tickets #55838
openpostmaster@, abuse@, hostmaster@ etc
0%
Description
Hi,
the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de which
handle mail to opensuse.org addresses has become truly annoying... about 80%
of the spam that I get here is hitting my opensuse.org address. And since the
junk has already passed through a (poorly configured?) spamassassin, my local
spamassassin thinks all is legit o.0
Can someone do something about this?
Cheers
Mathias
Mathias Homann
Mathias.Homann@openSUSE.org[1]
telegram: https://telegram.me/lemmy98[2]
irc: [lemmy] on freenode and ircnet
obs: lemmy04
*gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
*
[1] mailto:Mathias.Homann@eregion.de
[2] https://telegram.me/lemmy98
Files
Updated by bmwiedemann about 5 years ago
I wonder what would happen if spammers added spamassassin headers with Score 0.0 - I guess, you want to filter those out on your side anyway.
You probably also need to teach it that the actual delivering IP is the one before mx*.suse.de - for DNSBLs queried by spamassassin
Updated by pjessen about 5 years ago
- Private changed from Yes to No
bmwiedemann wrote:
I wonder what would happen if spammers added spamassassin headers with Score 0.0
They are usually removed by spamassassin before processing. Might be configurable.
Updated by lemmy04 about 5 years ago
...so, is anyone actually doing anything about it?
related: is the email address "postmaster@suse.de" actually being read
by a human being?
Updated by pjessen about 5 years ago
- Category set to Email
lemmy04 wrote:
And since the junk has already passed through a (poorly configured?) spamassassin,
my local spamassassin thinks all is legit o.0
See my previous reply. Spamassassin does not rely on any existing results, and deletes any pre-existing X-Spam headers.
...so, is anyone actually doing anything about it?
In all honesty, probably not.
Updated by lemmy04 over 4 years ago
Half a year later:
spamcop by now treats the suse domain as "no human beings there", mails to
"postmaster@suse.de" are not read by anyone, and my opensuse.org address is by
now "responsible" for over 90% of the spam mails I get.
PLEASE fix.
Cheers
MH
Updated by pjessen about 4 years ago
I think both of these issues are a matter for SUSE, not really openSUSE:
- who receives "postmaster@suse.de" and how it is dealt with
- fine-tuning the SpamAssassin setup on mx[12].suse.de
Updated by pjessen about 4 years ago
pjessen wrote:
I think both of these issues are a matter for SUSE, not really openSUSE:
- who receives "postmaster@suse.de" and how it is dealt with
- fine-tuning the SpamAssassin setup on mx[12].suse.de
Correction - as of 10 August, this is now an issue for us. Postmaster@ is currently sent to admin-auto (have just changed it from admin@o.o).
Updated by pjessen about 4 years ago
- Status changed from New to Feedback
- Assignee set to pjessen
Hi Mathias
now that we have switched over to our own mailservers, we have much better access to produce some stats:
Since 10 August, we have (for your address) :
greylisted 229 mails from 102 unique sources (with some overlap).
rejected 171 mails identified as spam.
forwarded 449 mails to your own address.
If you are still seeing a lot of spam being forwarded, perhaps send some of it to me (per@o.o), as attachment.
Updated by lemmy04 about 4 years ago
- File signature.asc signature.asc added
Will do!
directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.
Updated by pjessen about 4 years ago
lemmy04 wrote:
Will do!
directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.
Hmm, I have to figure out where that is. I didn't know spamcop does any checking of e.g. postmaster@, I thought it was people like http://rfcignorant.org ?
Updated by lemmy04 about 4 years ago
- File signature.asc signature.asc added
Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:
[openSUSE Tracker]
Issue #55838 has been updated by pjessen.lemmy04 wrote:
Will do!
directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?
they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to it -
which IMO means pretty much the same as being flagged by rfcignorant.org...
Updated by pjessen about 4 years ago
lemmy04 wrote:
Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:
[openSUSE Tracker]
Issue #55838 has been updated by pjessen.lemmy04 wrote:
Will do!
directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually working
again.Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to it -
which IMO means pretty much the same as being flagged by rfcignorant.org...
Hmm, I suppose I don't know what it is we need from Spamcop. If they want to talk to openSUSE, we are here :-)
Updated by lemmy04 about 4 years ago
- File signature.asc signature.asc added
Am Mittwoch, 19. August 2020, 15:59:24 CEST schrieb admin@opensuse.org:
[openSUSE Tracker]
Issue #55838 has been updated by pjessen.lemmy04 wrote:
Am Mittwoch, 19. August 2020, 15:03:27 CEST schrieb admin@opensuse.org:
[openSUSE Tracker]
Issue #55838 has been updated by pjessen.lemmy04 wrote:
Will do!
directly related: maybe something can be done to convince spamcop.net
that the postmaster address for opensuse and/or suse is actually
working
again.Hmm, I have to figure out where that is. I didn't know spamcop does any
checking of e.g. postmaster@, I thought it was people like
http://rfcignorant.org ?they don't "check" as such, but once they have gotten enough bounced mails
they put that address on a "doesn't really work" list and stop sending to
it - which IMO means pretty much the same as being flagged by
rfcignorant.org...
