Thank you Dave, for your help with this. There's been some discussion by the Board, actually, that both hardware and much of the software on Tux need upgrading. IMHO, this issue unfortunately shows that there is far too much complexity in our current setup. The difficulty we've had in determining who administers what, and emergency preparedness, for me has served as a disturbing wake-up call. I would be all for offloading some functionality to reliable outside sources as you suggest, and documenting as we go so we have a clear action plan in case things really go awry. I say the less items we have to stay on top of, the better. If we can offload the mailing list functionality altogether, or use a single piece of software to accomplish this along with other services/needs, all the better. Still reading... Lisa Sent from my BlackBerry device on the Rogers Wireless Network -----Original Message----- From: "Dave O'Neill" <dmo+oclug [ at ] dmo [ dot ] ca> Date: Sat, 31 Jul 2010 07:55:48 To: Lisa L<exexpat2 [ at ] gmail [ dot ] com> Cc: Prof. John C Nash<nashjc [ at ] uottawa [ dot ] ca>; Brenda J. Butler<bjb [ at ] credil [ dot ] org>; linux<linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca>; Mike<kenziem [ at ] sympatico [ dot ] ca>; Eric Brackenbury<eric [ dot ] brackenbury [ at ] gmail [ dot ] com>; R RENAUD<rjrenaud [ at ] rogers [ dot ] com>; John Sebastien Taylor<johnsebastientaylor [ at ] gmail [ dot ] com> Subject: Re: [OCLUG-Tech] Fwd: Fwd: Undelivered Mail Returned to Sender On Fri, Jul 30, 2010 at 05:54:34PM -0400, Lisa L wrote: > I'll paste below the contents of the files John sent. To me, it > appears to be a Viagra ad coming from a host in Spain, with a link to > a website in Russia. What we're trying to determine is whether (1) > Tux has been compromised by crackers and is being exploited as a spam > relay, (2) we are receiving this message in error because Tux' mail > server has been configured to relay Board messages, and the error was > intended for the spammer, or (3) something went awry with Google's > Gmail servers. Note, 204.225.221.10 is Tux' IP. Based on the headers in that message, it looks like it's partly (2) -- the spammer is sending to board-members [ at ] oclug [ dot ] on [ dot ] ca, and Tux is just expanding the alias and relaying the mail onwards. However, you're not receiving the rejection messages in error, exactly, because as far as Google cares, you're contributing to the spam problem by not blocking the original instead of passing it on. Servers that relay mail are responsible for the mail they emit, even if they didn't originate it. I'd suggest that someone needs to upgrade the spam filtering on Tux... if the header added is correct, you're running SpamAssassin 3.1.7, which is pretty much an antique as far as spam filtering goes -- it's almost 4 years old. Version 3.3.1 has been out since March 2010. I'm guessing that Tux is running something outdated (etch, or perhaps sarge), as stock Debian Lenny has 3.2.5, with 3.3.1 being available from backports. It might be possible for me to set up free hosted antispam for OCLUG through my employer, if you're interested. It would remove the need to have someone maintain cutting-edge-current inbound spam filtering on Tux. I can find out on Tuesday if this is possible (unless David is still reading linux@... and would like to respond). Cheers, Dave