Revert "Translate all posts to German with personal blog style"
Build & Deploy / deploy (push) Successful in 27s
Build & Deploy / deploy (push) Successful in 27s
This reverts commit cc7ba433d4.
This commit is contained in:
@@ -1,44 +1,47 @@
|
||||
+++
|
||||
date = '2025-10-10T09:26:56+02:00'
|
||||
draft = false
|
||||
title = 'Google Groups Spam – Wenn Google zum Spam-Schleuder wird'
|
||||
title = 'Google Groups Spam'
|
||||
|
||||
[cover]
|
||||
image = "/imgs/google-spam.jpg"
|
||||
alt = "Google in bunten Farben auf dunklem Hintergrund"
|
||||
alt = "Google in bright colors and dark background"
|
||||
caption = ""
|
||||
+++
|
||||
|
||||
# Dieses Google Groups Problem nervt
|
||||
# Understanding the Google Groups Spam Problem
|
||||
|
||||
Im letzten Jahr hab ich nen deutlichen Anstieg von Spam bemerkt, der über Google Groups reingekommen ist. Das Ding ist: Google Groups ist von Haus aus so designed, dass Spammer es leicht haben. Die ballern ihre Scheiße über legitime Google-Mail-Server – und das macht's verdammt schwer, das Zeug zu filtern.
|
||||
Over the past year, I've noticed a significant increase in spam messages originating from Google Groups. This issue stems from the way Google Groups is designed: It gives spammers an easy way to distribute large volumes of unwanted mail using legitimate Google mail servers, which makes filtering much harder.
|
||||
|
||||
## Warum passiert das?
|
||||
## Why it Happens
|
||||
|
||||
Google Groups hat ein paar grundlegende Design-Probleme, die es für Spammer besonders attraktiv machen:
|
||||
There are a few fundamental problems with how Google Groups works that make it particularly attractive to spammers:
|
||||
|
||||
- **Kein Opt-in nötig**: Spammer können einfach jede E-Mail-Adresse zu ner Google Group hinzufügen. Ohne Rückfrage. Ohne Bestätigung.
|
||||
- **Austreten? Fehlanzeige**: Viele Spam-Gruppen sind privat. Als Opfer kannst du nicht mal auf die Gruppenseite, um dich auszutragen. Du bist drin, ob du willst oder nicht.
|
||||
- **Auto-Responder machen's schlimmer**: Manche Gruppen haben automatisierte Mail-Systeme drin (Ticket-Systeme, Abwesenheitsnotizen). Wenn die auf die ursprüngliche Spam-Mail antworten, geht die Antwort wieder an alle Gruppenmitglieder. Spam-Superspreader quasi.
|
||||
- **No opt-in required**: Spammers can freely add any email address to a Google Group without the recipient's consent.
|
||||
|
||||
## Das Problem und mein Ansatz
|
||||
- **Unsubscribing is often impossible**: Many spam groups are set to private, meaning that victims cannot even access the group page to unsubscribe.
|
||||
|
||||
Beim Analysieren der Mails ist mir aufgefallen: Einige legitime Organisationen nutzen Google Groups auch für Newsletter oder Ankündigungen. Also einfach den kompletten Google-Groups-Traffic blockieren? Keine gute Idee – zu viele False Positives.
|
||||
- **Amplified spam through auto-responders**: Some of these groups include automated mail systems (like ticketing or vacation responders). When these systems reply to the initial spam message, the responses are redistributed to all group members multiplying the traffic in unwanted mails.
|
||||
|
||||
Also hab ich mir was überlegt: Eine Lösung, die direkt in **Rspamd**, unserem Spam-Filter, eingreift:
|
||||
## The Challenge and Approach
|
||||
|
||||
- **Custom Lua Plugin**: Erkennt Nachrichten aus Google Groups und vergibt ein eigenes Symbol.
|
||||
- **Composite Rules**: Kombiniert dieses Symbol mit anderen Spam-Indikatoren, um zu entscheiden, ob die Mail wirklich Spam ist.
|
||||
While analyzing these messages, I discovered that several legitimate organizations also use Google Groups to distribute newsletters or announcements. That means simply blocking all mail coming from Google Groups would cause false positives and disrupt valid communication.
|
||||
|
||||
So zielen wir gezielt auf die missbräuchlichen Muster ab, ohne legitime Google-Groups-Nutzung zu bestrafen.
|
||||
To handle this more effectively, I developed a solution that integrates directly with Rspamd, our spam filtering system:
|
||||
|
||||
## Ran an die Tasten
|
||||
- **Custom Lua plugin**: Detects messages originating from Google Groups and assigns a custom symbol.
|
||||
|
||||
Ich hab ein kleines Lua-Plugin für Rspamd gebaut, das Nachrichten aus Google Groups erkennt und mit einem Symbol taggt. Mit Composite Rules wird dann entschieden, ob die Mail als Spam durchgeht oder nicht.
|
||||
- **Composite rules**: Use this symbol, combined with other spam indicators, to decide whether a message should be classified as spam.
|
||||
|
||||
### Schritt 1: Das Lua-Plugin bauen
|
||||
This approach allows us to target the abusive patterns specifically, without penalizing legitimate use of Google Groups.
|
||||
|
||||
Ab nach `/etc/rspamd/plugins.d/kits_header_google_group.lua`:
|
||||
## Technical Configuration
|
||||
|
||||
To tackle the Google Groups spam issue, I built a small custom Lua plugin for Rspamd that detects messages originating from Google Groups and assigns a custom symbol to them. Once tagged, we can use composite rules to decide whether a message should be treated as spam based on additional indicators.
