[IMC-Tech] File 13 for Email, I Give Up

[Stuart Levy]

On Mon, Oct 16, 2006 at 09:06:47AM -0500, Mike Lehman wrote:
> Hi Dan,
> I am going to have to give up on trying to manually extract email 
> domains to be banned.  The problem has just gotten too big and it takes 
> too much time to do this by cutting and pasting. The last list of names 
> of below my sig.
> 
> I think it is clear that Mailman is totally inadequate, like Dada was, 
> for dealing with spam given the current state of internet abuse. Banning 
> individual email accounts, which is the only option admins have, is 
> pointless. Unless Mailman can be configured to ban email domains with 
> one click, I think we really need to explore other solutions. Even that 
> solution seems to only be a stopgap, without some sort of strong 
> whitelist or other features to automatically start weeding out spam posts.
> Mike Lehman

Curious -- are there simple patterns in the spam that gets through?

Almost all of the stuff that slips through the filters to the
peace@ and peace-discuss at lists.chambana.net lists
is stock-pumping spam which has, so far, a pretty reliable structure:
a randomly generated From address, 1- to 3-word random english title,
a bunch of innocuous English text and then an attached ".gif" image
containing the stock ad.  We're getting maybe 50 of those per list per day --
there's other stuff, much detectable with simple patterns like PH[a-z]*RMA,
but little enough gets through to be noise.

Would it be appropriate simply to ban image attachments (gif/jpeg/png),
is there any way to do that?   Detecting them looks straightforward with procmail,
but I don't know how mail gets fed into mailman.