Hmm, I suppose I don't know what it is we need from Spamcop. If they want
to talk to openSUSE, we are here :-)
tickets #55838: lots of spam on my opensuse.org address
https://progress.opensuse.org/issues/55838#change-319696
- Author: lemmy04
- Status: Feedback
- Priority: Normal
- Assignee: pjessen
- Category: Email
* Target version:¶
Hi,
the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de
which handle mail to opensuse.org addresses has become truly annoying...
about 80% of the spam that I get here is hitting my opensuse.org address.
And since the junk has already passed through a (poorly configured?)
spamassassin, my local spamassassin thinks all is legit o.0Can someone do something about this?
Cheers
Mathias
This here's the problem: (from a spamcop analysis of some spam mail):
Tracking message source: 195.135.221.158:
Routing details for 195.135.221.158
[refresh/show] Cached whois for 195.135.221.158 : hostmaster@suse.de
Using abuse net on hostmaster@suse.de
abuse net suse.de = hostmaster@suse.de
Using best contacts hostmaster@suse.de
hostmaster@suse.de bounces (55 sent : 28 bounces)
Using hostmaster#suse.de@devnull.spamcop.net for statistical tracking.
Message is 5 hours old
195.135.221.158 not listed in cbl.abuseat.org
195.135.221.158 not listed in dnsbl.sorbs.net
195.135.221.158 not listed in accredit.habeas.com
195.135.221.158 not listed in plus.bondedsender.org
195.135.221.158 not listed in iadb.isipp.com
hostmaster@suse.de bounces at least 50% of mails. That should be fixed, and
then spamcop needs to be notified.
Cheers
MH
--
Mathias Homann
Mathias.Homann@openSUSE.org
Jabber (XMPP): lemmy@tuxonline.tech
IRC: [Lemmy] on freenode and ircnet (bouncer active)
telegram: https://telegram.me/lemmy98
keybase: https://keybase.io/lemmy
gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
Updated by lrupp over 2 years ago
- Status changed from Feedback to Closed
- % Done changed from 0 to 100
Hi there - and a Happy and Healthy 2022!
I'm currently closing old tickets which did not see much change.
If the main concern still exists and should be handled, please re-open by just replying to this Email.
Thanks in advance,
Lars
Updated by lemmy04 over 2 years ago
- Status changed from Closed to New
Yes, the problem still exists.
I'm still getting most of the spam mail that makes it into my inbox via my
opensuse.org address.
Updated by pjessen over 2 years ago
- Assignee deleted (
pjessen) - % Done changed from 100 to 0
In the meantime, we have switched to our own mailservers (for about 18 months iirc), and I doubt if "hostmaster@suse.de" bouncing mails should really affect how we filter things.
Mathias, you did send me one spam sample, (which went through our own servers), thanks - but as I said then, "I honestly don't know if anyone wants to or has the time to spend on fine-tuning the SpamAssassin setup.". For the sample you sent, it is a typical example of those spams that filters have a hard time dealing with, there is not enough information to classify as spam.
Updated by lemmy04 over 2 years ago
- File signature.asc signature.asc added
One thing that should be done is to make sure that all officially registered
adresses, and all adresses required by rfc, actually work -
"hostmaster@domain.tld" bouncing is not a good thing.
Updated by pjessen over 2 years ago
- Assignee set to SUSE-Admins
lemmy04 wrote:
One thing that should be done is to make sure that all officially registered
adresses, and all adresses required by rfc, actually work -
"hostmaster@domain.tld" bouncing is not a good thing.
Yeah, I guess that ought to be fixed. Assigning to SUSE-IT.
Updated by bmwiedemann over 2 years ago
For the record: mx1.suse.de is no more used for opensuse.org mail, even if it is currently hosted closeby.
host -t mx opensuse.org
opensuse.org mail is handled by 42 mx1.opensuse.org.
opensuse.org mail is handled by 42 mx2.opensuse.org.
host mx1.opensuse.org.
mx1.opensuse.org has address 195.135.221.175
mx1.opensuse.org has IPv6 address 2001:67c:2178:8::175
host mx1.suse.de.
mx1.suse.de has address 195.135.220.2
So is there anything needed from SUSE-IT to fix spam filtering and hostmaster@ addrs?
Updated by lemmy04 over 2 years ago
- File signature.asc signature.asc added
yes, making sure that all email adresses that are listed as mandatory for a
domain are set up and work for opensuse.org, suse.de and suse.com. They can be
forwarded to whatever but they HAVE to be read by someone "in charge". For
reference, see RFC 2142 which contains a complete list of all mailboxes that
should exist and be actively monitored by a real person.
https://www.heise.de/netze/rfc/rfcs/rfc2142.shtml
also, make sure that the admin-c, tech-c and zone-c entries on the whos
records for suse.com, suse.de and opensuse.org point to existing mailboxes
that are being monitored by someone "in charge".
