Controlling backscatter spam in Mailman

Tags: backscatter mailman spam virtualmin webmin

By default, Mailman -- which is installed by default in Virtualmin as your mailing list manager, exhibits some nasty behavior, being open to sending "backscatter" spam. This means that the Bad Guys send fraudulent messages "from" the email address they actually want to send spam to; Mailman rejects those messages, basically sending a bounce message to the victim.

The mechanism the spammers use is left over from the days before web interfaces. Nowadays, your subscribers interact with Mailman almost exclusively via its HTTP interface. Other than actual postings from subscribed members, and messages to the list owner, there is little or no reason to keep the vestigial email aliases.

To disable the vulnerable aliases:

With Virtualmin, go into the Webmin interface, under Servers; Postfix Mail Server; and click on the Aliases icon. You should see, for example, defined among the email addresses:

yourlist-example.com    Program /usr/lib/mailman/mail/mailman post yourlist
<strong>yourlist-admin-example.com      Program /usr/lib/mailman/mail/mailman admin yourlist</strong>
yourlist-bounces-example.com    Program /usr/lib/mailman/mail/mailman bounces yourlist
<strong>yourlist-confirm-example.com    Program /usr/lib/mailman/mail/mailman confirm yourlist
yourlist-join-example.com       Program /usr/lib/mailman/mail/mailman join yourlist
yourlist-leave-example.com      Program /usr/lib/mailman/mail/mailman leave yourlist
</strong>yourlist-owner-example.com     Program /usr/lib/mailman/mail/mailman owner yourlist
<strong>yourlist-request-example.com    Program /usr/lib/mailman/mail/mailman request yourlist
yourlist-subscribe-example.com  Program /usr/lib/mailman/mail/mailman subscribe yourlist
yourlist-unsubscribe-example.com        Program /usr/lib/mailman/mail/mailman unsubscribe yourlist</strong>

for "yourlist@example.com" ... I recommend you disable these aliases shown in bold above:

-admin-, -confirm-, -join-, -leave-, -request-, -subscribe-, -unsubscribe-.

You also need to edit /etc/postfix/virtual -- or in Webmin, open "Servers" and click on "Postfix Mail Server" then click on the "Virtual Domains" icon:

and delete the virtual mappings for all the addresses you just removed.

You will want to do this for each mailing list on your system.