You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Lorenzo Thurman <lo...@thethurmans.com> on 2015/03/24 20:10:48 UTC
Spamassassin not catching spam (Follow-up)
I contacted the list a couple of weeks ago about SA not missing a lot of spam I thought it should be catching. There duplicates of message that I had put through sa-learn, that were still getting passed. One of the suggestions offered here, after posting my command line here, was that I should run sa-learn as the user not, as root (silly mistake). That did improve SA’s ability to catch spam. It cut it down to ~1/2, but I thought there was more I could do. So, after more digging, I found this script:
http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix <http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix>
I had been using the default Ubuntu configuration, but after implementing this script, I’ve found SA catching ~90-95% of the spam. So my faith is now restored.
Thanks
Re: Spamassassin not catching spam (Follow-up)
Posted by RW <rw...@googlemail.com>.
On Tue, 24 Mar 2015 14:10:48 -0500
Lorenzo Thurman wrote:
> I contacted the list a couple of weeks ago about SA not missing a lot
> of spam I thought it should be catching. There duplicates of message
> that I had put through sa-learn, that were still getting passed. One
> of the suggestions offered here, after posting my command line here,
> was that I should run sa-learn as the user not, as root (silly
> mistake). That did improve SA?s ability to catch spam. It cut it down
> to ~1/2, but I thought there was more I could do. So, after more
> digging, I found this script:
> http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
> <http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix> I had
> been using the default Ubuntu configuration, but after implementing
> this script, I?ve found SA catching ~90-95% of the spam. So my faith
> is now restored. Thanks
I don't see anything obvious in that script that would change the
performance of spamassassin itself - other that the "tweak" to change
the threshold to 3.0.
Re: Spamassassin not catching spam (Follow-up)
Posted by Mark Martinec <Ma...@ijs.si>.
>> well, a better setup would run spamassassin via milter *before-queue*
>> and proper reject junk at SMTP level - so you have a tag level let say
>> between 5.5 and 7.9 points and reject above 8.0
>>
>> the flagged ones can go in a seperate folder via sieve and the
>> absolute
>> high score junk is proper rejected and with some luck the spam
>> attempts
>> go down at all
>> http://www.postfix.org/MILTER_README.html
>
> If you're already using amavisd with postfix and postscreen, would
> there be any benefit to considering a milter in this way?
>
> Spamassassin already verifies authenticity, although not pre-queue,
> but I'm not sure that's enough for me to introduce another set of
> applications to manage...
The usual amavis setup with postfix nowadays is a before-queue setup:
smtpd pass - - n - 150 smtpd
-o smtpd_proxy_filter=inet:[::1]:10024
-o smtpd_proxy_options=speed_adjust
A milter setup has no advantage over a before-queue proxy setup,
and has some disadvantages (e.g. unable to individually adjust
mail header section in multi-recipient mail messages).
Don't use a content filter in an after queue setup, unless you
give up mail rejections. Non-delivery notifications due to spam/malware
*must* be avoided, discarding mail without letting sender or
recipient be aware about it is not acceptable (and may not be legal),
and delivering tagged junk (or delivering to a dedicated recipient's
folder) may not be appreciated by recipients.
Mark
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 17:23 schrieb Dave Wreski:
> Hi,
>
>>> RH> i don't know the UK laws but in germany it's for sure not allowed
>>> RH> because it's legally classified identical to a postman says "meh i
>>> don't
>>> RH> walk to go upstairs today and throw the letter away"
>>>
>>> RH> if you pretend to provide relieable mailservices it should be
>>> logically
>>> RH> that discard instead reject so that none of both parties can take
>>> notice
>>> RH> in case of false positives is not that smart
>>>
>>> Better go tel MS as that's exactly what hotmail and live do
>>
>> because others do wrong is not a good justification
>
> I hoped I could ask for a little more of an explanation.
>
> I'm willing to rely on RBLs and postscreen to make outright reject
> decisions, but I'm not sure I want spamassassin/amavisd doing that.
> Silently quarantining viruses and spam is how it's been done here for a
> while.
> So this method eliminates the content_filter configuration in postfix,
> where the messages are queued.
>
> I can see this new method being suitable for smaller networks, but
> without any queuing capability, how does it scale?
since most messages are still killed with postscreen and smtpd rules
*before* the milter it scales not that bad - 1200 valid users and zero
load over 8 months now
the barracuda virtual appliance using silent drop in many cases had
magnitudes more system load and given that the Spamfilter-VM now has
only 4 cores assigned i don't see a scale problem for many years
current month:
Connections: 407725
Delivered: 50896
Blocked: 356829
Invalid User: 7875
Disallowed User: 53
Reject Postscreen: 221739
Reject Postfix: 15765
Reject Milter: 4278
Reject Temporary: 1232
Blacklist: 218434
Pregreet: 24446
Hangup: 265877
Protocol Error: 2098
Illegal Syntax: 9
SpamAssassin: 4167
Virus: 111
Helo: 936
Subject: 107
Attachment: 12
Header Length: 14
Sender Regex: 126
Sender Blocked: 211
Sender Verify: 286
Sender Invalid: 305
Sender Spoofed: 7
Sender Parked: 11
PTR Missing: 153
PTR Generic: 430
SPF: 570
> Also, if there is even a temporary interruption in amavis' ability to
> operate, mail will be rejected.
temporary with a 4xx - the same as you do with greylisting for every new IP
> Do large scale operators implement this proxy filter approach, and if
> so, aren't there any problems with processing times?
>
> It seems the real advantage to doing it this way is the ability to
> quickly reject mail not already rejected by zen/postscreen/etc. Is that
> really such a big benefit?
the real benefit is that you don't receive high score junk at all
> And not even all spam would be rejected - only those you felt were over
> a predetermined threshold, correct? Why not just quarantine it all,
> giving the user the ability to determine if they want to go looking for it?
because my users and virtually all people i know prefer to *not* face
high score junk at all, not flagged and not in quarantine - hence they
forward me all flagged mails for training
why would i want to have a message with a score above 20 delivered at all
quarantine don't work well at all - we had that over 8 years and most of
the time in case of waiting for important mails people forgot their user
credentials and wanted to look if it is in quarantine, looked in the
junk folder, called me by phone if i know what's with a specific message
setup a filter working on a 95% hit level in case of rejects, deliver
the remaining 5% flagged and be able to make a clear statement "if the
message would have been rejected the sender would know unconditional"
leaded in 2 phone calls over 8 months versus 2 each day over years
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Reindl,
Wednesday, March 25, 2015, 7:39:56 PM, you wrote:
RH> stop kidding or do you *really* pretend you never had a false positive?
Not that scored highly enough to be dumped rather than put in a spam
folder.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 20:03 schrieb Niamh Holding:
> Hello Reindl,
>
> Wednesday, March 25, 2015, 5:15:22 PM, you wrote:
>
> RH> the support calls for silent discard are more and contain more bad
> RH> energy
>
> Never been contacted by a spammer as to why their message ended up in
> /dev/null
stop kidding or do you *really* pretend you never had a false positive?
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Reindl,
Wednesday, March 25, 2015, 5:15:22 PM, you wrote:
RH> the support calls for silent discard are more and contain more bad
RH> energy
Never been contacted by a spammer as to why their message ended up in
/dev/null
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 17:59 schrieb Axb:
> Both methods have their advantages - it always depends on what your
> user's expect/wish/hope for AND not to be forgotten: How many support
> tickets could all the rejects trigger?
> Depending on your user base, it could be more than you wish for
that's why you careful consider a score above you reject which is way
higher than the score above you just flag a message
at the begin with a new setup set it exremely high, than take the
messages to train bayes in both directions and over time you can slowly
lower the reject-score to values where you still be sure that you have
very few to zero false positives
the support calls for silent discard are more and contain more bad
energy when somebody finds out days later that the message the other
side talks about on the phone never was delivered and no NDR sent
Re: Spamassassin not catching spam (Follow-up)
Posted by Axb <ax...@gmail.com>.
While a few here think this is god's gift to mankind, it's ONE way to do
it...
On 03/25/2015 05:23 PM, Dave Wreski wrote:
>
> I hoped I could ask for a little more of an explanation.
>
> I'm willing to rely on RBLs and postscreen to make outright reject
> decisions, but I'm not sure I want spamassassin/amavisd doing that.
> Silently quarantining viruses and spam is how it's been done here for a
> while.
>
> So this method eliminates the content_filter configuration in postfix,
> where the messages are queued.
>
> I can see this new method being suitable for smaller networks, but
> without any queuing capability, how does it scale?
Postini was prequeue, inline with target server... BUT.. what juice did
they use in the background.... I don't know. Certainly not SA.
> Also, if there is even a temporary interruption in amavis' ability to
> operate, mail will be rejected.
afaik, on fail accept or 450 - configurable
>
> Do large scale operators implement this proxy filter approach, and if
> so, aren't there any problems with processing times?
There are some large service providers doing but they use customized
MTAs and no fat SA/Perl regex parties.
Also, in a well connected world it works fine, but what happens with
sluggish connections from Indonesia or Bolivia ? Lord knows...
> It seems the real advantage to doing it this way is the ability to
> quickly reject mail not already rejected by zen/postscreen/etc. Is that
> really such a big benefit?
Depends... [1] no matter how loud ppl get about the benefits (and trust
me, they're persistent) only you can decide if it will work for your
traffic. Trust YOUR judgement only - not the rabid advocate's
> And not even all spam would be rejected - only those you felt were over
> a predetermined threshold, correct? Why not just quarantine it all,
> giving the user the ability to determine if they want to go looking for it?
See [1]
Both methods have their advantages - it always depends on what your
user's expect/wish/hope for AND not to be forgotten: How many support
tickets could all the rejects trigger?
Depending on your user base, it could be more than you wish for.
In the end, trust your gut feeling and take what lets you sleep best.
Nobody will thank you for gettting high pressure and a stroke.
Axb
Re: Spamassassin not catching spam (Follow-up)
Posted by Dave Wreski <dw...@guardiandigital.com>.
Hi,
>> RH> i don't know the UK laws but in germany it's for sure not allowed
>> RH> because it's legally classified identical to a postman says "meh i
>> don't
>> RH> walk to go upstairs today and throw the letter away"
>>
>> RH> if you pretend to provide relieable mailservices it should be
>> logically
>> RH> that discard instead reject so that none of both parties can take
>> notice
>> RH> in case of false positives is not that smart
>>
>> Better go tel MS as that's exactly what hotmail and live do
>
> because others do wrong is not a good justification
I hoped I could ask for a little more of an explanation.
I'm willing to rely on RBLs and postscreen to make outright reject
decisions, but I'm not sure I want spamassassin/amavisd doing that.
Silently quarantining viruses and spam is how it's been done here for a
while.
So this method eliminates the content_filter configuration in postfix,
where the messages are queued.
I can see this new method being suitable for smaller networks, but
without any queuing capability, how does it scale?
Also, if there is even a temporary interruption in amavis' ability to
operate, mail will be rejected.
Do large scale operators implement this proxy filter approach, and if
so, aren't there any problems with processing times?
It seems the real advantage to doing it this way is the ability to
quickly reject mail not already rejected by zen/postscreen/etc. Is that
really such a big benefit?
And not even all spam would be rejected - only those you felt were over
a predetermined threshold, correct? Why not just quarantine it all,
giving the user the ability to determine if they want to go looking for it?
Thanks,
Alex
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/26/15, Reindl Harald <h....@thelounge.net> wrote:
>
> Am 26.03.2015 um 13:10 schrieb Nick Edwards:
>> On 3/26/15, Reindl Harald <h....@thelounge.net> wrote:
>>>> bots have not learned from 55x messages EVER they dont care, they
>>>> never have they never will, they will resend their shit 50 times a
>>>> second without hesitation anyone whos been a mail admin for more than
>>>> 5 years knows this
>>>
>>> in the time you wrote that paragraph you could have opened the
>>> attachment, the curve of RBL rejects moved dramatically down while the
>>> number of daily delivered mail is unchanged
>>
>> RBL blocks are still very significant around here, dont presume that
>> we see what you see, same as I'd never presume you'd see what we see,
>> I can say that with fact because the regions hitting our hamburg
>> servers are nothing like what hits our hong kong servers, and vice
>> versa
>
> a last reply to that thread:
>
> the point was not RBL's and whatz you see where, the point was that
> after switch to unconditionally reject instead drop the number of
> *delivery attempts* dramatically went down
>
> and since it is the same userbase, the same network and the same
> mailflow it's not a matter of what you and i see different - it is a
> matter of what i see different just by stop silent discard
>
i'm confused, its not a mater of what we see different but then you
say it is matter of what you see different, I think unknowingly you
agreed with me. Dont think we have not looked at reject, we looked at
that years ago, never changed, just like we never saw graylisting as
beneficial, most the bastards still resend so we dropped that too, all
it did was delay legitimate mail.
Either way, the way you run your network suites you, and the way we
run ours suites us.