Am Dienstag, 11. Januar 2022, 14:22:19 CET schrieb redmine@opensuse.org:
[openSUSE Tracker]
Issue #55838 has been updated by bmwiedemann.For the record: mx1.suse.de is no more used for opensuse.org mail, even if
it is currently hosted closeby.host -t mx opensuse.org
opensuse.org mail is handled by 42 mx1.opensuse.org.
opensuse.org mail is handled by 42 mx2.opensuse.org.host mx1.opensuse.org.
mx1.opensuse.org has address 195.135.221.175
mx1.opensuse.org has IPv6 address 2001:67c:2178:8::175host mx1.suse.de.
mx1.suse.de has address 195.135.220.2
So is there anything needed from SUSE-IT to fix spam filtering and
hostmaster@ addrs?
tickets #55838: lots of spam on my opensuse.org address
https://progress.opensuse.org/issues/55838#change-479307
- Author: lemmy04
- Status: New
- Priority: Normal
- Assignee: SUSE-IT
- Category: Email
* Target version:¶
Hi,
the spam filter (or rather, lack thereof) on mx1.suse.de and mx2.suse.de
which handle mail to opensuse.org addresses has become truly annoying...
about 80% of the spam that I get here is hitting my opensuse.org address.
And since the junk has already passed through a (poorly configured?)
spamassassin, my local spamassassin thinks all is legit o.0Can someone do something about this?
Cheers
MathiasMathias Homann
Mathias.Homann@openSUSE.org[1]
telegram: https://telegram.me/lemmy98[2]
irc: [lemmy] on freenode and ircnet
obs: lemmy04
*gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102*
[1] mailto:Mathias.Homann@eregion.de
[2] https://telegram.me/lemmy98---Files--------------------------------
signature.asc (659 Bytes)
signature.asc (659 Bytes)
signature.asc (659 Bytes)
signature.asc (659 Bytes)
signature.asc (659 Bytes)
--
Mathias Homann
Mathias.Homann@openSUSE.org
OBS: lemmy04
Jabber (XMPP): lemmy@tuxonline.tech
Matrix: @mathias:eregion.de
IRC: [Lemmy] on liberachat and ircnet (bouncer active)
keybase: https://keybase.io/lemmy
gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
Updated by lrupp over 2 years ago
- Status changed from New to Feedback
- Assignee changed from SUSE-Admins to pjessen
Matthias,
thank you very much for keeping an eye on this and pushing things forward!
@Per: I tried to send test Emails from my account to the following usual suspects:
For all of them I got the following reply:
Subject: Your message to admin-auto@lists.opensuse.org awaits moderator approval
This is IMHO not what a user would expect.
I know that I'm asking for the can of worms here, but we should IMHO think about an open (but maybe hidden?) mailing list or a local account on one of our systems that can be used to receive Emails for the above accounts at least.
I guess, we had a similar discussion (about a local account) already in the past, when we discussed if/how many users might want to subscribe to the admin-auto ML. Maybe it's time to do it this time for real?
What do you think?
Updated by pjessen over 2 years ago
- Subject changed from lots of spam on my opensuse.org address to postmaster@, abuse@, hostmaster@ etc
- Status changed from Feedback to In Progress
lrupp wrote:
Matthias,
thank you very much for keeping an eye on this and pushing things forward!
@Per: I tried to send test Emails from my account to the following usual suspects:
For all of them I got the following reply:
Subject: Your message to admin-auto@lists.opensuse.org awaits moderator approval
This is IMHO not what a user would expect.
Yeah, that is true - usually we expect admin-auto@lists.opensuse.org to be used only for communication from machines, with reports and such, but those addresses are also forwarded to admin-auto. admin-auto accepts mails from any user at infra.opensuse.org.
I know that I'm asking for the can of worms here, but we should IMHO think about an open (but maybe hidden?) mailing list or a local account on one of our systems that can be used to receive Emails for the above accounts at least.
The admin-auto list is not a bad place, the problem is the amount of traffic we have, pure and simple. We can open admin-auto to postings from anyone or we can set up yet another list, but neither addresses the real issue - that someone has to monitor those addresses, every day or week.
Maybe we should just forward those addresses to admin@o.o ? That way we get a ticket that someone will see. It will likely mean a little bit more time working the ticket queue, of course.
It could also be done with a local account or whatever (a shared imap account for instance), but in the end it is a chore, just like my son emptying the dishwasher or making his bed. (and he needs constant reminding .... )
Updated by crameleon 7 months ago
Maybe we should just forward those addresses to admin@o.o ?
This sounds like the easiest approach, and ensures mails don't get lost in some local Unix mailbox nobody ever opens. It adds another entry point for spam, hence it would be nice if we could tell from the created ticket which address it was originally sent to.