Project

General

Profile

Actions

tickets #55838

open

postmaster@, abuse@, hostmaster@ etc

Added by lemmy04 over 4 years ago. Updated about 2 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Email
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Hi,

the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de which
handle mail to opensuse.org addresses has become truly annoying... about 80%
of the spam that I get here is hitting my opensuse.org address. And since the
junk has already passed through a (poorly configured?) spamassassin, my local
spamassassin thinks all is legit o.0

Can someone do something about this?

Cheers
Mathias

Mathias Homann
Mathias.Homann@openSUSE.org[1]
telegram: https://telegram.me/lemmy98[2]
irc: [lemmy] on freenode and ircnet
obs: lemmy04
*gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

*


[1] mailto:Mathias.Homann@eregion.de
[2] https://telegram.me/lemmy98


Files

signature.asc (659 Bytes) signature.asc lemmy04, 2019-08-22 14:22
signature.asc (659 Bytes) signature.asc lemmy04, 2020-08-19 10:13
signature.asc (659 Bytes) signature.asc lemmy04, 2020-08-19 13:39
signature.asc (659 Bytes) signature.asc lemmy04, 2020-08-19 20:34
signature.asc (659 Bytes) signature.asc lemmy04, 2022-01-09 16:30
signature.asc (659 Bytes) signature.asc lemmy04, 2022-01-11 13:49
Actions #1

Updated by bmwiedemann over 4 years ago

I wonder what would happen if spammers added spamassassin headers with Score 0.0 - I guess, you want to filter those out on your side anyway.
You probably also need to teach it that the actual delivering IP is the one before mx*.suse.de - for DNSBLs queried by spamassassin

Actions #2

Updated by pjessen over 4 years ago

  • Private changed from Yes to No

bmwiedemann wrote:

I wonder what would happen if spammers added spamassassin headers with Score 0.0

They are usually removed by spamassassin before processing. Might be configurable.

Actions #3

Updated by lemmy04 over 4 years ago

...so, is anyone actually doing anything about it?

related: is the email address "postmaster@suse.de" actually being read
by a human being?

Actions #4

Updated by pjessen over 4 years ago

  • Category set to Email

lemmy04 wrote:

And since the junk has already passed through a (poorly configured?) spamassassin,
my local spamassassin thinks all is legit o.0

See my previous reply. Spamassassin does not rely on any existing results, and deletes any pre-existing X-Spam headers.

...so, is anyone actually doing anything about it?

In all honesty, probably not.

Actions #5

Updated by lemmy04 about 4 years ago

Half a year later:

spamcop by now treats the suse domain as "no human beings there", mails to
"postmaster@suse.de" are not read by anyone, and my opensuse.org address is by
now "responsible" for over 90% of the spam mails I get.

PLEASE fix.

Cheers
MH

Actions #6

Updated by pjessen almost 4 years ago

I think both of these issues are a matter for SUSE, not really openSUSE:

  • who receives "postmaster@suse.de" and how it is dealt with
  • fine-tuning the SpamAssassin setup on mx[12].suse.de
Actions #7

Updated by pjessen over 3 years ago

pjessen wrote:

I think both of these issues are a matter for SUSE, not really openSUSE:

  • who receives "postmaster@suse.de" and how it is dealt with
  • fine-tuning the SpamAssassin setup on mx[12].suse.de

Correction - as of 10 August, this is now an issue for us. Postmaster@ is currently sent to admin-auto (have just changed it from admin@o.o).

Actions #8

Updated by pjessen over 3 years ago

  • Status changed from New to Feedback
  • Assignee set to pjessen

Hi Mathias

now that we have switched over to our own mailservers, we have much better access to produce some stats:

Since 10 August, we have (for your address) :

greylisted 229 mails from 102 unique sources (with some overlap).
rejected 171 mails identified as spam.
forwarded 449 mails to your own address.

If you are still seeing a lot of spam being forwarded, perhaps send some of it to me (per@o.o), as attachment.

Actions #9

Updated by lemmy04 over 3 years ago

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Actions #10

Updated by pjessen over 3 years ago

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any checking of e.g. postmaster@, I thought it was people like http://rfcignorant.org ?

Actions #11

Updated by lemmy04 over 3 years ago

Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?

they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to it -
which IMO means pretty much the same as being flagged by rfcignorant.org...

Actions #12

Updated by pjessen over 3 years ago

lemmy04 wrote:

Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?

they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to it -
which IMO means pretty much the same as being flagged by rfcignorant.org...

Hmm, I suppose I don't know what it is we need from Spamcop. If they want to talk to openSUSE, we are here :-)

Actions #13

Updated by lemmy04 over 3 years ago

Am Mittwoch, 19. August 2020, 15:59:24 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by pjessen.

lemmy04 wrote:

Will do!

directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually
working
again.

Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?

they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to
it - which IMO means pretty much the same as being flagged by
rfcignorant.org...
Hmm, I suppose I don't know what it is we need from Spamcop. If they want
to talk to openSUSE, we are here :-)


tickets #55838: lots of spam on my opensuse.org address
https://progress.opensuse.org/issues/55838#change-319696

  • Author: lemmy04
  • Status: Feedback
  • Priority: Normal
  • Assignee: pjessen
  • Category: Email

* Target version:

Hi,

the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de
which handle mail to opensuse.org addresses has become truly annoying...
about 80% of the spam that I get here is hitting my opensuse.org address.
And since the junk has already passed through a (poorly configured?)
spamassassin, my local spamassassin thinks all is legit o.0

Can someone do something about this?

Cheers
Mathias

This here's the problem: (from a spamcop analysis of some spam mail):

Tracking message source: 195.135.221.158:
Routing details for 195.135.221.158
[refresh/show] Cached whois for 195.135.221.158 : hostmaster@suse.de
Using abuse net on hostmaster@suse.de
abuse net suse.de = hostmaster@suse.de
Using best contacts hostmaster@suse.de
hostmaster@suse.de bounces (55 sent : 28 bounces)
Using hostmaster#suse.de@devnull.spamcop.net for statistical tracking.
Message is 5 hours old
195.135.221.158 not listed in cbl.abuseat.org
195.135.221.158 not listed in dnsbl.sorbs.net
195.135.221.158 not listed in accredit.habeas.com
195.135.221.158 not listed in plus.bondedsender.org
195.135.221.158 not listed in iadb.isipp.com

hostmaster@suse.de bounces at least 50% of mails. That should be fixed, and
then spamcop needs to be notified.

Cheers
MH

--
Mathias Homann
Mathias.Homann@openSUSE.org
Jabber (XMPP): lemmy@tuxonline.tech
IRC: [Lemmy] on freenode and ircnet (bouncer active)
telegram: https://telegram.me/lemmy98
keybase: https://keybase.io/lemmy
gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

Actions #14

Updated by lrupp about 2 years ago

  • Status changed from Feedback to Closed
  • % Done changed from 0 to 100

Hi there - and a Happy and Healthy 2022!

I'm currently closing old tickets which did not see much change.
If the main concern still exists and should be handled, please re-open by just replying to this Email.

Thanks in advance,
Lars

Actions #15

Updated by lemmy04 about 2 years ago

  • Status changed from Closed to New

Yes, the problem still exists.

I'm still getting most of the spam mail that makes it into my inbox via my
opensuse.org address.

Actions #16

Updated by pjessen about 2 years ago

  • Assignee deleted (pjessen)
  • % Done changed from 100 to 0

In the meantime, we have switched to our own mailservers (for about 18 months iirc), and I doubt if "hostmaster@suse.de" bouncing mails should really affect how we filter things.

Mathias, you did send me one spam sample, (which went through our own servers), thanks - but as I said then, "I honestly don't know if anyone wants to or has the time to spend on fine-tuning the SpamAssassin setup.". For the sample you sent, it is a typical example of those spams that filters have a hard time dealing with, there is not enough information to classify as spam.

Actions #17

Updated by lemmy04 about 2 years ago

One thing that should be done is to make sure that all officially registered
adresses, and all adresses required by rfc, actually work -
"hostmaster@domain.tld" bouncing is not a good thing.

Actions #18

Updated by pjessen about 2 years ago

  • Assignee set to SUSE-Admins

lemmy04 wrote:

One thing that should be done is to make sure that all officially registered
adresses, and all adresses required by rfc, actually work -
"hostmaster@domain.tld" bouncing is not a good thing.

Yeah, I guess that ought to be fixed. Assigning to SUSE-IT.

Actions #19

Updated by bmwiedemann about 2 years ago

For the record: mx1.suse.de is no more used for opensuse.org mail, even if it is currently hosted closeby.

host -t mx opensuse.org

opensuse.org mail is handled by 42 mx1.opensuse.org.
opensuse.org mail is handled by 42 mx2.opensuse.org.

host mx1.opensuse.org.

mx1.opensuse.org has address 195.135.221.175
mx1.opensuse.org has IPv6 address 2001:67c:2178:8::175

host mx1.suse.de.

mx1.suse.de has address 195.135.220.2

So is there anything needed from SUSE-IT to fix spam filtering and hostmaster@ addrs?

Actions #20

Updated by lemmy04 about 2 years ago

yes, making sure that all email adresses that are listed as mandatory for a
domain are set up and work for opensuse.org, suse.de and suse.com. They can be
forwarded to whatever but they HAVE to be read by someone "in charge". For
reference, see RFC 2142 which contains a complete list of all mailboxes that
should exist and be actively monitored by a real person.

https://www.heise.de/netze/rfc/rfcs/rfc2142.shtml

also, make sure that the admin-c, tech-c and zone-c entries on the whos
records for suse.com, suse.de and opensuse.org point to existing mailboxes
that are being monitored by someone "in charge".