Just dont go round calling other organisations method shit or dumb or
silly or stupid because you disagree with how we successfully choose
to run our networks, we could turn around and say the same about how
you run yours, but we dont because we know and understand "each to
our own"
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 13:10 schrieb Nick Edwards:
> On 3/26/15, Reindl Harald <h....@thelounge.net> wrote:
>>> bots have not learned from 55x messages EVER they dont care, they
>>> never have they never will, they will resend their shit 50 times a
>>> second without hesitation anyone whos been a mail admin for more than
>>> 5 years knows this
>>
>> in the time you wrote that paragraph you could have opened the
>> attachment, the curve of RBL rejects moved dramatically down while the
>> number of daily delivered mail is unchanged
>
> RBL blocks are still very significant around here, dont presume that
> we see what you see, same as I'd never presume you'd see what we see,
> I can say that with fact because the regions hitting our hamburg
> servers are nothing like what hits our hong kong servers, and vice
> versa
a last reply to that thread:
the point was not RBL's and whatz you see where, the point was that
after switch to unconditionally reject instead drop the number of
*delivery attempts* dramatically went down
and since it is the same userbase, the same network and the same
mailflow it's not a matter of what you and i see different - it is a
matter of what i see different just by stop silent discard
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/26/15, Reindl Harald <h....@thelounge.net> wrote:
>
> Am 25.03.2015 um 14:56 schrieb Nick Edwards:
>>> if i need to take the phone and ask the admin if a mail was discarded or
>>> just not delivered at the moment the mailservice is shit
>>
>> get into the real world, and there you go again someone does different
>> than reindl does so they must be shit. jesus christ you have a lame
>> outlook on life, get used to the fact because someone does something
>> different than you, doesnt mean its bad.
>
> you should get into the real world
>
> if iw rite a mail and don't get a bounce i have to expect it was
> delivered, if mail delivery is not trustable it is shit - not because
> you are doing it different than me - but because your mailservice is
> some sort of lottery
>
BINGO!
Thats exactly what mail delivery has been for nearing 25 years.
An Enormous number of service providers in the western world will
discard spam messages we do nothing special or out of the ordinary,
the lottery game is for the spammers, they have no idea if anyone read
their trash or not, if your message is not spam it would be delivered.
we have 3.8 million users, so I think we would know pretty quickly if
we were doing it wrong.
you will just have to accept the world doesnt follow your handbook or wishes.
>>> a reject at SMTP level in case of spam don't produce bounces anywhere,
>>> but the bot may interpret as "that RCPT don't accept mail" - with a
>>
>> bots have not learned from 55x messages EVER they dont care, they
>> never have they never will, they will resend their shit 50 times a
>> second without hesitation anyone whos been a mail admin for more than
>> 5 years knows this
>
> in the time you wrote that paragraph you could have opened the
> attachment, the curve of RBL rejects moved dramatically down while the
> number of daily delivered mail is unchanged
>
RBL blocks are still very significant around here, dont presume that
we see what you see, same as I'd never presume you'd see what we see,
I can say that with fact because the regions hitting our hamburg
servers are nothing like what hits our hong kong servers, and vice
versa.
>
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 14:56 schrieb Nick Edwards:
>> if i need to take the phone and ask the admin if a mail was discarded or
>> just not delivered at the moment the mailservice is shit
>
> get into the real world, and there you go again someone does different
> than reindl does so they must be shit. jesus christ you have a lame
> outlook on life, get used to the fact because someone does something
> different than you, doesnt mean its bad.
you should get into the real world
if iw rite a mail and don't get a bounce i have to expect it was
delivered, if mail delivery is not trustable it is shit - not because
you are doing it different than me - but because your mailservice is
some sort of lottery
>> a reject at SMTP level in case of spam don't produce bounces anywhere,
>> but the bot may interpret as "that RCPT don't accept mail" - with a
>
> bots have not learned from 55x messages EVER they dont care, they
> never have they never will, they will resend their shit 50 times a
> second without hesitation anyone whos been a mail admin for more than
> 5 years knows this
in the time you wrote that paragraph you could have opened the
attachment, the curve of RBL rejects moved dramatically down while the
number of daily delivered mail is unchanged
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/25/15, Reindl Harald <h....@thelounge.net> wrote:
>
> Am 25.03.2015 um 13:39 schrieb Nick Edwards:
>> On 3/25/15, Reindl Harald <h....@thelounge.net> wrote:
>>> that game is over at the moment you got a complaint from the sender
>>> proving you MX has responded with "250 OK" and the message was never
>>> delivered - that is *not* how SMTP is designed to work
>>
>> read up on your RFC's, silent discard is permitted for spam, has been
>> RFC'd for few years now replacing old 2822 or whatever it was
>
> tell that your angry user after a false-positive in case of important
> mails - in the real world not only matters what is permitted - common
> sense could help here.....
>
I dont have any angry users, if we discard a message its very clearly
spam, no one has ever complained about that, get into the real world
> if i need to take the phone and ask the admin if a mail was discarded or
> just not delivered at the moment the mailservice is shit
>
get into the real world, and there you go again someone does different
than reindl does so they must be shit. jesus christ you have a lame
outlook on life, get used to the fact because someone does something
different than you, doesnt mean its bad.
> a reject at SMTP level in case of spam don't produce bounces anywhere,
> but the bot may interpret as "that RCPT don't accept mail" - with a
bots have not learned from 55x messages EVER they dont care, they
never have they never will, they will resend their shit 50 times a
second without hesitation anyone whos been a mail admin for more than
5 years knows this.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 13:39 schrieb Nick Edwards:
> On 3/25/15, Reindl Harald <h....@thelounge.net> wrote:
>> that game is over at the moment you got a complaint from the sender
>> proving you MX has responded with "250 OK" and the message was never
>> delivered - that is *not* how SMTP is designed to work
>
> read up on your RFC's, silent discard is permitted for spam, has been
> RFC'd for few years now replacing old 2822 or whatever it was
tell that your angry user after a false-positive in case of important
mails - in the real world not only matters what is permitted - common
sense could help here.....
if i need to take the phone and ask the admin if a mail was discarded or
just not delivered at the moment the mailservice is shit
a reject at SMTP level in case of spam don't produce bounces anywhere,
but the bot may interpret as "that RCPT don't accept mail" - with a
silent discard you sign "hey we receive all your crap" which is pretty
stupid - see attached stats after change from discard to reject
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/25/15, Reindl Harald <h....@thelounge.net> wrote:
>
> Am 25.03.2015 um 11:17 schrieb Niamh Holding:
>> Hello Reindl,
>>
>> Wednesday, March 25, 2015, 9:51:48 AM, you wrote:
>>
>> RH> i don't know the UK laws but in germany it's for sure not allowed
>> RH> because it's legally classified identical to a postman says "meh i
>> don't
>> RH> walk to go upstairs today and throw the letter away"
>>
>> RH> if you pretend to provide relieable mailservices it should be
>> logically
>> RH> that discard instead reject so that none of both parties can take
>> notice
>> RH> in case of false positives is not that smart
>>
>> Better go tel MS as that's exactly what hotmail and live do
>
> because others do wrong is not a good justification
Doesnt mean its the wrong thing, our companies secondary mx's are in
Hamburg and we can discard who we want, RFC's say so
>
> barracuda networks does the same (which i did not imagine) and hence we
barrqacuda is shit, has bee shit and always will be shit
>
> that game is over at the moment you got a complaint from the sender
> proving you MX has responded with "250 OK" and the message was never
> delivered - that is *not* how SMTP is designed to work
read up on your RFC's, silent discard is permitted for spam, has been
RFC'd for few years now replacing old 2822 or whatever it was
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 11:17 schrieb Niamh Holding:
> Hello Reindl,
>
> Wednesday, March 25, 2015, 9:51:48 AM, you wrote:
>
> RH> i don't know the UK laws but in germany it's for sure not allowed
> RH> because it's legally classified identical to a postman says "meh i don't
> RH> walk to go upstairs today and throw the letter away"
>
> RH> if you pretend to provide relieable mailservices it should be logically
> RH> that discard instead reject so that none of both parties can take notice
> RH> in case of false positives is not that smart
>
> Better go tel MS as that's exactly what hotmail and live do
because others do wrong is not a good justification
barracuda networks does the same (which i did not imagine) and hence we
dropped after 8 years the appliance while having a support contract
until end of 2016 - too much customer complaints about unrelieable
mailservice and too much false positives of my own mails silently discarded
that game is over at the moment you got a complaint from the sender
proving you MX has responded with "250 OK" and the message was never
delivered - that is *not* how SMTP is designed to work
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello David,
Thursday, March 26, 2015, 12:25:30 AM, you wrote:
DFS> that a message is either delivered
It is delivered to the appropriate place, it just happens that that place
is /dev/null
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On Thu, 26 Mar 2015 11:55:27 -0400
>Michael Orlitzky <mi...@orlitzky.com> wrote:
>
>> If one of your customer domains has non-default settings, give them
>> their own IP address and a separate MX record pointing to that
>> address.
On 26.03.15 12:54, David F. Skoll wrote:
>We filter more than 8000 domains. That is not feasible.
That's in fact not feasible because even recipients in the same domain may
have different settings and rules (and different BAYES database)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
Re: Spamassassin not catching spam (Follow-up)
Posted by "@lbutlr" <kr...@kreme.com>.
On 26 Mar 2015, at 06:38 , David F. Skoll <df...@roaringpenguin.com> wrote:
> On Thu, 26 Mar 2015 07:53:49 +0100 Reindl Harald <h....@thelounge.net> wrote:
>> accepted means your SMTP sevrer responded with a 250 status code and
>> not with a 4x temporary or 5x permanent error aka rejected the message
>
> No. Accepted means delivered to the end-user's mailbox.
You do not get to make up your own definitions.
Accepted: your server accepted the message
Delivered: messages was sent to an LDA
--
"If this is the best God can do, I'm not impressed."
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 07:53:49 +0100
Reindl Harald <h....@thelounge.net> wrote:
> accepted means your SMTP sevrer responded with a 250 status code and
> not with a 4x temporary or 5x permanent error aka rejected the message
No. Accepted means delivered to the end-user's mailbox.
As an analogy: I do not believe the postal system requires
acknowledgement of every single letter that ends up being delivered.
If you want delivery notification, you need to pay more for it. In the
electronic world, if you want to be sure you've made contact with someone,
you call them up.
That is not how SMTP was designed. But that is today's reality and it's
tilting at windmills to fight it.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 11:56 schrieb David Jones:
>> From: Reindl Harald <h....@thelounge.net>
>>> And that is a silent discard. You are accepting responsibility for the
>>> email, telling no one anything more and discarding it with out DSN/NDR
>
>> and everybody acting that way for mails which are not only his own
>> should refrain from maintain a mailserver because he is playing lottery
>> with other peolles communication
>
> I filter for over 100,000 mailboxes with MailScanner so silent discards happen
> all the time with no issues from our customers. It's going to be different for
> each environment so it's not a hard rule
the environment don't matter, silent discard of wrong classified mails
is harm you are doing to users and not to machines - i was affected by
such a behavior because talking about PTR filtering in a mail-thread and
some of the hostname domains where on URI blacklists
i tell you waht my reaction as responsible admin was:
* a existing and payed service contract until end of 2016
* within 2 weeks day and night replaced and de-commisioned the appliance
not because my personal false positives, just because i can't take
responsibility and give customers qualified answers in case of a
gambling machine as MX
> If you have other protections setup around SA like RBLs to reject, honeypot
> MXes that tempfail, etc., then SA only has to scan a small percentage of your
> messages. This equates to a very small percentage of silent discards for obvious
> spam which keeps you from being part of the backscatter problem.
> A large percentage of mail that makes it to my SA is clean mail. I do have the
> occasional false positive but we quarantine everything and can release it as
> needed. I have never had customer ask to release a message that scored 2x
> above our block threshold or had a virus so these are definitely safe to silent
> discard as long as local laws allow it.
"so silent discards happen" and "false positive but we quarantine
everything and can release it" at the same time?
yes with RBL scoring, honeypot MX and so on only a very small percentage
of mail touchs SA at all - that's why it scales also with a large user
number to make the filtering before queue
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello David,
Thursday, March 26, 2015, 10:56:36 AM, you wrote:
DJ> I have never had customer ask to release a message that scored 2x
DJ> above our block threshold or had a virus so these are definitely safe to silent
DJ> discard as long as local laws allow it.
Quite, and we can and do vary the /dev/null score according to the
destination mailbox.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Laws on Quarantine, Discard, Archive, Queuing, etc. was Re: Spamassassin
not catching spam (Follow-up)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 6:56 AM, David Jones wrote:
> I do have the
> occasional false positive but we quarantine everything and can release it as
> needed. I have never had customer ask to release a message that scored 2x
> above our block threshold or had a virus so these are definitely safe to silent
> discard as long as local laws allow it.
Out of interest, anyone ever run afoul of things like the EU Data
Protection Directive
(http://en.wikipedia.org/wiki/Data_Protection_Directive) and similar
laws with email quarantine, archive and queuing?
Anyone have any specific laws that have caused legal issues?
regards,
KAM
Re: Spamassassin not catching spam (Follow-up)
Posted by David Jones <dj...@ena.com>.