|
||||
|
||||
### Step 1: Create the Custom Lua Plugin
|
||||
|
||||
Start by creating a new file at `/etc/rspamd/plugins.d/kits_header_google_group.lua`:
|
||||
|
||||
```lua
|
||||
rspamd_config:register_symbol{
|
||||
@@ -63,50 +66,51 @@ rspamd_config:register_symbol{
|
||||
}
|
||||
```
|
||||
|
||||
Das Plugin sucht nach:
|
||||
This plugin checks for either of the following headers:
|
||||
|
||||
- `X-Google-Group-Id` Header
|
||||
- `List-Unsubscribe` Header mit `googlegroups` drin
|
||||
- `X-Google-Group-Id`
|
||||
- `List-Unsubscribe` containing the string `googlegroups`
|
||||
|
||||
Wenn einer der beiden gefunden wird, gibt's das Symbol `KITS_HEADER_GOOGLE_GROUP`.
|
||||
If either is present, the message is tagged with the symbol `KITS_HEADER_GOOGLE_GROUP`.
|
||||
|
||||
### Schritt 2: Plugin aktivieren
|
||||
### Step 2: Enable the Plugin
|
||||
|
||||
Dann noch ein leeres Config-File anlegen unter `/etc/rspamd/modules.d/kits_header_google_group.conf`:
|
||||
Next, register a module with the same name by creating an empty configuration file at `/etc/rspamd/modules.d/kits_header_google_group.conf`:
|
||||
|
||||
```bash
|
||||
# Leere Config, um das Lua-Plugin zu aktivieren
|
||||
# Empty config to enable lua plugin
|
||||
kits_header_google_group { }
|
||||
```
|
||||
|
||||
Ab jetzt wird jede Mail aus Google Groups mit `KITS_HEADER_GOOGLE_GROUP` getaggt und bekommt 'nen Score von 0,1.
|
||||
At this point, every email that originates from a Google Group will be tagged with the symbol `KITS_HEADER_GOOGLE_GROUP` and adds a score of 0.1.
|
||||
|
||||
### Schritt 3: Composite Rules bauen
|
||||
### Step 3: Create Composite Rules
|
||||
|
||||
Jetzt die Composite Rules definieren. Ab damit nach `/etc/rspamd/override.d/composite.conf`:
|
||||
The next step is to define composite rules that evaluate whether a tagged message is likely to be spam. Create the following entries in `/etc/rspamd/override.d/composite.conf`:
|
||||
|
||||
```bash
|
||||
# Google Group Ursprung mit Bulk oder Freemail
|
||||
# Google Group origin with bulk or freemail origin
|
||||
KITS_GOOGLE_GROUP_BAD {
|
||||
expression = "KITS_HEADER_GOOGLE_GROUP and (DCC_REJECT | FUZZY_BULK | FREEMAIL_FROM)";
|
||||
score = 8.0;
|
||||
}
|
||||
|
||||
# Google Group Ursprung mit Bulk und Freemail
|
||||
# Google Group origin with bulk and freemail origin
|
||||
KITS_GOOGLE_GROUP_WORST {
|
||||
expression = "KITS_HEADER_GOOGLE_GROUP and (DCC_REJECT | FUZZY_BULK ) and FREEMAIL_FROM";
|
||||
score = 20.0;
|
||||
}
|
||||
```
|
||||
|
||||
Die Regeln geben höhere Scores für Mails, die aus Google Groups kommen **und** bekannte Spam-Indikatoren haben wie `DCC_REJECT`, `FUZZY_BULK` oder `FREEMAIL_FROM`.
|
||||
These rules assign higher scores to messages that originate from Google Groups and match known spam indicators such as `DCC_REJECT`, `FUZZY_BULK`, or `FREEMAIL_FROM`.
|
||||
|
||||
> Die Namen, Scores und Logik sind auf meine Umgebung zugeschnitten. Passt die Werte immer an euer Setup an und testet vorher!
|
||||
> The naming scheme, scores, and logic here are tailored to my environment. Always adjust the scoring and expressions to fit your setup and verify changes before applying them.
|
||||
|
||||
## Fazit
|
||||
## Conclusion
|
||||
|
||||
Nachdem das Ding live war, ist der Spam aus Google Groups deutlich zurückgegangen. Legitime Mails von Unternehmen kamen weiterhin durch, der unerwünschte Group-Spam wurde aber effektiv von Rspamd markiert oder weggesperrt.
|
||||
After deploying this configuration, the amount of spam originating from Google Groups dropped noticeably. Legitimate messages from companies still passed through correctly, while unwanted group spam was effectively flagged or quarantined by Rspamd.
|
||||
|
||||
Wenn du nen Mail-Server betreibst, weißt du: Spam bekämpfen ist ein ewiger Kampf. Aber mit Rspamd hat man zum Glück richtig gute Werkzeuge an der Hand.
|
||||
If you're running a mail server, fighting spam is one of the more tedious and ongoing challenges. Thankfully, with Rspamd, we have some of the best and most flexible spam-fighting tools available.
|
||||
|
||||
Battling spam will always be a cat-and-mouse game, and I'm sure spammers will find new and clever ways to distribute unwanted mail sooner rather than later, but Rspamd will be here to help. I hope to share more useful posts in the future about keeping our mail systems clean with Rspamd.
|
||||
|
||||
Spammer werden immer neue Wege finden, ihren Müll zu verteilen – das ist Katz und Maus. Aber Rspamd ist und bleibt ne verdammt gute Maus.
|
||||
|
||||
Reference in New Issue
Block a user