Page MenuHomePhabricator

Spam coming to wikimedia-l-owner should not be forwarded
Closed, DeclinedPublic

Description

Spam correctly identified by spamassasin is forwarded to the -owner address..... while not a big problem it is irritating. Suggest deleting if the spam score is above 5 (the normal default for a spam=Yes finding. Will attach a file with all headers....

Event Timeline

Ariconte created this task.Oct 20 2015, 4:26 AM
Ariconte assigned this task to JohnLewis.
Ariconte raised the priority of this task from to Needs Triage.
Ariconte updated the task description. (Show Details)
Ariconte added a subscriber: Ariconte.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 20 2015, 4:26 AM
Delivered-To: richard@ames.id.au
Received: by 10.36.40.198 with SMTP id h189csp1752193ith;
        Mon, 19 Oct 2015 20:31:39 -0700 (PDT)
X-Received: by 10.140.237.72 with SMTP id i69mr1106474qhc.56.1445311899143;
        Mon, 19 Oct 2015 20:31:39 -0700 (PDT)
Return-Path: <mailman-bounces@lists.wikimedia.org>
Received: from lists.wikimedia.org (lists.wikimedia.org. [208.80.154.75])
        by mx.google.com with ESMTPS id i78si992363qkh.10.2015.10.19.20.31.38
        for <richard@ames.id.au>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 19 Oct 2015 20:31:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of mailman-bounces@lists.wikimedia.org designates 208.80.154.75 as permitted sender) client-ip=208.80.154.75;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of mailman-bounces@lists.wikimedia.org designates 208.80.154.75 as permitted sender) smtp.mailfrom=mailman-bounces@lists.wikimedia.org;
       dkim=pass header.i=@lists.wikimedia.org;
       dmarc=fail (p=NONE dis=NONE) header.from=outlook.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.wikimedia.org; s=wikimedia;
	h=Sender:Content-Type:MIME-Version:Message-ID:Subject:Reply-To:From:To:Date; bh=lxOw3Pgtfgo/WDZfa9qasaU2WLD5AaMP2Kmbmn8HYoY=;
	b=My1D3puY7vwW3aKtdFVMR9BjSCsUv/zFjPuidHuqrMaGa3XoKHg0BVLeGufNAkWK5JzGixXTuSrR4Cf31kaj0Ac5yiQCCf0sLhLY/oRTkghYpNj2EFEMqZHk5lb8eXZYlVSychw7MyoSY0YE+arQeeg/IZF55a1Ghk1oaikI5PU=;
Received: from localhost ([::1]:59457 helo=fermium.wikimedia.org)
	by fermium.wikimedia.org with esmtp (Exim 4.84)
	(envelope-from <mailman-bounces@lists.wikimedia.org>)
	id 1ZoNeE-0008Gx-7y
	for richard@ames.id.au; Tue, 20 Oct 2015 03:31:38 +0000
Received: from [206.253.167.120] (port=40342 helo=s02.out.transpricdomihos.biz)
 by fermium.wikimedia.org with esmtp (Exim 4.84)
 (envelope-from <on@out.transpricdomihos.biz>) id 1ZoNeA-0008Go-O5
 for wikimedia-l-owner@lists.wikimedia.org; Tue, 20 Oct 2015 03:31:35 +0000
Received: from out.transpricdomihos.biz (localhost.localdomain [127.0.0.1])
 by s02.out.transpricdomihos.biz (Postfix) with ESMTPA id 17738342714
 for <wikimedia-l-owner@lists.wikimedia.org>;
 Tue, 20 Oct 2015 07:31:04 +0400 (MSD)
Date: Tue, 20 Oct 2015 09:01:04 +0530
To: Wikimedia L Owner <wikimedia-l-owner@lists.wikimedia.org>
From: Safe Water <medcheckcare@outlook.com>
Reply-To: Safe Water <medcheckcare@outlook.com>
Subject: Kind attn Wikimedia L Owner
Message-ID: <1989daf66ab92a584715db66dc195eb5@out.transpricdomihos.biz>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4
 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Type: multipart/related; boundary="b1_1989daf66ab92a584715db66dc195eb5"
Errors-To: mailman-bounces@lists.wikimedia.org
Sender: "Wikimedia-l" <mailman-bounces@lists.wikimedia.org>
X-Spam-Score: 6.3 (++++++)
X-Spam-Report: Spam detection software, running on the system "fermium.wikimedia.org",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Dear Wikimedia L Owner, Water Testing packages from Thyrocare
    How Safe Is Your Water ?? Test Water For Bacteria, Arsenic,Iron, Lead, Pesticides
    and more.Be Safe.... Test Water for Physical, Chemical, Toxic, Microbiology,
    Pesticides Volatile at affordable cost [...] 
 