>________________________________________
>From: Reindl Harald <h....@thelounge.net>
>Sent: Thursday, March 26, 2015 5:20 AM
>To: users@spamassassin.apache.org
>Subject: Re: Spamassassin not catching spam (Follow-up)
>Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail:
>> On 3/26/2015 2:53 AM, Reindl Harald wrote:
>>>
>>> Am 26.03.2015 um 01:25 schrieb David F. Skoll:
>>>> On Wed, 25 Mar 2015 16:08:34 -0600
>>>> "@lbutlr" <kr...@kreme.com> wrote:
>>>>> You can reject who you want in Germany too, you just can___t delete a
>>>>> message that you___ve already accepted.
>>>>
>>>> What does "accepted" mean? Redirecting a message to /dev/null means you
>>>> didn't accept it
>>>
>>> accepted means your SMTP sevrer responded with a 250 status code and
>>> not with a 4x temporary or 5x permanent error aka rejected the message
>>>
>>> don't get me wrong but that's absolute basics
>>
>> And that is a silent discard. You are accepting responsibility for the
>> email, telling no one anything more and discarding it with out DSN/NDR
>and everybody acting that way for mails which are not only his own
>should refrain from maintain a mailserver because he is playing lottery
>with other peolles communication
I filter for over 100,000 mailboxes with MailScanner so silent discards happen
all the time with no issues from our customers. It's going to be different for
each environment so it's not a hard rule.
If you have other protections setup around SA like RBLs to reject, honeypot
MXes that tempfail, etc., then SA only has to scan a small percentage of your
messages. This equates to a very small percentage of silent discards for obvious
spam which keeps you from being part of the backscatter problem.
A large percentage of mail that makes it to my SA is clean mail. I do have the
occasional false positive but we quarantine everything and can release it as
needed. I have never had customer ask to release a message that scored 2x
above our block threshold or had a virus so these are definitely safe to silent
discard as long as local laws allow it.
Dave
Re: Spamassassin not catching spam (Follow-up)
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Thursday 26 March 2015 at 12:18:03 (EU time), Kevin A. McGrail wrote:
> stop beating a dead horse, agree to disagree and let's move on.
Thanks :)
Antony.
--
I want to build a machine that will be proud of me.
- Danny Hillis, creator of The Connection Machine
Please reply to the list;
please *don't* CC me.
Re: Spamassassin not catching spam (Follow-up)
Posted by David Jones <dj...@ena.com>.
>From: Reindl Harald <h....@thelounge.net>
>been there short ago by receive 600 backscatters about messages i never sent
Hmmm. Maybe someone on this list was trying to send you a strong hint.
For the record, that wasn't me but it did sound like a good idea to prove
a point about backscatter.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 12:18 schrieb Kevin A. McGrail:
> For example, in the scenario where server A sends a virus to your server
> B, my opinion is that I have a duty to act to protect the public at
> large and go "this is a virus, send a dsn 200 and silently discard"
and send the DSN to the forged sender - that's not "ignores the
community responsibility you have as an IT administrator" - you have the
duty to block that message, respond with a pretty clear text that it was
rejected because malware (in the best case *which* malware) and the
delivering MTA will send the bounce to his user
if the delivering machine is not a MTA but a botnet using forged senders
it won't send a NDR to the victim - the receiving MTA producing NDR's
would send to the victim of the forged envelope
been there short ago by receive 600 backscatters about messages i never sent
Re: Spamassassin not catching spam (Follow-up)
Posted by Steve Freegard <sm...@fsl.com>.
Kevin,
On 26/03/15 11:18, Kevin A. McGrail wrote:
> On 3/26/2015 7:09 AM, Reindl Harald wrote:
>> why in the world would a reject *before queue* trigger a backscatter
>> or bounce on my side?
>
> To me, your recommend action makes you only worried about your tiny star
> in the universe of mail servers and ignores the community responsibility
> you have as an IT administrator. *Your* actions are contributing to
> backscatter and you have a *choice* to handle it differently *without
> malicious intent* to make the computing world a better place. I don't
> care if your server does or doesn't end up actually sending the DSN.
>
> For example, in the scenario where server A sends a virus to your server
> B, my opinion is that I have a duty to act to protect the public at
> large and go "this is a virus, send a dsn 200 and silently discard".
>
> In any case, it does not appear you are going to change my opinion so
> stop beating a dead horse, agree to disagree and let's move on.
>
Whilst I don't agree with Harald about the complete ban on silent
discards; there is a time and place for any and all means at our
disposal as e-mail administrators provided some common sense is applied,
however I really don't agree with your viewpoint about rejections here:
> For example, in the scenario where server A sends a virus to your server
> B, my opinion is that I have a duty to act to protect the public at
> large and go "this is a virus, send a dsn 200 and silently discard".
In this case if server B rejects the message outright, then it is server
A's responsibility to create a DSN/MDN and that absolutely doesn't make
server B at fault at all, there is no 'community responsibility' to
discard it whatsoever.
The biggest common cause for backscatter is all of the e-mail admins
that have systems that don't reject invalid recipients at SMTP time but
instead accept all recipients and then cause the MTA to bounce the
message back to the return-path when the delivery fails. It's these
folks and their vendors that have a community responsibility to clean up
their act.
Kind regards,
Steve.
Re: Spamassassin not catching spam (Follow-up)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 7:09 AM, Reindl Harald wrote:
> why in the world would a reject *before queue* trigger a backscatter
> or bounce on my side?
To me, your recommend action makes you only worried about your tiny star
in the universe of mail servers and ignores the community responsibility
you have as an IT administrator. *Your* actions are contributing to
backscatter and you have a *choice* to handle it differently *without
malicious intent* to make the computing world a better place. I don't
care if your server does or doesn't end up actually sending the DSN.
For example, in the scenario where server A sends a virus to your server
B, my opinion is that I have a duty to act to protect the public at
large and go "this is a virus, send a dsn 200 and silently discard".
In any case, it does not appear you are going to change my opinion so
stop beating a dead horse, agree to disagree and let's move on.
Regards,
KAM
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 13:54 schrieb Reindl Harald:
>> Solve that problem, and then I agree with you. And saying "well, don't
>> let different end-users have different settings" is not a solution.
>> Neither is "tempfail all recipients but the first so the message
>> is transmitted one time for each recipient."
>
> the same way you reject a mail with a invalid recipient and two valid
> ones - as you can see below spamass-milter anyways get a seperate copy
> for scanning to change the overall score based on envelopes (from as
> well as too) based on
> http://comments.gmane.org/gmane.mail.postfix.user/193456
>
> X-Local-Envelope-From: <re...@gmail.com>
> X-Local-Envelope-To: <h....@thelounge.net>
> Received: from mail-ig0-f171.google.com
> Message-ID:
> <CA...@mail.gmail.com>
>
> X-Local-Envelope-From: <re...@gmail.com>
> X-Local-Envelope-To: <ha...@rhsoft.net>
> Received: from mail-ie0-f177.google.com
> Message-ID:
> <CA...@mail.gmail.com>
and in fact both messages got a different score because my coampany
address is in "MOST_SPAM" and my private one in "MANY_SPAM"
X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Steve Freegard <sm...@fsl.com>.
On 26/03/15 22:23, Tom Hendrikx wrote:
>>
>> Your single message was delivered by two different hosts, with a
>> single recipient in each.
>>
>
> This is actually very logical because the recipients don't share the
> same MX hosts or IP addresses.
*nod* - I'd missed that fact when I glanced over this thread.
However, Gmail splits all multiple recipient messages into separate
deliveries regardless as to whether the all recipients are in the same
domain or not.
> Ok, so the machine accepts both addresses, but rejects at end-of-data.
> Harald, if one of the used recipient addresses accepts all spam
> messages (all_spam_to), you should have one copy of the message,
> right? Could you share the result of my test with us?
Yeah; my bet is that your test wasn't delivered at all.
Imagine the confusion that would be caused if you delivered a copy of a
message that you rejected to one of the recipients, the sender would get
a bounce and think that neither was successful...
Regards,
Steve.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Tom Hendrikx <to...@whyscream.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 26-03-15 17:28, Steve Freegard wrote:
> On 26/03/15 13:47, Reindl Harald wrote:
>
>> that below was *one* message with two different recipients
>>
>> X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
>> X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0
>>
>
> I hate to piss on your parade, but your example here is totally
> flawed; this mail from from Gmail right?
>
>> X-Local-Envelope-From: <re...@gmail.com>
>> X-Local-Envelope-To: <h....@thelounge.net> Received: from
>> mail-ig0-f171.google.com Message-ID:
>> <CA...@mail.gmail.com>
>>
>>
>>
>>
X-Local-Envelope-From: <re...@gmail.com>
>> X-Local-Envelope-To: <ha...@rhsoft.net> Received: from
>> mail-ie0-f177.google.com Message-ID:
>> <CA...@mail.gmail.com>
>
>>
>>
> Gmail splits multi-recipient mail into separate deliveries, so
> whilst you sent a single message to multiple recipients at your
> domain from Gmail, what the big Goog does is turn that into two
> separate messages that are delivered separately.
>
> Whilst the messages have identical Message-ID headers - you missed
> this bit:
>
>> Received: from mail-ig0-f171.google.com Received: from
>> mail-ie0-f177.google.com
>
> Your single message was delivered by two different hosts, with a
> single recipient in each.
>
This is actually very logical because the recipients don't share the
same MX hosts or IP addresses. But as Harald shows in his logs that
the mail ends up at the same machine, and I'm really interested how it
actually works, I did some old-fashioned telnet:
- ----8<-------------------------
$ telnet mail-gw.thelounge.net. 25
Trying 91.118.73.19...
Connected to mail-gw.thelounge.net.
Escape character is '^]'.
220-mail-gw.thelounge.net ESMTP Spamfirewall (Enforcing
SMTP-Compliance, PTR/HELO/RBL-Checks, SPF-Policies and
Sender-Verification)
220 mail-gw.thelounge.net ESMTP Spamfirewall (Enforcing
SMTP-Compliance, PTR/HELO/RBL-Checks, SPF-Policies and
Sender-Verification)
helo valerie.whyscream.net
250 mail-gw.thelounge.net
mail from:<to...@whyscream.net>
250 2.1.0 Ok
rcpt to:<ha...@rhsoft.net>
250 2.1.5 Ok
rcpt to:<h....@thelounge.net>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test message for spamassassin user mailing list
This is the gtube:
<actual gtube string stripped>
.
550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
tech-support first, time: Mar 26 23:06:06, client: 89.105.204.244,
server: mail-gw.thelounge.net, contact: <po...@thelounge.net>
+4315953999
quit
221 2.0.0 Bye
Connection closed by foreign host.
- ----8<-------------------------
Ok, so the machine accepts both addresses, but rejects at end-of-data.
Harald, if one of the used recipient addresses accepts all spam
messages (all_spam_to), you should have one copy of the message,
right? Could you share the result of my test with us?
Kind regards,
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVFIbYAAoJEJPfMZ19VO/1n3IP+waEs4/mbCA0PP9VB4oHmEGL
GTvGom+7Qmr1OknbNSHVnKdcN5+zSkNQEcd2poGBH/iU36I1aWlLNUfpstH0XeFI
iY1JognVE67LSqHA6Y1Q0bGdDrJSLg8QeYB961n7biBDnWphfUwOevC9F2cP/10k
KaLHg+MRlMUF/1MHqZlDJqhF0XM0dPapKReBAmQ4/PiCZnQ/xHG05qY37ruL/xz0
xBjWU2Dfkri6lC3MAH+p1X/2YyLVx9pi+rUzMUXiYJbR6ihKFHarOrd0Z9hEacPr
0Eyaryv89qPRUpV2cuPudpFOb3Twk2mXXH6IFQKSFyKBM33WyC/iCkKVrTYR28Sp
J5pg2O8V1PSsnkjHZzj1sEA/GeKOTNGyl6jh1XC2ofctKmGrXtOxrIg2ubImHRzK
sIfKizbjRP5/NJum/y0xTYGo+huT1wIxBS0ntSaHtCHS6gwMovHCHR8T84UdVO+S
Q/xDu8+2mpt5h4XNqcOQMePoyL2hSW/Yywh78+jFuUmesLrornsk8pz6TdgIb7Lq
aDxQ8xnuoUyBASnzTjfGhhuKmiIGCzv0dEMu1NAuL7X/w/P1dRjYx79bIHzWLYR0
wkj3vCeqxmAbOzujNY3zsh9LKUfNDcqY7Bj2hPgM1QSDQRVGegkF1bR4bNo0OpG2
tdE13QR2C1SrW2UYrsD5
=C7pe
-----END PGP SIGNATURE-----
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Steve Freegard <sm...@fsl.com>.
On 26/03/15 13:47, Reindl Harald wrote:
> that below was *one* message with two different recipients
>
> X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
> X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0
>
I hate to piss on your parade, but your example here is totally flawed;
this mail from from Gmail right?
> X-Local-Envelope-From: <re...@gmail.com>
> X-Local-Envelope-To: <h....@thelounge.net>
> Received: from mail-ig0-f171.google.com
> Message-ID:
> <CA...@mail.gmail.com>
>
> X-Local-Envelope-From: <re...@gmail.com>
> X-Local-Envelope-To: <ha...@rhsoft.net>
> Received: from mail-ie0-f177.google.com
> Message-ID:
> <CA...@mail.gmail.com>
Gmail splits multi-recipient mail into separate deliveries, so whilst
you sent a single message to multiple recipients at your domain from
Gmail, what the big Goog does is turn that into two separate messages
that are delivered separately.
