Page MenuHomePhabricator
Create Task
Maniphest T67629

Harden mail server against incoming spam
Closed, ResolvedPublic
Actions

Description

Currently, the mail queue has a handful of outgoing bounces that relate to mails to user@tools.wmflabs.org (an existing mail address) that were tried to be forwarded to that user's address, but didn't succeed.

The problem with that is that the recipients of those bounces (i. e. the senders of the incoming mails) are from non-existing domains and/or users.

The mails are in Chinese and contain spreadsheet attachments. User "user" seems to be Chinese, but my gut tells me that this is spam.

So before we become the target of more of that, we should harden the mail server so that it only accepts mail from domains that actually resolve (and/or other similar anti-spam best practices for exim).

Version: unspecified
Severity: enhancement

Details

Reference
bz65629

Related Objects

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:14 AM
bzimport added a project: Toolforge.
bzimport set Reference to bz65629.
scfc created this task.May 22 2014, 1:40 PM
liangent added a comment.May 28 2014, 4:59 PM

(In reply to Tim Landscheidt from comment #0)

The mails are in Chinese and contain spreadsheet attachments. User "user"
seems to be Chinese, but my gut tells me that this is spam.

Confirming.

coren moved this task from Backlog to Ready to be worked on on the Toolforge board.Nov 25 2014, 4:12 PM
Giftpflanze subscribed.Jan 1 2015, 3:24 PM
coren removed coren as the assignee of this task.Mar 25 2015, 2:43 PM
coren triaged this task as Low priority.
coren set Security to None.

Running Spamassasin (or an equivalent) on the MX is a possibility, but the risk of false positives remains. This requires further evaluation of possible solutions.

scfc added a comment.Mar 26 2015, 3:57 AM

I think requiring valid DNS entries should be quite enough for a while.

Liuxinyu970226 unsubscribed.Mar 26 2015, 9:41 AM
Aklapper added a project: Cloud-Services.Oct 24 2015, 8:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 24 2015, 8:02 PM
valhallasw added a project: Mail.Dec 22 2015, 9:33 PM
bd808 closed this task as Resolved.Dec 27 2018, 5:30 AM
bd808 assigned this task to GTirloni.
bd808 subscribed.

DNSBL checks added as part of T208579: tools-mail: Migrate to Stretch

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits