From 222414b585b1279efb7ce1cf77fe14ae3c4ce8eb Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Mon, 2 Oct 2023 21:33:11 +0000
Subject: [PATCH] Blackhole deliveries for Mailman v3 local user

On Mailman v2 the "mailman" addresses were mapped to special mailing
lists used for monthly password notifications and some other tasks.
This does not exist on Mailman v3, but spammers still have the old
mailman list addresses and send junk to them, which the server
attempts to deliver because there's a local user account with the
same name.

Reject messages for the old "mailman" addresses at receipt, so they
never enter our message queue.

Change-Id: I9db93ae98f4b3952400c1e478612ab70a6241dd1
---
 inventory/service/host_vars/lists01.opendev.org.yaml    | 3 +++
 playbooks/zuul/files/host_vars/lists99.opendev.org.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/inventory/service/host_vars/lists01.opendev.org.yaml b/inventory/service/host_vars/lists01.opendev.org.yaml
index 12dcdc9de9..90932203d5 100644
--- a/inventory/service/host_vars/lists01.opendev.org.yaml
+++ b/inventory/service/host_vars/lists01.opendev.org.yaml
@@ -31,6 +31,9 @@ exim_aliases:
   product-wg-owner: spam
   user-committee-owner: spam
   spam: ':fail: delivery temporarily disabled due to ongoing spam flood'
+  # This is the local username for mailman processes, but it does not send nor
+  # need to receive messages.
+  mailman: ':blackhole: this address does not accept email'
   # TODO It would be better to bypass verification for postorius@listdomain
   # and set a :fail: rule for anyone trying to send email to this addr.
   # But that requires updating our main exim config so that needs more thought.
diff --git a/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml b/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml
index e51ce292d0..d3f0b6aa7f 100644
--- a/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml
+++ b/playbooks/zuul/files/host_vars/lists99.opendev.org.yaml
@@ -40,6 +40,9 @@ exim_aliases:
   product-wg-owner: spam
   user-committee-owner: spam
   spam: ':fail: delivery temporarily disabled due to ongoing spam flood'
+  # This is the local username for mailman processes, but it does not send nor
+  # need to receive messages.
+  mailman: ':blackhole: this address does not accept email'
   # TODO It would be better to bypass verification for postorius@listdomain
   # and set a :fail: rule for anyone trying to send email to this addr.
   # But that requires updating our main exim config so that needs more thought.