Whilst the messages have identical Message-ID headers - you missed this bit:
> Received: from mail-ig0-f171.google.com
> Received: from mail-ie0-f177.google.com
Your single message was delivered by two different hosts, with a single
recipient in each.
If you actually got a real message to multiple recipients in one SMTP
transaction, you can't accept one and reject the other once you've
entered the DATA phase because your decision becomes binary at that
point: either accept, defer or reject the message for *all* recipients
as David points out.
Regards,
Steve.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 15:58 schrieb Antony Stone:
> On Thursday 26 March 2015 at 15:55:52 (EU time), Reindl Harald wrote:
>> Am 26.03.2015 um 15:52 schrieb Antony Stone:
>>
>>> Surely this message is backscatter, though?
>>>
>>> It's being sent to the (apparent) sender, in response to a message which
>>> you know is identified as spam
>>
>> NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
>> that is NOT the apparent sender - it IS the sender
>>
>> it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
>> a backscatter would have been when my mailserver hd sent the bounce
>
> Okay, thanks for the clarification - but there's no need to shout
it is after talking wasted hours about the difference of
* reject
* accept and discard
* accept and send a bounce
and my mail even contained the logs while a reject *by definition* can't
be a backscatter which is the whole purpose of reject the SMTP session
instead issue a 2xx status code
Mar 26 15:22:51 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y:
milter-reject: END-OF-MESSAGE from
mail-ie0-f177.google.com[209.85.223.177]: 5.7.1 Blocked by Spamfilter;
from=<re...@gmail.com> to=<ad...@rhsoft.net> proto=ESMTP
helo=<mail-ie0-f177.google.com>
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Thursday 26 March 2015 at 15:55:52 (EU time), Reindl Harald wrote:
> Am 26.03.2015 um 15:52 schrieb Antony Stone:
>
> > Surely this message is backscatter, though?
> >
> > It's being sent to the (apparent) sender, in response to a message which
> > you know is identified as spam
>
> NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
> that is NOT the apparent sender - it IS the sender
>
> it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
> a backscatter would have been when my mailserver hd sent the bounce
Okay, thanks for the clarification - but there's no need to shout.
Antony.
--
Never automate fully anything that does not have a manual override capability.
Never design anything that cannot work under degraded conditions in emergency.
Please reply to the list;
please *don't* CC me.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 16:19 schrieb Kevin A. McGrail:
> On 3/26/2015 11:11 AM, Robert Schetterer wrote:
>> what he describes is not backscatter, cause the mail is rejected during
>> smtp imcome stage, wich means the server simply didnt take the mail
>> during the running smtp session,
> This argument to me assumes that their isn't a server in the middle of
> the relay. Not everything is edge to edge, point A to B. Lots of
> backscatter comes from attacking secondary MX's and
well, in case it is not edge-to-edge (backup MX and so on) you need to
make sure that the backup MX has the same filter quality as the primary
and in any case use a different port without restricitions for deliver
that mails to the primary later
to say it short: the whole mail environment needs to be desigend from
the start to a) reject a message or b) after answer with 2xx deliver it
to minimize backscatters *and* provide reliable mailflow
> just because you 5xx doesn't mean it doesn't cause backscatter
only if the sending environment is configured wrong, but in any case
*you* are not triggering the backscatter and if we argue that way we
also would need to stop using RBL's which rejects a majority of all
incoming spam
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 16:19 schrieb Kevin A. McGrail:
> On 3/26/2015 11:11 AM, Robert Schetterer wrote:
>> what he describes is not backscatter, cause the mail is rejected during
>> smtp imcome stage, wich means the server simply didnt take the mail
>> during the running smtp session,
> This argument to me assumes that their isn't a server in the middle of
> the relay. Not everything is edge to edge, point A to B. Lots of
> backscatter comes from attacking secondary MX's and just because you 5xx
> doesn't mean it doesn't cause backscatter.
>
> Regards,
> KAM
whats the problem, you only need to take care of your mailservers are
working the right way, for sure gateways make things more difficult
but not unsolvable
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 11:11 AM, Robert Schetterer wrote:
> what he describes is not backscatter, cause the mail is rejected during
> smtp imcome stage, wich means the server simply didnt take the mail
> during the running smtp session,
This argument to me assumes that their isn't a server in the middle of
the relay. Not everything is edge to edge, point A to B. Lots of
backscatter comes from attacking secondary MX's and just because you 5xx
doesn't mean it doesn't cause backscatter.
Regards,
KAM
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 15:55 schrieb Reindl Harald:
>
> Am 26.03.2015 um 15:52 schrieb Antony Stone:
>> On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote:
>>
>>> Delivery to the following recipient failed permanently:
>>>
>>> admin@rhsoft.net
>>>
>>> Technical details of permanent failure:
>>> Google tried to deliver your message, but it was rejected by the server
>>> for the recipient domain rhsoft.net by mail-gw.thelounge.net.
>>> [91.118.73.19].
>>>
>>> The error that the other server returned was:
>>> 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
>>> tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
>>> server: mail-gw.thelounge.net, contact: <po...@thelounge.net>
>>> +4315953999
>>
>> Surely this message is backscatter, though?
>>
>> It's being sent to the (apparent) sender, in response to a message
>> which you
>> know is identified as spam
>
> NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
> that is NOT the apparent sender - it IS the sender
>
> it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
> a backscatter would have been when my mailserver hd sent the bounce
>
Harald is very unfriendly sometimes , but he is right
what he describes is not backscatter, cause the mail is rejected during
smtp imcome stage, wich means the server simply didnt take the mail
during the running smtp session,
milter are running as before-queue !
typical milters are spamass-milter, clamav-milter amavis-milter
youre right it may not optimal with more recipients "sometimes"
but good enough in real world, also you may combine it with any other
after-queue content filter
backscatter would mean accept the mail and bounce it back later to i.e a
forged sender
study
http://www.postfix.org/MILTER_README.html
http://www.postfix.org/FILTER_README.html
http://www.postfix.org/BACKSCATTER_README.html
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 15:52 schrieb Antony Stone:
> On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote:
>
>> Delivery to the following recipient failed permanently:
>>
>> admin@rhsoft.net
>>
>> Technical details of permanent failure:
>> Google tried to deliver your message, but it was rejected by the server
>> for the recipient domain rhsoft.net by mail-gw.thelounge.net.
>> [91.118.73.19].
>>
>> The error that the other server returned was:
>> 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
>> tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
>> server: mail-gw.thelounge.net, contact: <po...@thelounge.net>
>> +4315953999
>
> Surely this message is backscatter, though?
>
> It's being sent to the (apparent) sender, in response to a message which you
> know is identified as spam
NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
that is NOT the apparent sender - it IS the sender
it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
a backscatter would have been when my mailserver hd sent the bounce
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote:
> Delivery to the following recipient failed permanently:
>
> admin@rhsoft.net
>
> Technical details of permanent failure:
> Google tried to deliver your message, but it was rejected by the server
> for the recipient domain rhsoft.net by mail-gw.thelounge.net.
> [91.118.73.19].
>
> The error that the other server returned was:
> 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
> tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
> server: mail-gw.thelounge.net, contact: <po...@thelounge.net>
> +4315953999
Surely this message is backscatter, though?
It's being sent to the (apparent) sender, in response to a message which you
know is identified as spam.
Antony.
--
"Linux is going to be part of the future. It's going to be like Unix was."
- Peter Moore, Asia-Pacific general manager, Microsoft
Please reply to the list;
please *don't* CC me.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On Thu, 26 Mar 2015 10:12:22 -0500 (CDT)
>Dave Funk <db...@engineering.uiowa.edu> wrote:
>
>> If they are compatible you respond with a 250, if not with a 452 (or
>> other 45* type reply).
On 26.03.15 11:52, David F. Skoll wrote:
>We looked at doing this. There are some serious downsides:
>
>1) Some senders (for example, mailing list tools) send to quite a number
>of recipients at once. 30 or even 100 is not out of the question.
>If all of them have different policies, the last recipient is going to
>wait a very long time indeed to receive his or her email.
FYI: all SMTP RFCs yet require accepting at least 100 recipients at once.
(I don't want to discuss this, just to note...)
in such case, either spam is refused with sane defaults, or mail is accepted
and should be handles as accepted (e.g. delivered to spam folder).
>2) Some marginal SMTP software (old versions of Novell Groupwise, I
>think? Can't recall exactly) does not handle 4xx responses to RCPT:
>very well. It basically converts them to 5xx.
that is very old (and very broken) SMTP software, and since 4xx code can
result because of different issues, I don't think we should take this into
account
>3) You have no control over the retry interval or retention time on the
>SMTP client. It's not unimaginable that some messages simply won't get
>delivered because the SMTP client gives up. Some SMTP clients use
>an exponential backoff algorithm rather than a constant retry interval,
>and that can be disastrous in this situation.
clients with exponential backoff interval should be safe here... the others
might not :-)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 10:12:22 -0500 (CDT)
Dave Funk <db...@engineering.uiowa.edu> wrote:
> If they are compatible you respond with a 250, if not with a 452 (or
> other 45* type reply).
We looked at doing this. There are some serious downsides:
1) Some senders (for example, mailing list tools) send to quite a number
of recipients at once. 30 or even 100 is not out of the question.
If all of them have different policies, the last recipient is going to
wait a very long time indeed to receive his or her email.
2) Some marginal SMTP software (old versions of Novell Groupwise, I
think? Can't recall exactly) does not handle 4xx responses to RCPT:
very well. It basically converts them to 5xx.
3) You have no control over the retry interval or retention time on the
SMTP client. It's not unimaginable that some messages simply won't get
delivered because the SMTP client gives up. Some SMTP clients use
an exponential backoff algorithm rather than a constant retry interval,
and that can be disastrous in this situation.
> Note that Gmail is already doing something like this (the "multiple
> destinations not supported in one transaction" status).
You can possibly get away with it on a per-domain rather than
per-recipient basis because you're unlikely to have a single message
coming in for more than a handful of different domains. Even so, it's
risky IMO.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Dave Funk <db...@engineering.uiowa.edu>.
On Thu, 26 Mar 2015, Kris Deugau wrote:
> David F. Skoll wrote:
>> On Thu, 26 Mar 2015 15:05:06 +0100
>> Reindl Harald <h....@thelounge.net> wrote:
>>
>>> * spamass-milter -r 8.0
>>> * messages above 8.0 are *rejected*
>>
>> Silently? Or do you generate an NDR? I'm genuinely curious as to how you:
>>
>> 1) Accept mail for some recipients
>>
>> 2) Reject mail for others
>>
>> 3) Without generating backscatter
>>
>> 4) Given that the messages are sent in the same SMTP session with
>> multiple RCPTs and only one DATA.
>
> For those of you still a little puzzled, here's an example of what David
> is asking about. In the following SMTP transaction, how to you reject
> the message for receip1, while accepting the message for recip2?
>
> $ telnet mx.example.org 25
> << 220 example.org, talk to me
>>> helo sending.server
> << 250 Hello, friend!
>>> mail from:imma.spammer@example.com
> << 250 OK, send this to who?
>>> rcpt to:recip1@example.org
> << 250 OK
>>> rcpt to:recip2@example.org
> << 250 OK
>>> DATA
> << 354 Now for the message
>>> <fill in a really spammy message>
>>> .
>
> At this point you have one message, scoring > 8 points. Recipient 1
> absolutely requires all mail to be delivered to their Inbox, with a
> Subject tag in the case of mail considered spam. Recipient 2 wants mail
> scoring > 8 points to be rejected.
>
> What SMTP response to you send? You can only send one response, since
> you only have one message, but you have two recipients with conflicting
> filter policies.
At that stage you're stuck, there is no way out of that box.
To achieve the desired results you need business logic in your pre-queue
/ milter filter to do a triage during the 'rcpt' stage.
You need a database of recipient classes to indicate whether the recipient
is a spam-lover or a spam-hater.
At the first recipient you look up that address and set a state variable
for that session (call it love-hate). As each additional recipient comes in
you compare his class against the love-hate setting for the current
session. If they are compatible you respond with a 250, if not with a 452
(or other 45* type reply). This way the sender is responsible for queuing
those recipients and trying again in another SMTP session.
Then all the recipients in one session can be treated equally WRT the
handling of reject/accept based upon some future state (EG spammyness
of the message).
That logic can be extended to more than just spam love/hate status,
just need some kind of business logic that sets the compatibility
matrix at the beginning of a session and 452's any recipient that
isn't compatible.
Note that Gmail is already doing something like this (the "multiple
destinations not supported in one transaction" status).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Kris Deugau <kd...@vianet.ca>.
David F. Skoll wrote:
> On Thu, 26 Mar 2015 15:05:06 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> * spamass-milter -r 8.0
>> * messages above 8.0 are *rejected*
>
> Silently? Or do you generate an NDR? I'm genuinely curious as to how you:
>
> 1) Accept mail for some recipients
>
> 2) Reject mail for others
>
> 3) Without generating backscatter
>
> 4) Given that the messages are sent in the same SMTP session with
> multiple RCPTs and only one DATA.
For those of you still a little puzzled, here's an example of what David
is asking about. In the following SMTP transaction, how to you reject
the message for receip1, while accepting the message for recip2?
