You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matus UHLAR - fantomas <uh...@fantomas.sk> on 2011/05/12 09:06:10 UTC
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
> On 05/11/2011 04:35 PM, Michael Scheidell wrote:
> > if someone sends an email to 175 people, once they hit 'x' number in the
> > first email attempt, we send '4xx too many emails'
>
> > ie:
> > ehlo *.yahoo.com
> > mail from: <so...@yahoo.com>
> > rcpt to: <one>
> > 250 ok
> > rcpt to: <two>
> > 250 ok
> > [skip to 100].
> > rcpt to: <onehundered>
> > 4xx too many
On 11.05.11 19:30, Joe Sniderman wrote:
> We do something similar, except that the maximum number of recipients
> per envelope we set at 1. The second and all subsequent get a 4yz error
> during RCPT. We perform this after greylisting, ie:
Are you aware that this violates RFC standard?
You can not expect that when you violate it, others will behave at your
needs. For example, I would imediately try other MX server when sending
mail and not continue with DATA.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 12 May 2011 16:00:38 +0200
Michelle Konzack <li...@tamay-dogan.net> wrote:
> Which RFC? Limiting the "recipients per envelope" is legitim.
Limiting it to 1 is pushing it. RFC 5321 says:
"The minimum total number of recipients that MUST be buffered is 100
recipients. Rejection of messages (for excessive recipients) with
fewer than 100 RCPT commands is a violation of this specification."
Additionally, limiting it to 1 will have very undesirable side-effects.
Mailman, for example, sends messages out in chunks of 30 recipients
at a time by default. If all 30 recipients are on a server that only
accepts one at a time and your mail server retries every 10 minutes, the
last recipient will receive the message 5 hours after the first recipient.
That's pretty unfriendly behaviour.
Regards,
David.
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > Nobody requires you to execute 100 spamassassin processes and nobody
> > requires to run them them in parallel. However, the RFCs DOES require you
> > accepting at least 100 recipients at once.
On 16.05.11 23:19, Michelle Konzack wrote:
> It happen automaticaly if...
> ...the system accept 100 messages at once for 100 different recipients.
> Sending to 100 recipients is like a DoS.
sending one mail to 100 recipients is OK, receiving 100 mails in parallel
can be delayed by other ways (e.g. limiting maximum number of connections).
> > You can run spamassassin with safe global preferences for mail destined to
> > more recipients. Or, you can run different domains on different IPs with
> > different SA configurations. That could spare you from multiple checking
> > mail to multiple recipients.
>
> I have already over 20 mailservers with more then 98.000 users and
> currently I am installing 30 new mailservers (each with 2500 users)...
>
> And yes, 72.000 users are from the same company, but if they have to
> send a message to the WHOLE enterprise, they use my own service which
> bypass the standard mail deliver over the MTAs.
>
> I can push the 72.000 messages in less then 3 minutes into the mailboxes
This has nothing to do with my recommendation. You can safely scan all mail
to multiple (no matter if 10 or 100) recipients with unpersonalized SA, then
re-scan each again to get personalized results.
I guess you don't drop all mail tagged as spam and suspicious e-mail is
still delivered to their spamboxes.
> > RFC, do not expect SMTP clients to behave as you want. If anyone will have
> > problems caused by you rejecting 11th recipient, it will be YOUR problem.
> By droping spam?
no, by dropping 11th to 100th recipient.
> > Don't blame me. You could blame the RFC but I believe its authors knew more
> > than you do.
>
> The RFC-Requirement is a big bullshit!
It is not. It is there for preventing postmasters from doing things the
easy, but wrong way, e.g. like you do.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
Re: 100 RCPTs in one session (was Re: Yahoo sent 5.5x as much spam as any other legit provider in April)
Posted by Per Jessen <pe...@computer.org>.
Mark Martinec wrote:
> Per,
>
>> Splitting hairs...
>
> No problem.
>
>> queueing is an implementation of a design, and almost
>> certainly what amavisd does :-)
>
> Surprise ... it doesn't. Queueing is left entirely in hands of an
> MTA, and if using a pre-queue setup such as a smtp proxy as offered by
> Postfix (or a milter setup) there is no additional queuing besides
> what an MTA already does.
>
> Most importantly: a message is not processed one recipient at at time,
> but as one entity, with one call to SpamAssassin, and then carefully
> adjusting final message editing if settings of mail's recipients
> require different final touches. It practically makes not difference
> in timing if a message has one or a thousand recipients.
