From 222414b585b1279efb7ce1cf77fe14ae3c4ce8eb Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 2 Oct 2023 21:33:11 +0000 Subject: [PATCH] Blackhole deliveries for Mailman v3 local user On Mailman v2 the "mailman" addresses were mapped to special mailing lists used for monthly password notifications and some other tasks. This does not exist on Mailman v3, but spammers still have the old mailman list addresses and send junk to them, which the server attempts to deliver because there's a local user account with the same name. Reject messages for the old "mailman" addresses at receipt, so they never enter our message queue. Change-Id: I9db93ae98f4b3952400c1e478612ab70a6241dd1 --- inventory/service/host_vars/lists01.opendev.org.yaml | 3 +++ playbooks/zuul/files/host_vars/lists99.opendev.org.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/inventory/service/host_vars/lists01.opendev.org.yaml b/inventory/service/host_vars/lists01.opendev.org.yaml index 12dcdc9de9..90932203d5 100644 --- a/inventory/service/host_vars/lists01.opendev.org.yaml +++ b/inventory/service/host_vars/lists01.opendev.org.yaml @@ -31,6 +31,9 @@ exim_aliases: product-wg-owner: spam user-committee-owner: spam spam: ':fail: delivery temporarily disabled due to ongoing spam flood' + # This is the local username for mailman processes, but it does not send nor + # need to receive messages. + mailman: ':blackhole: this address does not accept email' # TODO It would be better to bypass verification for postorius@listdomain # and set a :fail: rule for anyone trying to send email to this addr. # But that requires updating our main exim config so that needs more thought. diff --git a/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml b/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml index e51ce292d0..d3f0b6aa7f 100644 --- a/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml +++ b/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml @@ -40,6 +40,9 @@ exim_aliases: product-wg-owner: spam user-committee-owner: spam spam: ':fail: delivery temporarily disabled due to ongoing spam flood' + # This is the local username for mailman processes, but it does not send nor + # need to receive messages. + mailman: ':blackhole: this address does not accept email' # TODO It would be better to bypass verification for postorius@listdomain # and set a :fail: rule for anyone trying to send email to this addr. # But that requires updating our main exim config so that needs more thought.