$ telnet mx.example.org 25
<< 220 example.org, talk to me
>> helo sending.server
<< 250 Hello, friend!
>> mail from:imma.spammer@example.com
<< 250 OK, send this to who?
>> rcpt to:recip1@example.org
<< 250 OK
>> rcpt to:recip2@example.org
<< 250 OK
>> DATA
<< 354 Now for the message
>> <fill in a really spammy message>
>> .
At this point you have one message, scoring > 8 points. Recipient 1
absolutely requires all mail to be delivered to their Inbox, with a
Subject tag in the case of mail considered spam. Recipient 2 wants mail
scoring > 8 points to be rejected.
What SMTP response to you send? You can only send one response, since
you only have one message, but you have two recipients with conflicting
filter policies.
-kgd
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 15:45:07 +0100
Reindl Harald <h....@thelounge.net> wrote:
> boah postfix responds with a "postfix/cleanup[21827]: 3lCS043tlCz1l:
> milter-reject: END-OF-MESSAGE" to the delivering client and the
> server on the other side generates a bounce containing the reject
> message
So then the sender thinks that neither address was delivered, when in
fact one copy was.
I suppose that is a "solution" to the problem I posed, though IMO not a
good one. :)
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 15:08 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 15:05:06 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> * spamass-milter -r 8.0
>> * messages above 8.0 are *rejected*
>
> Silently? Or do you generate an NDR? I'm genuinely curious as to how you:
i explained it multiple times, look at the logs at bottom
From: Harald Reindl <re...@gmail.com>
To: TL Reindl Harald <h....@thelounge.net>
Cc: admin@rhsoft.net
> 1) Accept mail for some recipients
postfix hands different copies to the milter
otherwise the won't have different Envelope-Headers
> 2) Reject mail for others
postfix hands different copies to the milter
otherwise the won't have different Envelope-Headers
> 3) Without generating backscatter
why should postfix generate a backscatter?
the connection to the delivering client is open, that's the purpose of a
milter, postfix answers with a reject
> 4) Given that the messages are sent in the same SMTP session with
> multiple RCPTs and only one DATA.
boah postfix responds with a "postfix/cleanup[21827]: 3lCS043tlCz1l:
milter-reject: END-OF-MESSAGE" to the delivering client and the server
on the other side generates a bounce containing the reject message
>> the only question i ask myself is why i waste my time with so much
>> ignorance and provocation on the other side
>
> Don't call people names, please. It's a waste of bandwidth. I think
> I've been pretty polite and I also believe I have pretty good
> sysadmin/email credentials
one message is to the adrress i am using here is delivered, the other to
admin@rhsoft.net got rejected by the milter and even the bounce from
gmail contains the correct one
Mar 26 15:22:48 mail-gw postfix/smtpd[21928]: 3lCT6w0F9Fz20:
client=mail-ig0-f179.google.com[209.85.213.179]
Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y:
message-id=<CA...@mail.gmail.com>
Mar 26 15:22:48 mail-gw spamd[5735]: spamd: processing message
<CA...@mail.gmail.com> for
sa-milt:189
Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20:
message-id=<CA...@mail.gmail.com>
Mar 26 15:22:48 mail-gw spamd[5736]: spamd: processing message
<CA...@mail.gmail.com> for
sa-milt:189
_________________________________________________
[root@mail-gw:~]$ cat maillog | grep 3lCT6v6FXRz1y
Mar 26 15:22:47 mail-gw postfix/smtpd[21940]: 3lCT6v6FXRz1y:
client=mail-ie0-f177.google.com[209.85.223.177]
Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y:
message-id=<CA...@mail.gmail.com>
Mar 26 15:22:51 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y:
milter-reject: END-OF-MESSAGE from
mail-ie0-f177.google.com[209.85.223.177]: 5.7.1 Blocked by Spamfilter;
from=<re...@gmail.com> to=<ad...@rhsoft.net> proto=ESMTP
helo=<mail-ie0-f177.google.com>
[root@mail-gw:~]$ cat maillog | grep 3lCT6w0F9Fz20
Mar 26 15:22:48 mail-gw postfix/smtpd[21928]: 3lCT6w0F9Fz20:
client=mail-ig0-f179.google.com[209.85.213.179]
Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20:
message-id=<CA...@mail.gmail.com>
Mar 26 15:22:53 mail-gw postfix/qmgr[7240]: 3lCT6w0F9Fz20:
from=<re...@gmail.com>, size=2144, nrcpt=1 (queue active)
Mar 26 15:22:53 mail-gw postfix/smtp[22684]: 3lCT6w0F9Fz20:
to=<h....@thelounge.net>, relay=10.0.0.15[10.0.0.15]:10027,
delay=5.7, delays=5.6/0/0.04/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 3lCT715134z36)
Mar 26 15:22:53 mail-gw postfix/qmgr[7240]: 3lCT6w0F9Fz20: removed
_________________________________________________
[root@mail-gw:~]$ cat maillog | grep
CAAcbkvN7BpCmrEkgfiMZBbxi51Exp5428Vnv4YQuaH6g=L7kKg@mail.gmail.com
Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y:
message-id=<CA...@mail.gmail.com>
Mar 26 15:22:48 mail-gw spamd[5735]: spamd: processing message
<CA...@mail.gmail.com> for
sa-milt:189
Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20:
message-id=<CA...@mail.gmail.com>
Mar 26 15:22:48 mail-gw spamd[5736]: spamd: processing message
<CA...@mail.gmail.com> for
sa-milt:189
Mar 26 15:22:51 mail-gw spamd[5735]: spamd: result: Y 10 -
BAYES_50,CUST_DNSWL_4,CUST_DNSWL_5,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H2,SPF_PASS,SUBJ_ALL_CAPS,TVD_SPACE_RATIO,URIBL_BLACK
scantime=3.2,size=2076,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=19453,mid=<CA...@mail.gmail.com>,bayes=0.499601,autolearn=disabled
Mar 26 15:22:53 mail-gw spamd[5736]: spamd: result: . 4 -
BAYES_50,CUST_DNSWL_4,CUST_DNSWL_5,CUST_MOST_SPAM_TO,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS,SUBJ_ALL_CAPS,TVD_SPACE_RATIO,URIBL_BLACK
scantime=5.3,size=2095,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=19455,mid=<CA...@mail.gmail.com>,bayes=0.499644,autolearn=disabled
_________________________________________________
Delivery to the following recipient failed permanently:
admin@rhsoft.net
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server
for the recipient domain rhsoft.net by mail-gw.thelounge.net.
[91.118.73.19].
The error that the other server returned was:
550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
server: mail-gw.thelounge.net, contact: <po...@thelounge.net>
+4315953999
----- Original message -----
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:cc:content-type;
bh=rZ88tIuyvZY7stqgf80rznf9nvDSV06tEYN4V5haGjU=;
b=uoGlds4gqpJ/2XVOBxV6xRzpQD7o7GEspHIEsnZXiqFgtodLGjkjvzLZVTGe92LKmy
6cAnPxgV3BD+Gi1vDQiGmWE7HkHASTjQU7dHywjc5HvCLDTAYT85YwY9vk7erXqGiF+3
TCZUzI3d1nJuG6Eaw0TZhgRIhhyEiSplIn/RMl3DVqwl59LperVY+vIC6K9GkTQiV6QO
a89c4EIcw5W+TSmhTeTyVEUAwKOqKOgXpJNEWzIsyFYJvchH94JrUq1sNsrKMOpqaBh2
zHWXWbCEXOOetc6+36Pe74o1dmHVeKGJd7tZQm+aWjdvyC65jtDKmzAR0sW41V84AtWM
OaOQ==
MIME-Version: 1.0
X-Received: by 10.107.165.68 with SMTP id o65mr21526283ioe.56.1427379766436;
Thu, 26 Mar 2015 07:22:46 -0700 (PDT)
Received: by 10.64.248.228 with HTTP; Thu, 26 Mar 2015 07:22:46 -0700 (PDT)
Date: Thu, 26 Mar 2015 15:22:46 +0100
Message-ID:
<CA...@mail.gmail.com>
Subject: URIBL AGAIN
From: Harald Reindl <re...@gmail.com>
To: TL Reindl Harald <h....@thelounge.net>
Cc: admin@rhsoft.net
Content-Type: multipart/alternative; boundary=001a1141bc5af0294e051231bff8
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 15:05:06 +0100
Reindl Harald <h....@thelounge.net> wrote:
> * spamass-milter -r 8.0
> * messages above 8.0 are *rejected*
Silently? Or do you generate an NDR? I'm genuinely curious as to how you:
1) Accept mail for some recipients
2) Reject mail for others
3) Without generating backscatter
4) Given that the messages are sent in the same SMTP session with
multiple RCPTs and only one DATA.
> the only question i ask myself is why i waste my time with so much
> ignorance and provocation on the other side
Don't call people names, please. It's a waste of bandwidth. I think
I've been pretty polite and I also believe I have pretty good
sysadmin/email credentials.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:57 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:47:16 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> i proved you that i can assign differnt scores to a single message
>> with more than one recipients *per recipient*
>
> Assigning scores is passive. What do you do with the scored messages?
> If all your users are content to use tagging only, and never discard
> messages that are tagged highly, then yes... you've solved a limited
> version of the problem.
>
> In the real world, users are not willing to accept that. They just
> want spam *gone*. They don't even want to see or deal with it in any
> way
the scores are *not* passive
* spamass-milter -r 8.0
* messages above 8.0 are *rejected*
* as i have proven spamass-milter get a own copy
of multi-rcpt messages for each, hands that single
messages to spamc and decides based on the header
if that message is rejected
* so the one copy with 9.5 points is rejected
* the copy with 6.0 points got tagged
* the copy to a user in "all_spam_to" is not because the negative score
the only thing i need to do is put users/domains into the suiteable
groups to apply a different scoring - that's it - done, it works
if you would have read my first response *completly* you would have
understodd that instead start a mail flood and make bad blood everywhere
the only question i ask myself is why i waste my time with so much
ignorance and provocation on the other side
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:47:16 +0100
Reindl Harald <h....@thelounge.net> wrote:
> i proved you that i can assign differnt scores to a single message
> with more than one recipients *per recipient*
Assigning scores is passive. What do you do with the scored messages?
If all your users are content to use tagging only, and never discard
messages that are tagged highly, then yes... you've solved a limited
version of the problem.
In the real world, users are not willing to accept that. They just
want spam *gone*. They don't even want to see or deal with it in any
way.
> > Then you're breaking German law
> OK, you really just provocate, otherwise you would not bring that
> when we talk about rejects and not discarding
I'm not provoking, truly. I'm genuinely curious why you think a 5xx reject
is legal according to the law you cited whereas a 2xx discard is not.
I really cannot see the logic for that assumption; in either case
you are "suppressing" data.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:37 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:33:08 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> boah - spamass-milter *rejects* above 8.0 points based on the header
>
> What if one of the recipients is opted-out and has categorically stated
> that he/she wants to receive every piece of email?
is your intention to provocate me until i call you names or what's the
purpose of strip out all relevant parts of my repsones?
i proved you that i can assign differnt scores to a single message with
more than one recipients *per recipient* and so i can place a domain or
rcpt into "all_spam_to" and assign "score USER_IN_ALL_SPAM_TO -1000" and
so the score for messages to that user hardly reach 8.0 points
that below was *one* message with two different recipients
X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0
> Then you're breaking German law
OK, you really just provocate, otherwise you would not bring that when
we talk about rejects and not discarding
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:33:08 +0100
Reindl Harald <h....@thelounge.net> wrote:
> boah - spamass-milter *rejects* above 8.0 points based on the header
What if one of the recipients is opted-out and has categorically stated
that he/she wants to receive every piece of email? Then you're
breaking German law.
> basicly you pretend there is no solution while you just close your
> eyes and ignore it
I'm pretty sure there's no solution. You haven't given us one; rather,
you've changed the terms of the problem until it is solveable.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:27 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:14:10 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>>> That is a non-solution. You are assuming all users have the same
>>> criteria for what is or isn't spammy content.
>
>> you stopped premature reading my repsonse - WHY?
>> look again at the "X-Spam-Status" header below
>> a single mail sent from gmail to 2 addresses i own
>
> That works for tagging. What do you do with highly-spammy mail? You
> discard it, or you don't read it which amounts to the same thing.
boah - spamass-milter *rejects* above 8.0 points based on the header
and as you can see the mail with 2 different RCPT got passed *twice* to
the milter, hence both copies got a different header and so finally the
milter can reject one while pass the other *because* both have different
scores in the header responsible for that decision
> Most of our users do not use or want tagging. They want good mail
> delivered, somewhat spammy mail quarantined for human review, and very
> spammy mail discarded, no questions asked.
>
> Basically, there is no solution to the problem I posed and yet you
> ignore that fact
basicly you pretend there is no solution while you just close your eyes
and ignore it
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:14:10 +0100
Reindl Harald <h....@thelounge.net> wrote:
> > That is a non-solution. You are assuming all users have the same
> > criteria for what is or isn't spammy content.
> you stopped premature reading my repsonse - WHY?
> look again at the "X-Spam-Status" header below
> a single mail sent from gmail to 2 addresses i own
That works for tagging. What do you do with highly-spammy mail? You
discard it, or you don't read it which amounts to the same thing.