Interesting, thanks for enlightening me. I guess amavisd is just being
opportunistic about it and hoping not many recipients will have
individual settings?
/Per Jessen, Zürich
Re: 100 RCPTs in one session (was Re: Yahoo sent 5.5x as much spam as any other legit provider in April)
Posted by Mark Martinec <Ma...@ijs.si>.
Per,
> Splitting hairs...
No problem.
> queueing is an implementation of a design, and almost
> certainly what amavisd does :-)
Surprise ... it doesn't. Queueing is left entirely in hands of an MTA,
and if using a pre-queue setup such as a smtp proxy as offered by Postfix
(or a milter setup) there is no additional queuing besides what an MTA
already does.
Most importantly: a message is not processed one recipient at at time,
but as one entity, with one call to SpamAssassin, and then carefully
adjusting final message editing if settings of mail's recipients require
different final touches. It practically makes not difference in timing
if a message has one or a thousand recipients.
Mark
Re: 100 RCPTs in one session (was Re: Yahoo sent 5.5x as much spam as any other legit provider in April)
Posted by Per Jessen <pe...@computer.org>.
Mark Martinec wrote:
> David F. Skoll wrote:
>> That's a bad design. Our system can accept mail to multiple
>> recipients with individual filtering and without running many
>> SpamAssassin processes in parallel. It can be done.
>
> Indeed.
>
>
> Per Jessen wrote:
>> Sure, it's only a question of queueing.
>
>
> I'd join David and say it's a matter of design.
Splitting hairs - queueing is an implementation of a design, and almost
certainly what amavisd does :-)
/Per Jessen, Zürich
Re: 100 RCPTs in one session (was Re: Yahoo sent 5.5x as much spam as any other legit provider in April)
Posted by Mark Martinec <Ma...@ijs.si>.
David F. Skoll wrote:
> That's a bad design. Our system can accept mail to multiple
> recipients with individual filtering and without running many
> SpamAssassin processes in parallel. It can be done.
Indeed.
Per Jessen wrote:
> Sure, it's only a question of queueing.
I'd join David and say it's a matter of design.
Amavisd can do it too: handle multi-recipient messages
efficiently, calling SpamAssassin only once per message
(not once per recipient), yet still faithfully implementing
per-recipient settings like score thresholds, black/whitelisting,
bypassing certain checks, tagging (Subject, addr. extensions),
defanging, ...
Mark
Re: 100 RCPTs in one session (was Re: Yahoo sent 5.5x as much spam as any other legit provider in April)
Posted by Per Jessen <pe...@computer.org>.
David F. Skoll wrote:
> On Mon, 16 May 2011 23:19:26 +0200
> Michelle Konzack <li...@tamay-dogan.net> wrote:
>
>
>> > Nobody requires you to execute 100 spamassassin processes and
>> > nobody
>> It happen automaticaly if...
>> ...the system accept 100 messages at once for 100 different
>> recipients. Sending to 100 recipients is like a DoS.
>
> That's a bad design. Our system can accept mail to multiple
> recipients with individual filtering and without running many
> SpamAssassin processes in parallel. It can be done.
Sure, it's only a question of queueing.
/Per Jessen, Zürich
100 RCPTs in one session (was Re: Yahoo sent 5.5x as much spam as
any other legit provider in April)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Mon, 16 May 2011 23:19:26 +0200
Michelle Konzack <li...@tamay-dogan.net> wrote:
> > Nobody requires you to execute 100 spamassassin processes and nobody
> It happen automaticaly if...
> ...the system accept 100 messages at once for 100 different
> recipients. Sending to 100 recipients is like a DoS.
That's a bad design. Our system can accept mail to multiple recipients
with individual filtering and without running many SpamAssassin processes in
parallel. It can be done.
[...]
> The RFC-Requirement is a big bullshit!
Careful. Some RFC requirements indeed do not make sense, but you
should not violate a MUST requirement without a lot of justification
(certainly better justification than you've given.)
Regards,
David.
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Matus UHLAR - fantomas,
Am 2011-05-16 10:51:26, hacktest Du folgendes herunter:
> Nobody requires you to execute 100 spamassassin processes and nobody
It happen automaticaly if...
> requires to run them them in parallel. However, the RFCs DOES require you
> accepting at least 100 recipients at once.
...the system accept 100 messages at once for 100 different recipients.
Sending to 100 recipients is like a DoS.
> You can run spamassassin with safe global preferences for mail destined to
> more recipients. Or, you can run different domains on different IPs with
> different SA configurations. That could spare you from multiple checking
> mail to multiple recipients.
