Page MenuHomePhabricator

Spam to -owner mailing lists from *@qq.com emails
Closed, DeclinedPublic

Description

As mentioned in T170601#4023723 I get lots of spam targeting cep-owner@. Those messages match the two conditions for ref3 at https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/profile/templates/exim/system_filter.conf.mailman.erb;555070812a85ab8e51bd88bc35ecebaa24e50bdf$31 so that does not seem to work (anymore)?

ref2 nearly also matches. It would match if it was .*8。C(O|0)M.* instead.
Edit: Nope, many but not _all_ emails include that. Same for .*5⒏0提.*.

Event Timeline

Aklapper updated the task description. (Show Details)Mar 18 2018, 12:03 AM

Yes, qq.com is an ongoing nuisance across multiple mailing lists.

Elitre added a subscriber: Elitre.Mar 19 2018, 12:50 PM
Restricted Application added a project: Operations. · View Herald TranscriptJun 20 2018, 2:45 PM

In the past qq.com spam to -owner addresses was coming mostly from blocklisted mail systems, so https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/378930/ was implemented to reject them. Maybe something has changed in the way these are being sent.

Are there a few examples of this spam (with full headers) available?

herron claimed this task.Jun 20 2018, 5:18 PM

At least for cep-owner@ this stopped a while ago and I don't have any such messages anymore, sorry.
If noone experiences this problem anymore this task might declined.

herron closed this task as Declined.Jun 27 2018, 3:11 PM

At least for cep-owner@ this stopped a while ago and I don't have any such messages anymore, sorry.
If noone experiences this problem anymore this task might declined.

Ok, since this task has been quiet for a week I'll transition to declined. We can of course re-open if a recent example becomes available.