Most of our users do not use or want tagging. They want good mail
delivered, somewhat spammy mail quarantined for human review, and very
spammy mail discarded, no questions asked.
Basically, there is no solution to the problem I posed and yet you
ignore that fact.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:04 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 13:54:45 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>>> 1) Directed to multiple recipients...
>
>> the content is the same, reject it or not
>
> That is a non-solution. You are assuming all users have the same
> criteria for what is or isn't spammy content.
you stopped premature reading my repsonse - WHY?
look again at the "X-Spam-Status" header below
a single mail sent from gmail to 2 addresses i own
X-Local-Envelope-From: <re...@gmail.com>
X-Local-Envelope-To: <h....@thelounge.net>
Received: from mail-ig0-f171.google.com
Message-ID:
<CA...@mail.gmail.com>
X-Local-Envelope-From: <re...@gmail.com>
X-Local-Envelope-To: <ha...@rhsoft.net>
Received: from mail-ie0-f177.google.com
Message-ID:
<CA...@mail.gmail.com>
and in fact both messages got a different score because my coampany
address is in "MOST_SPAM" and my private one in "MANY_SPAM"
X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0
>> the same way you reject a mail with a invalid recipient and two valid
>> ones
>
> Very clever... except you cannot do any content scanning until you've
> already accepted all of the RCPT: commands.
and how does that matter?
there is a reason that typical bounce messages contains "to one or more
recipients" - and the bounce of the delivering server just contains the
response of the destination - nothing new
> Care to try solving again? You solve the problem of different
> content-scanning rules for different recipients, with no possibility
> of backscatter, no silent discards, and no delays due to tempfailing,
> and you'll make a fortune
it is solved, you just don't get it
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 13:54:45 +0100
Reindl Harald <h....@thelounge.net> wrote:
> > 1) Directed to multiple recipients...
> the content is the same, reject it or not
That is a non-solution. You are assuming all users have the same
criteria for what is or isn't spammy content.
> the same way you reject a mail with a invalid recipient and two valid
> ones
Very clever... except you cannot do any content scanning until you've
already accepted all of the RCPT: commands.
Care to try solving again? You solve the problem of different
content-scanning rules for different recipients, with no possibility
of backscatter, no silent discards, and no delays due to tempfailing,
and you'll make a fortune.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 13:43 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 12:09:58 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> why in the world would a reject *before queue* trigger a backscatter
>> or bounce on my side?
>
> How do you do before-queue rejection of a message that is...
>
> 1) Directed to multiple recipients...
the content is the same, reject it or not
> 2) Some of which have different spam thresholds or have even opted-out?
>
> Solve that problem, and then I agree with you. And saying "well, don't
> let different end-users have different settings" is not a solution.
> Neither is "tempfail all recipients but the first so the message
> is transmitted one time for each recipient."
the same way you reject a mail with a invalid recipient and two valid
ones - as you can see below spamass-milter anyways get a seperate copy
for scanning to change the overall score based on envelopes (from as
well as too) based on
http://comments.gmane.org/gmane.mail.postfix.user/193456
X-Local-Envelope-From: <re...@gmail.com>
X-Local-Envelope-To: <h....@thelounge.net>
Received: from mail-ig0-f171.google.com
Message-ID:
<CA...@mail.gmail.com>
X-Local-Envelope-From: <re...@gmail.com>
X-Local-Envelope-To: <ha...@rhsoft.net>
Received: from mail-ie0-f177.google.com
Message-ID:
<CA...@mail.gmail.com>
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Posted by "@lbutlr" <kr...@kreme.com>.
On 26 Mar 2015, at 06:43 , David F. Skoll <df...@roaringpenguin.com> wrote:
> On Thu, 26 Mar 2015 12:09:58 +0100 Reindl Harald <h....@thelounge.net> wrote:
>> why in the world would a reject *before queue* trigger a backscatter
>> or bounce on my side?
> How do you do before-queue rejection of a message
Reject it.
> Solve that problem, and then I agree with you. And saying "well, don't
> let different end-users have different settings" is not a solution.
> Neither is "tempfail all recipients but the first so the message
> is transmitted one time for each recipient.”
Before-queue settings are liberal and designed to REJECT messages that are obviously broken or from known spammers. These are server settings and no, users can not opt out of postscreen, for example. They also cannot choose to receive .exe files, for example.
After the message is accepted, then the message is processed much more rigorously and delivered to the user.
The USER can discard mail if they want, but the SERVER never discards messages after they’ve been accepted.
--
"He sees the good in every one. No one would ever take him for a
clergyman." -- Lucy Honeychurch
Re: Rejecting without backscatter (was Re: Spamassassin not
catching spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 11:55:27 -0400
Michael Orlitzky <mi...@orlitzky.com> wrote:
> If one of your customer domains has non-default settings, give them
> their own IP address and a separate MX record pointing to that
> address.
We filter more than 8000 domains. That is not feasible.
Regards,
David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by Michael Orlitzky <mi...@orlitzky.com>.
On 03/26/2015 08:43 AM, David F. Skoll wrote:
> On Thu, 26 Mar 2015 12:09:58 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> why in the world would a reject *before queue* trigger a backscatter
>> or bounce on my side?
>
> How do you do before-queue rejection of a message that is...
>
> 1) Directed to multiple recipients...
>
> 2) Some of which have different spam thresholds or have even opted-out?
>
> Solve that problem, and then I agree with you. And saying "well, don't
> let different end-users have different settings" is not a solution.
> Neither is "tempfail all recipients but the first so the message
> is transmitted one time for each recipient."
>
If one of your customer domains has non-default settings, give them
their own IP address and a separate MX record pointing to that address.
Then if a multi-recipient message is addressed to someone in that
domain, the sending MTA will split the message before sending it
(because it's headed to a different server, as far as the MTA knows).
Your pre-queue filter can then switch settings depending on the IP
address, and should satisfy your criteria above.
Obviously it's a little annoying to set up an MX for every such domain,
but you can charge a little PITA fee for domains that want special
treatment.
Rejecting without backscatter (was Re: Spamassassin not catching
spam (Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 12:09:58 +0100
Reindl Harald <h....@thelounge.net> wrote:
> why in the world would a reject *before queue* trigger a backscatter
> or bounce on my side?
How do you do before-queue rejection of a message that is...
1) Directed to multiple recipients...
2) Some of which have different spam thresholds or have even opted-out?
Solve that problem, and then I agree with you. And saying "well, don't
let different end-users have different settings" is not a solution.
Neither is "tempfail all recipients but the first so the message
is transmitted one time for each recipient."
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 11:58 schrieb Kevin A. McGrail:
> On 3/26/2015 6:20 AM, Reindl Harald wrote:
>>
>> and everybody acting that way for mails which are not only his own
>> should refrain from maintain a mailserver because he is playing
>> lottery with other peolles communication
>>
> You are inherently entitled to your opinion but we will have to agree to
> disagree because I believe the exact opposite that if you are not
> capable of knowing the cases to properly silently discard email than you
> have no business running a mailserver because you'll do more harm than
> good to the overall ecosystem. At a very minimum, you should fully
> understand the impact of backscatter as well as the extremely viable
> vector for spamming/spreading malware through the use of forged headers
> to relay payloads through NDRs/DSNs
why in the world would a reject *before queue* trigger a backscatter or
bounce on my side?
the whole purpose is to *not* produce bounces *nor* silent discard - the
sending MTA is repsonsible for bounces to *his* users after a reject and
a bot just ignores the reject
if you are talk about "have no business running a mailserver" and
"you'll do more harm than good" you should know that
Re: Spamassassin not catching spam (Follow-up)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 6:20 AM, Reindl Harald wrote:
>
> and everybody acting that way for mails which are not only his own
> should refrain from maintain a mailserver because he is playing
> lottery with other peolles communication
>
You are inherently entitled to your opinion but we will have to agree to
disagree because I believe the exact opposite that if you are not
capable of knowing the cases to properly silently discard email than you
have no business running a mailserver because you'll do more harm than
good to the overall ecosystem. At a very minimum, you should fully
understand the impact of backscatter as well as the extremely viable
vector for spamming/spreading malware through the use of forged headers
to relay payloads through NDRs/DSNs.
While this behavior was helpful to identify compromised machines perhaps
a decade ago, the techniques have long since switched to malicious
behavior.
Your decision and advocacy for others to follow this path makes you a
complicit bystander to how the bad guys work. And I can present facts,
RFCs, best practices, logs, legal analysis, experts on the matter, etc.
All you've stated is some amorphous laws (unquoted) based apparently in
a country where I don't live.
Additionally, you will not convince me to change with a stance akin to
politicians being infallible and that the law shouldn't be changed. If
you live in a place with such a law, you should lobby to improve the law.
I live in Virginia in the US and on the face, you might saw, OMG, KAM is
breaking the law
https://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-152.4 for
Computer Trespass. However you will notice the clause at the top that
requires "malicious intent". My intent is not malicious. My intent is
to protect the public at large.
If you run a mail server that is sending DSNs/NDRs for everything, you
might want to at least start and consider how you handle forged and
malicious emails. My strong recommendation is that you consider silent
discard of items that have extremely low FPs as a start such as items
identified as having a malicious payload by ClamAV with default rules.
I also suggest you read
http://www.pccc.com/base.cgim?template=sage_code_of_ethics I call it
the IT ten commandments and believe strongly that if you follow it in
your work, you will find yourself rising to the upper echelon of IT admins.
regards,
KAM
Re: Spamassassin not catching spam (Follow-up)
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Thursday 26 March 2015 at 11:36:36 (EU time), Reindl Harald wrote:
> Am 26.03.2015 um 11:27 schrieb Niamh Holding:
> > Hello Reindl,
> >
> > Thursday, March 26, 2015, 10:20:15 AM, you wrote:
> >
> > What make you think you have the right to tell me what's appropriate in
> > our setup?
> >
> > Arrogant or what?
>
> What make you think you have the right to put a mail for a different
> person to /dev/null without reject it proper and so sender nor RCPT are
> aware?
>
> Arrogant or what?
On Thursday 26 March 2015 at 11:32:42 (EU time), Axb wrote:
> PLEASE move this off topic noise/troll traffic to alt.test
Seconded.
Antony.
--
"The future is already here. It's just not evenly distributed yet."
- William Gibson
Re: Spamassassin not catching spam (Follow-up)
Posted by Axb <ax...@gmail.com>.
On 03/26/2015 11:27 AM, Niamh Holding wrote:
>
> Hello Reindl,
>
> Thursday, March 26, 2015, 10:20:15 AM, you wrote:
>
> RH> and everybody acting that way for mails which are not only his own
> RH> should refrain from maintain a mailserver because he is playing lottery
> RH> with other peolles communication
>
> What make you think you have the right to tell me what's appropriate in
> our setup?
>
> Arrogant or what?
>
PLEASE move this off topic noise/troll traffic to alt.test
Re: Spamassassin not catching spam (Follow-up)
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Thursday 26 March 2015 at 14:02:19 (EU time), Robert Schetterer wrote:
> Silent discard mail is mostly forbidden in the EU, but
> someone may do so with its own mail.
Does anyone here have any references to actual legislation, stating this?
I've seen several comments about this in this thread, from people in various
parts of the world, and it would be good to see what some actual laws say in
specific jurisdictions.
Thanks,
Antony.
--
A user interface is like a joke.
If you have to explain it, it didn't work.
Please reply to the list;
please *don't* CC me.
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/26/15, David F. Skoll <df...@roaringpenguin.com> wrote:
> On Thu, 26 Mar 2015 11:36:36 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> What make you think you have the right to put a mail for a different
>> person to /dev/null without reject it proper and so sender nor RCPT
>> are aware?
>
> People who sign up for our service do so knowing that we sometimes
> silently discard spam. If they don't agree, then they don't have to
> use our service.
>
Exactly, and I've never found anyone to leave over it, most people
appreciate not getting spam, they dont give a rats how we stop it
getting to them, so long as we stop it.
Re: Spamassassin not catching spam (Follow-up)
Posted by Noel Butler <no...@ausics.net>.
On 26/03/2015 23:34, David F. Skoll wrote:
> Hi,
>
> A followup:
>
> 1) has anyone been convicted under 303a StGB for suppressing email during spam filtering?
I bet not :) Its likely a law introduced to stop anally retentive jerks
from having hissy fits and deleting other peoples data, thats unlawful,
stopping deliberate spam, can be preventing stresses upon the recipient,
so could be argued as lawful destruction of data, we really need a
German lawyer (a real lawyer - not keyboard internet lawyer) to
interpret the German law. Germany has the strongest data protection laws
in the world, but I hardly doubt they were written with the intent of
protecting spammer or abusive scum.
> 2) How is rejecting with a 5xx code any less of a "suppression" of the
> data than silently discarding with a 2xx code? In either case, the
> recipient does not receive the mail. The fact that the sender is *aware*
> of the non-receipt is immaterial.
Are they? We both know 99% of deliberate spam which is likely to high
score, is sent by spoofed addresses :)
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:53:26 +0100
Reindl Harald <h....@thelounge.net> wrote:
> he is not allowed to silent throw away a letter, but if he can't
> deliver it it's sent back
"can't" deliver is different from "won't" deliver.
If you reject a message because you don't like its content, it's not
because you "can't" deliver it. It's because you don't want to deliver it.
Analogy: Suppose the post office decided to send back mail whose
content it decided it didn't like. Would that be OK?
> if you still don't accept the difference go out and call a laywer as
> others did years ago.........
Please post links to legal opinions, case law... anything at all that I
can read and study. Neither of us is a lawyer, so our opinions are worth
little.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:43 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:39:52 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> * you write a mail
>> * your server get a 5xx reject from the destination
>> * your server generates a NDR and informs you
>
>> * you write a mail
>> * your server get a 200 repsonse
>> * the destination silent discards
>
>> you *really* don't see the difference?
>
> Not with respect to to the German law, which forbids "suppressing"
> data. In either case, you have "suppressed" the data. The law
> certainly does NOT say "It's OK to suppress data if you inform the
> originator."
surely, it's handeled the same way as for a postmaster in the real world
he is not allowed to silent throw away a letter, but if he can't deliver
it it's sent back - exactly the same happens with a rejcted message - a
NDR from the sending server to his user with "undeliverable message
returned to sender"
if you still don't accept the difference go out and call a laywer as
others did years ago.........
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:39:52 +0100
Reindl Harald <h....@thelounge.net> wrote:
> * you write a mail
> * your server get a 5xx reject from the destination
> * your server generates a NDR and informs you
> * you write a mail
> * your server get a 200 repsonse
> * the destination silent discards
> you *really* don't see the difference?
Not with respect to to the German law, which forbids "suppressing"
data. In either case, you have "suppressed" the data. The law
certainly does NOT say "It's OK to suppress data if you inform the
originator."
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:34 schrieb David F. Skoll:
> 2) How is rejecting with a 5xx code any less of a "suppression" of the
> data than silently discarding with a 2xx code?
* you write a mail
* your server get a 5xx reject from the destination
* your server generates a NDR and informs you
* you write a mail
* your server get a 200 repsonse
* the destination silent discards
you *really* don't see the difference?
in the first case if the mail is important i retry, chose a different
subject or even take the phone and call the other side to find out *why*
it was rejected
in the second one i assume the other side just ignored my message
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
Hi,
A followup:
1) has anyone been convicted under 303a StGB for suppressing email during
spam filtering?
2) How is rejecting with a 5xx code any less of a "suppression" of the
data than silently discarding with a 2xx code? In either case, the
recipient does not receive the mail. The fact that the sender is *aware*
of the non-receipt is immaterial. I doubt you could escape conviction by
calling someone up and saying "I'm going to delete your sensitive data",
deleting it, and then claiming "well, he knew I deleted it."
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Noel Butler <no...@ausics.net>.
On 27/03/2015 12:23, Noel Butler wrote:
> On 26/03/2015 23:42, David F. Skoll wrote:
> On Thu, 26 Mar 2015 14:37:08 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
> i have to show nothing after for nearly a decade most german IT
> magazines had articles about that topic written by law experts
> The only link I found written by a German law expert said that
> the it "may" apply to spam filtering if the recipient did not agree
> beforehand to how the filter operates.
>
> I also suggest you ask a German law expert if rejecting with 5xx is
> materially different than silently discarding when it comes
> to "suppressing" data. Frankly, I cannot see the difference; the
> law certainly doesn't say it's OK to suppress data as long
> as you inform the originator of said data.
>
> But maybe you could link to some articles on the topic?
>
> Regards,
>
> David.
I would rather see, not an article written in some mag, but the actual
legislative law act that specifies this, any links to actual German law
about this would be more welcome.
It can (obviously) be written in German, I can understand a bit, and
what i can't I have good friend who can (he is afterall, well, German),
and failing his availability there's always google translate :)
nevermind, I've got it, going to read it after lunch
Re: Spamassassin not catching spam (Follow-up)
Posted by Noel Butler <no...@ausics.net>.
On 26/03/2015 23:42, David F. Skoll wrote:
> On Thu, 26 Mar 2015 14:37:08 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> i have to show nothing after for nearly a decade most german IT
>> magazines had articles about that topic written by law experts
>
> The only link I found written by a German law expert said that
> the it "may" apply to spam filtering if the recipient did not agree
> beforehand to how the filter operates.
>
> I also suggest you ask a German law expert if rejecting with 5xx is
> materially different than silently discarding when it comes
> to "suppressing" data. Frankly, I cannot see the difference; the
> law certainly doesn't say it's OK to suppress data as long
> as you inform the originator of said data.
>
> But maybe you could link to some articles on the topic?
>
> Regards,
>
> David.
I would rather see, not an article written in some mag, but the actual
legislative law act that specifies this, any links to actual German law
about this would be more welcome.
It can (obviously) be written in German, I can understand a bit, and
what i can't I have good friend who can (he is afterall, well, German),
and failing his availability there's always google translate :)
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:37:08 +0100
Reindl Harald <h....@thelounge.net> wrote:
> i have to show nothing after for nearly a decade most german IT
> magazines had articles about that topic written by law experts
The only link I found written by a German law expert said that
the it "may" apply to spam filtering if the recipient did not agree
beforehand to how the filter operates.
I also suggest you ask a German law expert if rejecting with 5xx is
materially different than silently discarding when it comes
to "suppressing" data. Frankly, I cannot see the difference; the
law certainly doesn't say it's OK to suppress data as long
as you inform the originator of said data.
But maybe you could link to some articles on the topic?
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:30 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:19:09 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>>> Is it? Could you perhaps point me to the EU directive stating this?
>>> I'm sure there must be lots of qualifications
>
>> in germany 2 years jail
>
> It says: "Whoever unlawfully deletes, modifies, suppresses..."
>
> You have to show that silently discarding spam (assuming you've
> informed the users you do this up-front) is "unlawful". That's
> not clear from the links I was able to find
i have to show nothing after for nearly a decade most german IT
magazines had articles about that topic written by law experts
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:19:09 +0100
Reindl Harald <h....@thelounge.net> wrote:
> > Is it? Could you perhaps point me to the EU directive stating this?
> > I'm sure there must be lots of qualifications
> in germany 2 years jail
It says: "Whoever unlawfully deletes, modifies, suppresses..."
You have to show that silently discarding spam (assuming you've
informed the users you do this up-front) is "unlawful". That's
not clear from the links I was able to find.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Joe Quinn <jq...@pccc.com>.
On 3/26/2015 9:19 AM, Reindl Harald wrote:
>
>
> Am 26.03.2015 um 14:13 schrieb David F. Skoll:
>> On Thu, 26 Mar 2015 14:02:19 +0100
>> Robert Schetterer <rs...@sys4.de> wrote:
>>
>>> Silent discard mail is mostly forbidden in the EU,
>>
>> Is it? Could you perhaps point me to the EU directive stating this?
>> I'm sure there must be lots of qualifications
>
> in germany 2 years jail
>
> § 303a StGB -
> Datenveränderung
>
> (1) Wer rechtswidrig Daten (§ 202a Abs. 2) löscht, unterdrückt,
> unbrauchbar macht oder verändert, wird mit Freiheitsstrafe bis zu zwei
> Jahren oder mit Geldstrafe bestraft
>
That's just the penalty clause, it doesn't define what's considered
unlawful deletion of data.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 14:13 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:02:19 +0100
> Robert Schetterer <rs...@sys4.de> wrote:
>
>> Silent discard mail is mostly forbidden in the EU,
>
> Is it? Could you perhaps point me to the EU directive stating this?
> I'm sure there must be lots of qualifications
in germany 2 years jail
§ 303a StGB -
Datenveränderung
(1) Wer rechtswidrig Daten (§ 202a Abs. 2) löscht, unterdrückt,
unbrauchbar macht oder verändert, wird mit Freiheitsstrafe bis zu zwei
Jahren oder mit Geldstrafe bestraft
Re: Spamassassin not catching spam (Follow-up)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 11:23 AM, Robert Schetterer wrote:
> Am 26.03.2015 um 16:03 schrieb Kevin A. McGrail:
>> On 3/26/2015 9:54 AM, Robert Schetterer wrote:
>>> so again , there are exceptions, but in general you are not allowed
>>> to silent discard mail in germany.
>> Unless there are MASSIVE translation issues, the answer is exactly what
>> DFS proposed: consent from the users of the system.
>>
>> From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html
>>
>>
>> Solution to the dilemma
>>
>> A solution to this problem is the consent of the recipient to delete the
>> e-mails that must be present in advance. In this case, the application
>> of the above paragraphs is excluded, legally it is called a "factual
>> negative consent".
>>
>>
>> Is that translation accurate?
> As i wrote you "may" be contracted and allowed
> to filter and discard mail by/for a customer.
>
> But you better should have a good legal office in case of trouble
>
> Most people here avoid such potentially struggle, cause they are not
> very hardly needed. The common way is not to do silent discard mail.
So I am assuming that means the translation is accurate. I think that's
a key point that we are saying, we do this to protect our users and with
their full consent. Should a firewall let attacks through if it's a
DDoS on your email servers because there could be legitimate mail? What
right and responsibility do you have to protect your users and network?
Overall, from what I've seen, the legal woes have the proper exemptions
that if you have a good legal adviser, a good technical team and you are
willing to fight conformity, there is an opportunity to improve on the
competition!
Regards,
KAM
Re: Spamassassin not catching spam (Follow-up)
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 16:03 schrieb Kevin A. McGrail:
> On 3/26/2015 9:54 AM, Robert Schetterer wrote:
>> so again , there are exceptions, but in general you are not allowed
>> to silent discard mail in germany.
> Unless there are MASSIVE translation issues, the answer is exactly what
> DFS proposed: consent from the users of the system.
>
> From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html
>
>
> Solution to the dilemma
>
> A solution to this problem is the consent of the recipient to delete the
> e-mails that must be present in advance. In this case, the application
> of the above paragraphs is excluded, legally it is called a "factual
> negative consent".
>
>
> Is that translation accurate?
As i wrote you "may" be contracted and allowed
to filter and discard mail by/for a customer.
But you better should have a good legal office in case of trouble
Most people here avoid such potentially struggle, cause they are not
very hardly needed. The common way is not to do silent discard mail.
And yes ,US people mostly dont understand that culture thing *g
>
> Regards,
> KAM
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 9:54 AM, Robert Schetterer wrote:
> so again , there are exceptions, but in general you are not allowed
> to silent discard mail in germany.
Unless there are MASSIVE translation issues, the answer is exactly what
DFS proposed: consent from the users of the system.
From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html
Solution to the dilemma
A solution to this problem is the consent of the recipient to delete the
e-mails that must be present in advance. In this case, the application
of the above paragraphs is excluded, legally it is called a "factual
negative consent".
Is that translation accurate?
Regards,
KAM
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 17:27:03 -0600
"@lbutlr" <kr...@kreme.com> wrote:
> > ]]] If action is taken in the delivery process, with the result
> > that the ]]] message does not reach its goal, the e-mail is
> > "suppressed".
> > How does that not apply to a 5xx reject?
> Because a reject happens before the delivery process even begins.
No. The Heise article (if my memory serves) considers the delivery
process to have begun as soon as the SMTP connection is established.
Furthermore, a 5xx-Reject and 2xx-Discard after DATA happen at *EXACTLY*
the same time, so you cannot say the delivery process "hasn't even begun"
for the 5xx but has for the 2xx. The timing is identical.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by "@lbutlr" <kr...@kreme.com>.
On 26 Mar 2015, at 08:05 , David F. Skoll <df...@roaringpenguin.com> wrote:
>
> On Thu, 26 Mar 2015 14:54:07 +0100
> Robert Schetterer <rs...@sys4.de> wrote:
>
>> Uff , why should i waste my time in telling you the untruth...
>
> I took a look at the Heise article and Google Translate says:
>
> ]]] If action is taken in the delivery process, with the result that the
> ]]] message does not reach its goal, the e-mail is "suppressed".
>
> How does that not apply to a 5xx reject?
Because a reject happens before the delivery process even begins.
--
'Everything will be all right. From History's point of view, that is.
There really isn't any other.'
Re: German law 303a (was Re: Spamassassin not catching spam (Follow-up))
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 16:39 schrieb David F. Skoll:
> I find this discussion intriguing. The German law cited earlier also
> forbids you from changing data (original German word "verändert" ---
> did I get that right?)
>
> It seems to me this could make subject tagging illegal. In fact, a rigid
> interpretation could make SMTP illegal since you add a Received: header
> at each hop, and that's certainly modifying the data being transmitted.
>
> I believe this is a case of non-technical legislators completely failing
> to forsee the logical consequences of their law. :)
that may all be true and like won't matter most of the time
it starts to matter if you silent discard a important message and some
large party with a good laywer pretends he lost xxx $ money because of
the not happened resend or contact over a dfiierent medium in the
assumption the mail was delivered
yes i am aware that one could pretend not got a mail anyways, but in
that case you can prove at least the delivery to the mailbox with your
logs, if your last log entry is "discarded" you are out of luck
Re: German law 303a (was Re: Spamassassin not catching spam (Follow-up))
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 16:39 schrieb David F. Skoll:
> I find this discussion intriguing. The German law cited earlier also
> forbids you from changing data (original German word "verändert" ---
> did I get that right?)