I have already over 20 mailservers with more then 98.000 users and
currently I am installing 30 new mailservers (each with 2500 users)...
And yes, 72.000 users are from the same company, but if they have to
send a message to the WHOLE enterprise, they use my own service which
bypass the standard mail deliver over the MTAs.
I can push the 72.000 messages in less then 3 minutes into the mailboxes
> Then you are violating the RFC. As I have already stated, where you violate
> RFC, do not expect SMTP clients to behave as you want. If anyone will have
> problems caused by you rejecting 11th recipient, it will be YOUR problem.
By droping spam? If ONE of myusers send bulkmails, he/she know, she can
not have more then 10 recipients. If someone send from outside I will
give a fsck on it.
> Don't blame me. You could blame the RFC but I believe its authors knew more
> than you do.
The RFC-Requirement is a big bullshit!
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +49-176-86004575 office
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle@jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 15.05.11 18:50, Michelle Konzack wrote:
> Am 2011-05-15 18:08:36, hacktest Du folgendes herunter:
>
> You are late!
>
> > so far, every RFC defining SMTP yet released. They all (821, 2821, 5321) say
> > at least 100 must be accepted.
>
> ...and what if your Mailserver can not handel the threatment of 100
> recipients parallel, because spamfiltering is done per user?
Then the mailserver violates RFC, because it MUST handle at least 100 of
them. See RFC 5321, section 4.5.3.1.8.
> Here on my system it would start 100 spamassassin processes which will
> kill the machine!
Nobody requires you to execute 100 spamassassin processes and nobody
requires to run them them in parallel. However, the RFCs DOES require you
accepting at least 100 recipients at once.
> And of course, sending to 100 and more recipients at once, is 100% spam
> on my system!
You can run spamassassin with safe global preferences for mail destined to
more recipients. Or, you can run different domains on different IPs with
different SA configurations. That could spare you from multiple checking
mail to multiple recipients.
> I have set the limit to 10 and even this is already spam which I see
> from the mail log.
Then you are violating the RFC. As I have already stated, where you violate
RFC, do not expect SMTP clients to behave as you want. If anyone will have
problems caused by you rejecting 11th recipient, it will be YOUR problem.
Don't blame me. You could blame the RFC but I believe its authors knew more
than you do.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Matus UHLAR - fantomas,
Am 2011-05-15 18:08:36, hacktest Du folgendes herunter:
You are late!
> so far, every RFC defining SMTP yet released. They all (821, 2821, 5321) say
> at least 100 must be accepted.
...and what if your Mailserver can not handel the threatment of 100
recipients parallel, because spamfiltering is done per user?
Here on my system it would start 100 spamassassin processes which will
kill the machine!
And of course, sending to 100 and more recipients at once, is 100% spam
on my system!
I have set the limit to 10 and even this is already spam which I see
from the mail log.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +49-176-86004575 office
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle@jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > On 11.05.11 19:30, Joe Sniderman wrote:
> > > We do something similar, except that the maximum number of recipients
> > > per envelope we set at 1. The second and all subsequent get a 4yz error
> > > during RCPT. We perform this after greylisting, ie:
> Am 2011-05-12 09:06:10, hacktest Du folgendes herunter:
> > Are you aware that this violates RFC standard?
On 12.05.11 16:00, Michelle Konzack wrote:
> Which RFC? Limiting the "recipients per envelope" is legitim.
so far, every RFC defining SMTP yet released. They all (821, 2821, 5321) say
at least 100 must be accepted.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
Re: Yahoo sent 5.5x as much spam as any other legit provider in
April
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Matus UHLAR - fantomas,
Am 2011-05-12 09:06:10, hacktest Du folgendes herunter:
> On 11.05.11 19:30, Joe Sniderman wrote:
> > We do something similar, except that the maximum number of recipients
> > per envelope we set at 1. The second and all subsequent get a 4yz error
> > during RCPT. We perform this after greylisting, ie:
>
> Are you aware that this violates RFC standard?
Which RFC? Limiting the "recipients per envelope" is legitim.
> You can not expect that when you violate it, others will behave at your
> needs. For example, I would imediately try other MX server when sending
> mail and not continue with DATA.
I get per day arround 26.000.000 spams on my courier-proxys and if I do
not limit the number "recipients per envelope" I would receive per
second 300 spams.
Note: 80% of the spams are rejected on SMTP Level without invoking SA.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +49-176-86004575 office
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle@jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/