 Content analysis details:   (6.3 points, 4.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                             (medcheckcare[at]outlook.com)
  1.3 HTML_IMAGE_ONLY_24     BODY: HTML: images with 2000-2400 bytes of words
  0.0 HTML_MESSAGE           BODY: HTML included in message
  1.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.0 T_OBFU_JPG_ATTACH      BODY: JPG attachment with generic MIME type
  0.6 HTML_IMAGE_RATIO_04    BODY: HTML has a low ratio of text to image area
  0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
                              freemail headers are different
  1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.0 FILL_THIS_FORM         Fill in a form with personal information
  2.0 FILL_THIS_FORM_LONG    Fill in a form with personal information

--b1_1989daf66ab92a584715db66dc195eb5
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

<html>
 
<head>
 
</head>
 
<body>
 
<table style="LINE-HEIGHT: 20px; FONT-FAMILY: Verdana, Geneva, sans-serif; FONT-SIZE: 13px" border="0" cellSpacing="0" cellPadding="0" width="650" align="center">
  <tbody>
 <tr>
      <td><br>Dear Wikimedia L Owner,<br></td>
    </tr>
    <tr>
      <td><br>Water Testing packages from Thyrocare<br></td>
    </tr>
<tr>
      <td>How Safe Is Your Water ?? Test Water For Bacteria, Arsenic,Iron, Lead, Pesticides and more.Be Safe....<br><br></td>
    </tr> 
    <tr>
      <td>Test Water for Physical, Chemical, Toxic, Microbiology, Pesticides Volatile at affordable cost<br><br></td>
    </tr> 
    <tr>
      <td><img border="0" src="cid:my-attach" alt="Water Testing packages" width="500" height="646"></td>
    </tr> 
    <tr>
       <td style="FONT-SIZE: 13px;" align="left">
Select any one. <br>
V3 - 33 Test at INR 1710 - Physical, Chemical, Toxic, Microbiology Test<br>
V4 - 49 Test at INR 2280 - V3 + Pesticides<br>
V5 - 68 Test at INR 2850 - V4 + Volatile<br>
      </td>
    </tr>
    <tr>
      <td style="PADDING-BOTTOM: 6px; PADDING-LEFT: 6px; PADDING-RIGHT: 6px; PADDING-TOP: 6px" align="left">
      
      <p><span style="font-family: verdana,geneva;"><span style="font-size: 10pt;">1.Select the Package & fill the below form with Name, Address, Mobile no.and send to
      <a href="mailto:medcheckcare@outlook.com">medcheckcare@outlook.com</a> </span></span></p> <p><span style="font-family: verdana,geneva;"><span style="font-size: 10pt;">Package Name (Select one out of above 3):-<br /> Name :-<br /> Postal Address:-<br /> Pincode:-<br /> Mobile No:-</span></span></p><p><span style="font-family: verdana,geneva;"><span style="font-size: 10pt;"> 2.
      Thyrocare representative will call you and fix appointment.<br /> 3.  Water samples will be collected from your address.<br /> 4. You need to make the payment to Thyrocare when representative comes to pick up the samples.<br /> 5. Reports will be couriered at your address. We will also email the reports on your email address mentioned while booking. </span></span></p> 
      
      </td>
    </tr>
    <tr>
      <td style="PADDING-BOTTOM: 6px; PADDING-LEFT: 6px; PADDING-RIGHT: 6px; PADDING-TOP: 6px" align="left">Helpline
        092203 43367 (9am to 7pm)</td>
    </tr>
  </tbody>
</table>
 
</body>
 
</html>


--b1_1989daf66ab92a584715db66dc195eb5
Content-Type: application/octet-stream; name="med1.jpg"
Content-Transfer-Encoding: base64
Content-ID: <my-attach>
Content-Disposition: inline; filename="med1.jpg"

<cut>
JohnLewis closed this task as Declined.Oct 20 2015, 5:06 PM

Mailman has no concept of -owner emails being moderated, which is a major issue with 2.1.x. [basic]

SpamAssassian is not configured to actively reject emails and we have no intention of doing so as it's not the most reliable method of determining off-hand emails plus because people don't support educating it effectively enough (by discarding and accepting mailman moderated messages), it is not the best indicator at all.

The solution would be blacklisting and moderation at the MTA level (exim4) but in this past and still now, we have no intention of doing this as its another arbitrary list operations have to maintain which is great for list y but for list x and z, it does more damage than good.

Unfortunately the answer is, you'll have to handle this on your side :(