Deal with spam on bad-relays@ mailing list
We lately got a lot of spam to bad-relays@. That's a private mailing list where folks should be able to send reports to, though. Is there a mailman option or something to get rid of that spam while still allowing to get legit submissions as usual? Or do we have to admit defeat here and move on with the status quo? An example spam mail looks like this:
From - Tue May 2 06:57:07 2023
X-Account-Key: account19
X-UIDL: 98521d39b4fe4f6493c53a0097f19f0b
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bad-relays-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on vireo.riseup.net
X-Spam-Level:
X-Spam-Pyzor: Reported 0 times.
X-Spam-Status: No, score=-2.3 required=9.0 shortcircuit=no autolearn=disabled
version=3.4.6
X-Spam-Report:
* 0.3 NOMATCH_NICK_FROM From address with no part of name
* 0.1 FROM_ADMIN Common in mailphishing
* 0.0 PSTOCK_PART multipart/mixed possibly PNG attachment
* 0.0 FORWARD_RELAY Appears to be relayed through list or forwarding
* 0.0 ENV_FROM_DIFF0 Envelope From differs from from (eg list)
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 USER_IN_WELCOMELIST_TO User is listed in 'welcomelist_to'
* 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
* mail domains are different
* 0.0 ODD_PUNCTUATION2 BODY: general bad punctuation as in 419s
* 0.2 EXCITED_PLING BODY: Two adjacent sentences end with exclamation
* marks
* 0.1 PHISH_CGI URI: Common cracked phishing destination
* 0.5 HREF_PHISH6 URI: HTTP link to static consumer address
* 1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of
* words
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
* 0.1 HTML_LINK_NR_TOP RAW: Short HTML message with link near top
* 0.1 LINK_NR_TOP RAW: Short message with link near top
* 0.0 HREF_PHISH7 RAW: Very short text accidentally linked
* 0.1 SRC_HTTP RAW: Contains external (tracking) images?
* 0.0 CK_419SIZE typical 419 size - avoid matches in long text
* 0.1 CK_KARD_SIZE short, card virus size - avoid matches in long
* text
* -0.0 T_SCC_BODY_TEXT_LINE No description available.
* 0.8 KAM_INFOUSMEBIZ Prevalent use of
* .info|.us|.me|.me.uk|.biz|xyz|id|rocks|life domains in
* spam/malware
* -0.1 AM_TRUNCATED Compensate on large message for misfiring rules
* 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
* Alignment
* 0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
* -6.0 USER_IN_WHITELIST_TO DEPRECATED: See USER_IN_WELCOMELIST_TO
* -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
* manager
* -0.2 TXREP TXREP: Score normalizing based on sender's reputation
Delivered-To: gk-tpo@riseup.net
Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mx1.riseup.net", Issuer "R3" (not verified))
by vireo.riseup.net (Postfix) with ESMTPS id 4Q99z800Q5z47
for <gk-tpo@riseup.net>; Mon, 1 May 2023 18:02:27 +0000 (UTC)
Received: from eugeni.torproject.org (eugeni.torproject.org [49.12.57.136])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by mx1.riseup.net (Postfix) with ESMTPS id 4Q99z749XtzDqCn;
Mon, 1 May 2023 18:02:27 +0000 (UTC)
Received: from eugeni.torproject.org (localhost [IPv6:::1])
by eugeni.torproject.org (Postfix) with ESMTP id 1BC0EE0524;
Mon, 1 May 2023 18:02:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by eugeni.torproject.org (Postfix) with ESMTP id 498C5E0522
for <bad-relays@lists.torproject.org>; Mon, 1 May 2023 18:02:21 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at
