Discussion:
OT: Spam issues with linux.net.nz mailserver
Rene Bartosh
2011-08-25 09:09:40 UTC
Permalink
Hi All,

Apologies for posting this matter to the list but I have been unable
to contact any list or server admins on any addresses I could find.

I am one of the listed admins for the HBLUG mailing list, and I have
been receiving a decent amount of spam on the address I have listed.
This spam is routed via the linux.net.nz mail server, then my own mail
server, and finally onto my Gmail account. I will paste an example
header below to indicate this.

The To: field is (not limited to) ***@linux.net.nz,
nzlug-***@linux.net.nz, klug-***@linux.net.nz,
nzlug-***@linux.net.nz, ***@linux.net.nz,
aucklug-***@linux.net.nz.

Some of the mssages are in spamassasin report format, where others are
not. My working theory is that there is some misconfiguration or
similar with spamassasin on the mailserver which is passing on mail to
all mailman-related addresses (e.g. -request and -owner) to all listed
mail list admins.

Can anyone who is a list or server admin shed any light on the matter,
or anyone else familiar with spamassasin, mailman or mail servers in
general.

Thanks,

Rene Bartosh

========================================

Delivered-To: ***@gmail.com
Received: by 10.227.37.226 with SMTP id y34cs93610wbd;
Tue, 16 Aug 2011 07:52:31 -0700 (PDT)
Received: from mr.google.com ([10.236.178.74])
by 10.236.178.74 with SMTP id
e50mr21875508yhm.121.1313506351598 (num_hops = 1);
Tue, 16 Aug 2011 07:52:31 -0700 (PDT)
Received: by 10.236.178.74 with SMTP id e50mr16330188yhm.121.1313506350996;
Tue, 16 Aug 2011 07:52:30 -0700 (PDT)
Return-Path: <mailman-bounces+kirjava=***@linux.net.nz>
Received: from mail.kirjava.net (mail.kirjava.net [68.68.20.163])
by mx.google.com with ESMTP id w7si434320yhl.112.2011.08.16.07.52.30;
Tue, 16 Aug 2011 07:52:30 -0700 (PDT)
Received-SPF: neutral (google.com: 68.68.20.163 is neither permitted
nor denied by best guess record for domain of
mailman-bounces+kirjava=***@linux.net.nz)
client-ip=68.68.20.163;
Authentication-Results: mx.google.com; spf=neutral (google.com:
68.68.20.163 is neither permitted nor denied by best guess record for
domain of mailman-bounces+kirjava=***@linux.net.nz)
smtp.mail=mailman-bounces+kirjava=***@linux.net.nz
Received: from mail.wibble.net (unknown [72.249.126.132])
by mail.kirjava.net (Postfix) with ESMTPS id F361027003A
for <***@hblug.org.nz>; Wed, 17 Aug 2011 02:52:29 +1200 (NZST)
Received: from localhost ([127.0.0.1] helo=wibble.net)
by mail.wibble.net with esmtp (Exim 4.69)
(envelope-from <mailman-***@linux.net.nz>)
id 1QtL0G-0006Cy-Lv; Wed, 17 Aug 2011 02:52:29 +1200
Received: from [184.151.63.247] (helo=y2qri9ljwpq.net)
by mail.wibble.net with smtp (Exim 4.69)
(envelope-from <***@opbu.xerox.com>)
id 1QtKzr-00069X-MF; Wed, 17 Aug 2011 02:52:07 +1200
Message-ID: <64f96z25l57-10393183-***@cucyqwlro>
MIME-Version: 1.0
To: <***@linux.net.nz>
Date: Tue, 16 Aug 2011 15:47:53 +0000
From: "LouettaJule" <***@opbu.xerox.com>
Subject: Star rocking on your BED tonight. Men, gain length, girth, stamina,
and pleasure with Dr. Joel Kaplan's proprietary herbal formulas Since
1991.
Content-Type: multipart/alternative;
boundary="----=_NextPart_009_0A33_BC22AE1F.BB10325B"
Sender: mailman-***@linux.net.nz
Received-SPF: pass (mail.wibble.net: localhost is always allowed.)
client-ip=127.0.0.1; envelope-from=mailman-***@linux.net.nz;
helo=wibble.net;
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: mailman-***@linux.net.nz
X-SA-Exim-Scanned: No (on mail.wibble.net); SAEximRunCond expanded to false
Errors-To: mailman-bounces+kirjava=***@linux.net.nz
--
Personal: http://kirjava.net.nz/

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Mark Foster
2011-08-25 09:26:30 UTC
Permalink
Rene

Nic Bellamy has already replied to you on this.

