root dir? or my majordomo dir? I hate > to sound stupid but I have never had this problem before. Could I ask what > your procmail entry looked like? I really appreciate this and your help. I > am also gonna print out 3.6 of the faq. Thanks again I'll have to look up my old config. -- Tom Neff tneff@grassyhill.org