Received: from eugeni.torproject.org ([127.0.0.1])
by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 8Njwl-0BuAvp for <bad-relays@lists.torproject.org>;
Mon, 1 May 2023 18:02:21 +0000 (UTC)
Received: from acrey.alcretemic.com (acrey.alcretemic.com [208.77.145.122])
by eugeni.torproject.org (Postfix) with ESMTP id 15AD0E051F
for <bad-relays@lists.torproject.org>; Mon, 1 May 2023 18:02:20 +0000 (UTC)
From: "Lidl" <Admin@acrey.alcretemic.com>
To: bad-relays@lists.torproject.org
MIME-Version: 1.0
Message-Id: <LYRIS-i.c-__Date@acrey.alcretemic.com>
Date: Mon, 01 May 2023 14:02:13 -0400
Subject: [bad-relays] =?utf-8?q?HERZLICHEN_GL=C3=9CCKWUNSCH!_Sie_sind_der?=
=?utf-8?q?_gl=C3=BCckliche_Online-Gewinner_eines_brandneuen_Gewinnspiels_?=
=?utf-8?q?Monsieur_Cuisine_Connect!?=
X-BeenThere: bad-relays@lists.torproject.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about malicious and misconfigured Tor relays
<bad-relays.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/bad-relays>,
<mailto:bad-relays-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <https://lists.torproject.org/cgi-bin/mailman/private/bad-relays/>
List-Post: <mailto:bad-relays@lists.torproject.org>
List-Help: <mailto:bad-relays-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/bad-relays>,
<mailto:bad-relays-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1827440705681709861=="
Errors-To: bad-relays-bounces@lists.torproject.org
Sender: "bad-relays" <bad-relays-bounces@lists.torproject.org>
--===============1827440705681709861==
Content-Type: multipart/alternative; boundary="----=NextPart-dec270cb1eea73e35b74ae24a6eced6c"
------=NextPart-dec270cb1eea73e35b74ae24a6eced6c
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
text message
------=NextPart-dec270cb1eea73e35b74ae24a6eced6c
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
PGh0bWw+DQo8Ym9keT4NCgk8Y2VudGVyPg0KCQk8YSBzdHlsZT0iZGlzcGxheTpub25lOyIgaHJl
Zj0iaHR0cDovLzIzLTIyNy0xNzQtNjYuc3RhdGljLmh2dmMudXMvNE8wMTA1OW5pYTBpcDU4di1u
ZGZrMnIxcXpoMjR6Mzg0cjRicTAwMDAxIiA+LjwvYT4NCgkJPGEgaHJlZj0iaHR0cDovLzIzLTIy
Ny0xNzQtNjYuc3RhdGljLmh2dmMudXMvMU8wMTA1OW5pYTBpcDU4di1uZGZrMnIxcXpoMjR6Mzg0
cjRicTAwMDAxIiA+DQoJCQk8aDI+QmVlaWxlbiBTaWUgc2ljaCEgRGllIEJlbG9obnVuZ2VuIHNp
bmQgc2Nob24gZGEhPC9oMj4NCgkJPC9hPg0KCQk8YnIgLz4NCgkJPGEgaHJlZj0iaHR0cDovLzIz
LTIyNy0xNzQtNjYuc3RhdGljLmh2dmMudXMvMU8wMTA1OW5pYTBpcDU4di1uZGZrMnIxcXpoMjR6
Mzg0cjRicTAwMDAxIiA+DQoJCQk8aW1nIHNyYz0iaHR0cDovLzIzLTIyNy0xNzQtNjYuc3RhdGlj
Lmh2dmMudXMvMjAvNDYxNy8yMTIzMC9DYlVRYXJlS2Zwdy5qcGciPg0KCQk8L2E+DQoJCTxiciAv
Pg0KCQk8YSBocmVmPSJodHRwOi8vMjMtMjI3LTE3NC02Ni5zdGF0aWMuaHZ2Yy51cy8xTzAxMDU5
bmliMGlwNTh2LW5kZmsycjFxemgyNHozODRyNGJxMDAwMDEiID4NCgkJCTxpbWcgc3JjPSJodHRw
Oi8vMjMtMjI3LTE3NC02Ni5zdGF0aWMuaHZ2Yy51cy8yMC80NjE3LzIxMjMwL1VyTFlTT1dLci5q
cGciPg0KCQk8L2E+DQoJCTxiciAvPg0KCQk8YSBocmVmPSJodHRwOi8vMjMtMjI3LTE3NC02Ni5z
dGF0aWMuaHZ2Yy51cy8xTzAxMDU5bmljMGlwNTh2LW5kZmsycjFxemgyNHozODRyNGJxMDAwMDEi
ID4NCgkJCTxpbWcgc3JjPSJodHRwOi8vMjMtMjI3LTE3NC02Ni5zdGF0aWMuaHZ2Yy51cy84TzAx
MDU5bmlhMGlwNTh2LW5kZmsycjFxemgyNHozODRyNGJxMDAwMDEiPg0KCQk8L2E+DQoJCTxiciAv
Pg0KCTwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg==
------=NextPart-dec270cb1eea73e35b74ae24a6eced6c--
--===============1827440705681709861==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
bad-relays mailing list
bad-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/bad-relays
--===============1827440705681709861==--
/cc @gman999