Project

General

Profile

tickets #55838

lots of spam on my opensuse.org address

Added by lemmy04 over 1 year ago. Updated 5 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Email
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Hi,

the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de which
handle mail to opensuse.org addresses has become truly annoying... about 80%
of the spam that I get here is hitting my opensuse.org address. And since the
junk has already passed through a (poorly configured?) spamassassin, my local
spamassassin thinks all is legit o.0

Can someone do something about this?

Cheers
Mathias

Mathias Homann
Mathias.Homann@openSUSE.org[1]
telegram: https://telegram.me/lemmy98[2]
irc: [lemmy] on freenode and ircnet
obs: lemmy04
*gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

*


[1] mailto:Mathias.Homann@eregion.de
[2] https://telegram.me/lemmy98

signature.asc (659 Bytes) signature.asc lemmy04, 2019-08-22 14:22
signature.asc (659 Bytes) signature.asc lemmy04, 2020-08-19 10:13
signature.asc (659 Bytes) signature.asc lemmy04, 2020-08-19 13:39
signature.asc (659 Bytes) signature.asc lemmy04, 2020-08-19 20:34

History

#1 Updated by bmwiedemann over 1 year ago

I wonder what would happen if spammers added spamassassin headers with Score 0.0 - I guess, you want to filter those out on your side anyway.
You probably also need to teach it that the actual delivering IP is the one before mx*.suse.de - for DNSBLs queried by spamassassin

#2 Updated by pjessen over 1 year ago

  • Private changed from Yes to No

bmwiedemann wrote:

I wonder what would happen if spammers added spamassassin headers with Score 0.0

They are usually removed by spamassassin before processing. Might be configurable.

#3 Updated by lemmy04 over 1 year ago

...so, is anyone actually doing anything about it?

related: is the email address "postmaster@suse.de" actually being read
by a human being?

#4 Updated by pjessen over 1 year ago

  • Category set to Email

lemmy04 wrote:

And since the junk has already passed through a (poorly configured?) spamassassin,
my local spamassassin thinks all is legit o.0

See my previous reply. Spamassassin does not rely on any existing results, and deletes any pre-existing X-Spam headers.

...so, is anyone actually doing anything about it?

In all honesty, probably not.

#5 Updated by lemmy04 11 months ago

Half a year later:

spamcop by now treats the suse domain as "no human beings there", mails to
"postmaster@suse.de" are not read by anyone, and my opensuse.org address is by
now "responsible" for over 90% of the spam mails I get.

PLEASE fix.

Cheers
MH

#6 Updated by pjessen 7 months ago

I think both of these issues are a matter for SUSE, not really openSUSE:

  • who receives "postmaster@suse.de" and how it is dealt with
  • fine-tuning the SpamAssassin setup on mx[12].suse.de

#7 Updated by pjessen 5 months ago

pjessen wrote:

I think both of these issues are a matter for SUSE, not really openSUSE:

  • who receives "postmaster@suse.de" and how it is dealt with
  • fine-tuning the SpamAssassin setup on mx[12].suse.de

Correction - as of 10 August, this is now an issue for us. Postmaster@ is currently sent to admin-auto (have just changed it from admin@o.o).

#8 Updated by pjessen 5 months ago

  • Status changed from New to Feedback
  • Assignee set to pjessen

Hi Mathias

now that we have switched over to our own mailservers, we have much better access to produce some stats:

Since 10 August, we have (for your address) :

greylisted 229 mails from 102 unique sources (with some overlap).
rejected 171 mails identified as spam.
forwarded 449 mails to your own address.

If you are still seeing a lot of spam being forwarded, perhaps send some of it to me (per@o.o), as attachment.

#9 Updated by lemmy04 5 months ago

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

#10 Updated by pjessen 5 months ago

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any checking of e.g. postmaster@, I thought it was people like http://rfcignorant.org ?

#11 Updated by lemmy04 5 months ago

Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?

they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to it -
which IMO means pretty much the same as being flagged by rfcignorant.org...

#12 Updated by pjessen 5 months ago

lemmy04 wrote:

Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?

they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to it -
which IMO means pretty much the same as being flagged by rfcignorant.org...

Hmm, I suppose I don't know what it is we need from Spamcop. If they want to talk to openSUSE, we are here :-)

#13 Updated by lemmy04 5 months ago

Am Mittwoch, 19. August 2020, 15:59:24 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually
working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?

they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to
it - which IMO means pretty much the same as being flagged by
rfcignorant.org...
Hmm, I suppose I don't know what it is we need from Spamcop. If they want
to talk to openSUSE, we are here :-)


tickets #55838: lots of spam on my opensuse.org address
https://progress.opensuse.org/issues/55838#change-319696

  • Author: lemmy04
  • Status: Feedback
  • Priority: Normal
  • Assignee: pjessen
  • Category: Email

* Target version:

Hi,

the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de
which handle mail to opensuse.org addresses has become truly annoying...
about 80% of the spam that I get here is hitting my opensuse.org address.
And since the junk has already passed through a (poorly configured?)
spamassassin, my local spamassassin thinks all is legit o.0

Can someone do something about this?

Cheers
Mathias

This here's the problem: (from a spamcop analysis of some spam mail):

Tracking message source: 195.135.221.158:
Routing details for 195.135.221.158
[refresh/show] Cached whois for 195.135.221.158 : hostmaster@suse.de
Using abuse net on hostmaster@suse.de
abuse net suse.de = hostmaster@suse.de
Using best contacts hostmaster@suse.de
hostmaster@suse.de bounces (55 sent : 28 bounces)
Using hostmaster#suse.de@devnull.spamcop.net for statistical tracking.
Message is 5 hours old
195.135.221.158 not listed in cbl.abuseat.org
195.135.221.158 not listed in dnsbl.sorbs.net
195.135.221.158 not listed in accredit.habeas.com
195.135.221.158 not listed in plus.bondedsender.org
195.135.221.158 not listed in iadb.isipp.com

hostmaster@suse.de bounces at least 50% of mails. That should be fixed, and
then spamcop needs to be notified.

Cheers
MH

--
Mathias Homann
Mathias.Homann@openSUSE.org
Jabber (XMPP): lemmy@tuxonline.tech
IRC: [Lemmy] on freenode and ircnet (bouncer active)
telegram: https://telegram.me/lemmy98
keybase: https://keybase.io/lemmy
gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

Also available in: Atom PDF