Hello, Am Samstag, 8. Mai 2021, 06:59:47 CEST schrieb Bernhard M. Wiedemann:
On 07/05/2021 21.49, Per Jessen wrote:
One idea I have been playing with is to do a simple email verification -
anyone writing to admin@.o.o -
new? reply with request for a verification. (an email reply).
If you don't reply to verify a new account, dismissed.
Even better idea: run rcpostfix stop and never receive any spam again ;-) Jokes aside - as much as I hate spam, forcing our users to jump through hoops (like having to answer a confirmation mail) isn't a real option. You might do that if you give away something for free ("get-free- beer@opensuse.org" ;-) but since we are (or at least should be) glad if someone reports an infrastructure issue, we shouldn't make reporting them harder as needed.
Another idea: check how the From: header relates to the Return-Path mail.
E.g. for this ML discussion those are very different, but for direct mails, "From:" usually contains the Return-Path.
Even if we still end up taking them, we could tag tickets in a filterable way.
Comparing the From: with the Return-Path could indeed be an idea - add a few spam points on mismatch (in theory, mails _to_ admin@ shouldn't have that mismatch). However, before do that, I have two questions we should check first: - does the spam really come with From: and Return-Path differing? (Not visible in the tickets, needs to be checked in the original mails.) - does spamassasin/amavis run early enough, or do we do the SRS rewriting first? Regards, Christian Boltz -- Google nimmt keine Seelen, nur Daten. Die sind besser monetarisierbar. Seelen sind so unhandlich: der einzige relevante Abnehmer gilt als "schwieriger" Geschäftspartner. Er hat zwar einen Konkurrenten, aber dieser ist extrem wählerisch und notorisch schlecht zu erreichen. [Martin Seeger zu https://plus.google.com/+KristianKöhntopp/posts/ 2rvcxyr3RVR]