Am Dienstag, 11. Januar 2022, 14:22:19 CET schrieb redmine@opensuse.org:

[openSUSE Tracker]
Issue #55838 has been updated by bmwiedemann.

For the record: mx1.suse.de is no more used for opensuse.org mail, even if
it is currently hosted closeby.

host -t mx opensuse.org

opensuse.org mail is handled by 42 mx1.opensuse.org.
opensuse.org mail is handled by 42 mx2.opensuse.org.

host mx1.opensuse.org.

mx1.opensuse.org has address 195.135.221.175
mx1.opensuse.org has IPv6 address 2001:67c:2178:8::175

host mx1.suse.de.

mx1.suse.de has address 195.135.220.2

So is there anything needed from SUSE-IT to fix spam filtering and
hostmaster@ addrs?


tickets #55838: lots of spam on my opensuse.org address
https://progress.opensuse.org/issues/55838#change-479307

  • Author: lemmy04
  • Status: New
  • Priority: Normal
  • Assignee: SUSE-IT
  • Category: Email

* Target version:

Hi,

the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de
which handle mail to opensuse.org addresses has become truly annoying...
about 80% of the spam that I get here is hitting my opensuse.org address.
And since the junk has already passed through a (poorly configured?)
spamassassin, my local spamassassin thinks all is legit o.0

Can someone do something about this?

Cheers
Mathias

Mathias Homann
Mathias.Homann@openSUSE.org[1]
telegram: https://telegram.me/lemmy98[2]
irc: [lemmy] on freenode and ircnet
obs: lemmy04
*gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

*


[1] mailto:Mathias.Homann@eregion.de
[2] https://telegram.me/lemmy98

---Files--------------------------------
signature.asc (659 Bytes)
signature.asc (659 Bytes)
signature.asc (659 Bytes)
signature.asc (659 Bytes)
signature.asc (659 Bytes)

--
Mathias Homann
Mathias.Homann@openSUSE.org
OBS: lemmy04
Jabber (XMPP): lemmy@tuxonline.tech
Matrix: @mathias:eregion.de
IRC: [Lemmy] on liberachat and ircnet (bouncer active)
keybase: https://keybase.io/lemmy
gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

Actions #21

Updated by lrupp about 2 years ago

  • Status changed from New to Feedback
  • Assignee changed from SUSE-Admins to pjessen

Matthias,

thank you very much for keeping an eye on this and pushing things forward!

@Per: I tried to send test Emails from my account to the following usual suspects:

For all of them I got the following reply:

Subject: Your message to admin-auto@lists.opensuse.org awaits moderator approval

This is IMHO not what a user would expect.
I know that I'm asking for the can of worms here, but we should IMHO think about an open (but maybe hidden?) mailing list or a local account on one of our systems that can be used to receive Emails for the above accounts at least.

I guess, we had a similar discussion (about a local account) already in the past, when we discussed if/how many users might want to subscribe to the admin-auto ML. Maybe it's time to do it this time for real?

What do you think?

Actions #22

Updated by pjessen almost 2 years ago

  • Subject changed from lots of spam on my opensuse.org address to postmaster@, abuse@, hostmaster@ etc
  • Status changed from Feedback to In Progress

lrupp wrote:

Matthias,

thank you very much for keeping an eye on this and pushing things forward!

@Per: I tried to send test Emails from my account to the following usual suspects:

For all of them I got the following reply:

Subject: Your message to admin-auto@lists.opensuse.org awaits moderator approval

This is IMHO not what a user would expect.

Yeah, that is true - usually we expect admin-auto@lists.opensuse.org to be used only for communication from machines, with reports and such, but those addresses are also forwarded to admin-auto. admin-auto accepts mails from any user at infra.opensuse.org.

I know that I'm asking for the can of worms here, but we should IMHO think about an open (but maybe hidden?) mailing list or a local account on one of our systems that can be used to receive Emails for the above accounts at least.

The admin-auto list is not a bad place, the problem is the amount of traffic we have, pure and simple. We can open admin-auto to postings from anyone or we can set up yet another list, but neither addresses the real issue - that someone has to monitor those addresses, every day or week.

Maybe we should just forward those addresses to admin@o.o ? That way we get a ticket that someone will see. It will likely mean a little bit more time working the ticket queue, of course.

It could also be done with a local account or whatever (a shared imap account for instance), but in the end it is a chore, just like my son emptying the dishwasher or making his bed. (and he needs constant reminding .... )

Actions #23

Updated by crameleon about 2 months ago

Maybe we should just forward those addresses to admin@o.o ?

This sounds like the easiest approach, and ensures mails don't get lost in some local Unix mailbox nobody ever opens. It adds another entry point for spam, hence it would be nice if we could tell from the created ticket which address it was originally sent to.

Actions

Also available in: Atom PDF