The spam you're getting is a byproduct of you being an administrator for a
mailing list hosted at linux.net.nz and youre catching stuff destined for
the addresses for -owner and such.

I did not reply to you directly as Nic had already replied (he CC'd me and
the others who have a hand in linux.net.nz). My own contact details are
well publicised yet you have not attempted to hit me up directly either.

NZLUG itself cannot help you with this as the issue is invisible to its
members (I and others get to see all the spam destined for the list that
_doesnt_ get reflected to the members. You too in at least some capacity
it seems.)

Mark.
Post by Rene Bartosh
Hi All,
Apologies for posting this matter to the list but I have been unable
to contact any list or server admins on any addresses I could find.
I am one of the listed admins for the HBLUG mailing list, and I have
been receiving a decent amount of spam on the address I have listed.
This spam is routed via the linux.net.nz mail server, then my own mail
server, and finally onto my Gmail account. I will paste an example
header below to indicate this.
Some of the mssages are in spamassasin report format, where others are
not. My working theory is that there is some misconfiguration or
similar with spamassasin on the mailserver which is passing on mail to
all mailman-related addresses (e.g. -request and -owner) to all listed
mail list admins.
Can anyone who is a list or server admin shed any light on the matter,
or anyone else familiar with spamassasin, mailman or mail servers in
general.
Thanks,
Rene Bartosh
========================================
Received: by 10.227.37.226 with SMTP id y34cs93610wbd;
Tue, 16 Aug 2011 07:52:31 -0700 (PDT)
Received: from mr.google.com ([10.236.178.74])
by 10.236.178.74 with SMTP id
e50mr21875508yhm.121.1313506351598 (num_hops = 1);
Tue, 16 Aug 2011 07:52:31 -0700 (PDT)
Received: by 10.236.178.74 with SMTP id e50mr16330188yhm.121.1313506350996;
Tue, 16 Aug 2011 07:52:30 -0700 (PDT)
Received: from mail.kirjava.net (mail.kirjava.net [68.68.20.163])
by mx.google.com with ESMTP id w7si434320yhl.112.2011.08.16.07.52.30;
Tue, 16 Aug 2011 07:52:30 -0700 (PDT)
Received-SPF: neutral (google.com: 68.68.20.163 is neither permitted
nor denied by best guess record for domain of
client-ip=68.68.20.163;
68.68.20.163 is neither permitted nor denied by best guess record for
Received: from mail.wibble.net (unknown [72.249.126.132])
by mail.kirjava.net (Postfix) with ESMTPS id F361027003A
Received: from localhost ([127.0.0.1] helo=wibble.net)
by mail.wibble.net with esmtp (Exim 4.69)
id 1QtL0G-0006Cy-Lv; Wed, 17 Aug 2011 02:52:29 +1200
Received: from [184.151.63.247] (helo=y2qri9ljwpq.net)
by mail.wibble.net with smtp (Exim 4.69)
id 1QtKzr-00069X-MF; Wed, 17 Aug 2011 02:52:07 +1200
MIME-Version: 1.0
Date: Tue, 16 Aug 2011 15:47:53 +0000
Subject: Star rocking on your BED tonight. Men, gain length, girth, stamina,
and pleasure with Dr. Joel Kaplan's proprietary herbal formulas Since
1991.
Content-Type: multipart/alternative;
boundary="----=_NextPart_009_0A33_BC22AE1F.BB10325B"
Received-SPF: pass (mail.wibble.net: localhost is always allowed.)
helo=wibble.net;
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Scanned: No (on mail.wibble.net); SAEximRunCond expanded to false
--
Personal: http://kirjava.net.nz/
_______________________________________________
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Loading...