>
> It seems to me this could make subject tagging illegal. In fact, a rigid
> interpretation could make SMTP illegal since you add a Received: header
> at each hop, and that's certainly modifying the data being transmitted.
>
> I believe this is a case of non-technical legislators completely failing
> to forsee the logical consequences of their law. :)
>
> Regards,
>
> David.
>
Common legal accepted practice is
silent discard mail is forbidden, tagging mail is allowed
reject mail is allowed anyway, exception is virus mail as averting of a
danger. If its your personal mail you can do what you want.
As mail provider you may get contracted to filter. But be sure to have
good legal advice if your filter does silent discard. Thats best
practice for over 10 years now.
And yes laws may miracle included everywhere, there are tons of them in
the US i will never understand too *g
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
German law 303a (was Re: Spamassassin not catching spam
(Follow-up))
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
I find this discussion intriguing. The German law cited earlier also
forbids you from changing data (original German word "verändert" ---
did I get that right?)
It seems to me this could make subject tagging illegal. In fact, a rigid
interpretation could make SMTP illegal since you add a Received: header
at each hop, and that's certainly modifying the data being transmitted.
I believe this is a case of non-technical legislators completely failing
to forsee the logical consequences of their law. :)
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 15:57:14 +0100
Robert Schetterer <rs...@sys4.de> wrote:
> David, reject means your server dont take a mail, the sender
> mailserver may bounce it back, after some time , its not your job to
> take care of that.
Yes, I'm pretty sure I understand the difference between reject and discard.
What I cannot understand is why you (seem to?) think that "rejecting"
mail because of unwanted content is legal, but "discarding" it is not. I
post again the English translation of the Heise article; perhaps the original
German is cleared, but anyway:
]]] If action is taken in the delivery process, with the result that the
]]] message does not reach its goal, the e-mail is "suppressed".
So purely with respect to the law, how is "reject" different from "discard"?
In either case, "action is taken" such that "the message does not reach
its goal".
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 15:05 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:54:07 +0100
> Robert Schetterer <rs...@sys4.de> wrote:
>
>> Uff , why should i waste my time in telling you the untruth...
>
> I took a look at the Heise article and Google Translate says:
>
> ]]] If action is taken in the delivery process, with the result that the
> ]]] message does not reach its goal, the e-mail is "suppressed".
>
> How does that not apply to a 5xx reject?
>
> I looked at Joerg Heidrich's site briefly, but couldn't find anything
> specifically addressing this topic. Similarly on the sys4.de site.
>
> Regards,
>
> David.
>
David, reject means your server dont take a mail, the sender mailserver
may bounce it back, after some time , its not your job to take care of that.
Silent discard mail means you take a mail and destroy it ( cause you
feel free to do it), the sender and/or recipient has no chance to notice
what ever happend to that mail.
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:54:07 +0100
Robert Schetterer <rs...@sys4.de> wrote:
> Uff , why should i waste my time in telling you the untruth...
I took a look at the Heise article and Google Translate says:
]]] If action is taken in the delivery process, with the result that the
]]] message does not reach its goal, the e-mail is "suppressed".
How does that not apply to a 5xx reject?
I looked at Joerg Heidrich's site briefly, but couldn't find anything
specifically addressing this topic. Similarly on the sys4.de site.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 14:36 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:29:01 +0100
> Robert Schetterer <rs...@sys4.de> wrote:
>
>> As i wrote, there maybe exceptions, but in general
>> youre not allowed to silent discard any mail ( unless its your own ,
>> or its a virus )
>
> Well, seeing as we have customers in the EU, I really would like to see
> the text of the directive as well as any case law you can cite regarding
> spam filtering. Do you have a link?
>
> Regards,
>
> David.
>
Uff , why should i waste my time in telling you the untruth...
http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html
Heise/CT is one of the biggest It magazines in Germany
http://www.recht-im-internet.de/
Joerg Heidrich is one of the most famos It lawers in Germany
co founder
https://sys4.de
so again , there are exceptions, but in general you are not allowed
to silent discard mail in germany.
I never ever thought to do so , or didnt found another tec way to avoid it.
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:29:01 +0100
Robert Schetterer <rs...@sys4.de> wrote:
> As i wrote, there maybe exceptions, but in general
> youre not allowed to silent discard any mail ( unless its your own ,
> or its a virus )
Well, seeing as we have customers in the EU, I really would like to see
the text of the directive as well as any case law you can cite regarding
spam filtering. Do you have a link?
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 14:13 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:02:19 +0100
> Robert Schetterer <rs...@sys4.de> wrote:
>
>> Silent discard mail is mostly forbidden in the EU,
>
> Is it? Could you perhaps point me to the EU directive stating this?
> I'm sure there must be lots of qualifications.
As i wrote, there maybe exceptions, but in general
youre not allowed to silent discard any mail ( unless its your own , or
its a virus )
Different countries , different cultures, its not a secret
that in the US its not done that strict. No need to flame.
The best advice in any case is avoid silent discard mail, there should
be better options anytime anyplace.
>
> Regards,
>
> David.
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 14:02:19 +0100
Robert Schetterer <rs...@sys4.de> wrote:
> Silent discard mail is mostly forbidden in the EU,
Is it? Could you perhaps point me to the EU directive stating this?
I'm sure there must be lots of qualifications.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Robert Schetterer <rs...@sys4.de>.
Am 26.03.2015 um 13:40 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 11:36:36 +0100
> Reindl Harald <h....@thelounge.net> wrote:
>
>> What make you think you have the right to put a mail for a different
>> person to /dev/null without reject it proper and so sender nor RCPT
>> are aware?
>
> People who sign up for our service do so knowing that we sometimes
> silently discard spam. If they don't agree, then they don't have to
> use our service.
>
> Regards,
>
> David.
>
Silent discard mail is mostly forbidden in the EU, but
someone may do so with its own mail.
Policy differ with virus mails, but not for spam.
There maybe exceptions, if your customer explicit contracted and allowed
you to discard his mail ( i am no lawer ). Best way is reject on smtp
income level
tagging the rest, differ handling "may" lead to legal trouble..., also
typical quarantaine "may" lead to equal legal trouble.
Using silent discard for avoiding backscatter reasons is bad design and
should not be needed.
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Thu, 26 Mar 2015 11:36:36 +0100
Reindl Harald <h....@thelounge.net> wrote:
> What make you think you have the right to put a mail for a different
> person to /dev/null without reject it proper and so sender nor RCPT
> are aware?
People who sign up for our service do so knowing that we sometimes
silently discard spam. If they don't agree, then they don't have to
use our service.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 11:27 schrieb Niamh Holding:
> Hello Reindl,
>
> Thursday, March 26, 2015, 10:20:15 AM, you wrote:
>
> RH> and everybody acting that way for mails which are not only his own
> RH> should refrain from maintain a mailserver because he is playing lottery
> RH> with other peolles communication
>
> What make you think you have the right to tell me what's appropriate in
> our setup?
>
> Arrogant or what?
What make you think you have the right to put a mail for a different
person to /dev/null without reject it proper and so sender nor RCPT are
aware?
Arrogant or what?
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Reindl,
Thursday, March 26, 2015, 10:20:15 AM, you wrote:
RH> and everybody acting that way for mails which are not only his own
RH> should refrain from maintain a mailserver because he is playing lottery
RH> with other peolles communication
What make you think you have the right to tell me what's appropriate in
our setup?
Arrogant or what?
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail:
> On 3/26/2015 2:53 AM, Reindl Harald wrote:
>>
>> Am 26.03.2015 um 01:25 schrieb David F. Skoll:
>>> On Wed, 25 Mar 2015 16:08:34 -0600
>>> "@lbutlr" <kr...@kreme.com> wrote:
>>>> You can reject who you want in Germany too, you just can___t delete a
>>>> message that you___ve already accepted.
>>>
>>> What does "accepted" mean? Redirecting a message to /dev/null means you
>>> didn't accept it
>>
>> accepted means your SMTP sevrer responded with a 250 status code and
>> not with a 4x temporary or 5x permanent error aka rejected the message
>>
>> don't get me wrong but that's absolute basics
>
> And that is a silent discard. You are accepting responsibility for the
> email, telling no one anything more and discarding it with out DSN/NDR
and everybody acting that way for mails which are not only his own
should refrain from maintain a mailserver because he is playing lottery
with other peolles communication
Re: Spamassassin not catching spam (Follow-up)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/26/2015 2:53 AM, Reindl Harald wrote:
>
> Am 26.03.2015 um 01:25 schrieb David F. Skoll:
>> On Wed, 25 Mar 2015 16:08:34 -0600
>> "@lbutlr" <kr...@kreme.com> wrote:
>>> You can reject who you want in Germany too, you just can___t delete a
>>> message that you___ve already accepted.
>>
>> What does "accepted" mean? Redirecting a message to /dev/null means you
>> didn't accept it
>
> accepted means your SMTP sevrer responded with a 250 status code and
> not with a 4x temporary or 5x permanent error aka rejected the message
>
> don't get me wrong but that's absolute basics
And that is a silent discard. You are accepting responsibility for the
email, telling no one anything more and discarding it with out DSN/NDR.
Regards,
KAM
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.03.2015 um 01:25 schrieb David F. Skoll:
> On Wed, 25 Mar 2015 16:08:34 -0600
> "@lbutlr" <kr...@kreme.com> wrote:
>> You can reject who you want in Germany too, you just can___t delete a
>> message that you___ve already accepted.
>
> What does "accepted" mean? Redirecting a message to /dev/null means you
> didn't accept it
accepted means your SMTP sevrer responded with a 250 status code and not
with a 4x temporary or 5x permanent error aka rejected the message
don't get me wrong but that's absolute basics
Re: Spamassassin not catching spam (Follow-up)
Posted by "@lbutlr" <kr...@kreme.com>.
> On 25 Mar 2015, at 18:25 , David F. Skoll <df...@roaringpenguin.com> wrote:
>
> On Wed, 25 Mar 2015 16:08:34 -0600
> "@lbutlr" <kr...@kreme.com> wrote:
>
>> There is a difference between ___block___ and ___silently discard___.
>
>> Blocking is fine, silently discarding is just evil and should be
>> illegal everywhere.
>
> Nonsense.
You are entitled to your opinion of course.
> Silently discarding is sometimes the only sensible thing to do.
If you are certain it is spam, reject it before you accept it. If you have accepted it, the file it somewhere where the recipient has a chance to get to it.
> If you have users with different spam settings (or perhaps some who have
> opted-out of spam-scanning completely), there's no sensible way to
> handle a multi-recipient message. You either have to tempfail all
> recipients after the first so you can process with each recipient's
> settings during SMTP, which is horrible, or you have to generate DSNs
> for the recipients who reject the message, which will get you
> blacklisted as a backscatterer.
How do you figure that? You deliver the message if it passes your border checks. If you think it’s spam after that, you can deliver it to the recipient’s spam folders where they are free to ignore it. You do NOT throw it away.
>> You can reject who you want in Germany too, you just can___t delete a
>> message that you___ve already accepted.
>
> What does "accepted" mean? Redirecting a message to /dev/null means you
> didn't accept it.
When your mailserver says “OK, I’ve received the message and am closing the transaction”, you’ve accepted it.
> I used to be in the "never silently discard camp", but unfortunately the
> email environment has become so hostile that I can no longer keep the
> promise of the original SMTP that a message is either delivered or
> the sender notified of non-delivery. Promising that in every single
> case is, alas, no longer feasible.
How does that follow? Don’t discard the message and there’s no problem.
--
One tequila, two tequila, three tequila, floor.
Re: Spamassassin not catching spam (Follow-up)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Wed, 25 Mar 2015 16:08:34 -0600
"@lbutlr" <kr...@kreme.com> wrote:
> There is a difference between ___block___ and ___silently discard___.
> Blocking is fine, silently discarding is just evil and should be
> illegal everywhere.
Nonsense.
Silently discarding is sometimes the only sensible thing to do. If
you have users with different spam settings (or perhaps some who have
opted-out of spam-scanning completely), there's no sensible way to
handle a multi-recipient message. You either have to tempfail all
recipients after the first so you can process with each recipient's
settings during SMTP, which is horrible, or you have to generate DSNs
for the recipients who reject the message, which will get you
blacklisted as a backscatterer.
> You can reject who you want in Germany too, you just can___t delete a
> message that you___ve already accepted.
What does "accepted" mean? Redirecting a message to /dev/null means you
didn't accept it.
I used to be in the "never silently discard camp", but unfortunately the
email environment has become so hostile that I can no longer keep the
promise of the original SMTP that a message is either delivered or
the sender notified of non-delivery. Promising that in every single
case is, alas, no longer feasible.
Regards,
David.
Re: Spamassassin not catching spam (Follow-up)
Posted by "@lbutlr" <kr...@kreme.com>.
On 25 Mar 2015, at 06:34 , Nick Edwards <ni...@gmail.com> wrote:
> It only applies to German based providers, located in Germany, serving Germany.
> A similar rule applies in Sweden too, and there are exceptions.
There is a difference between “block” and “silently discard”.
Blocking is fine, silently discarding is just evil and should be illegal everywhere.
> I can reject who or what I want, because I'm not based in Germany,
You can reject who you want in Germany too, you just can’t delete a message that you’ve already accepted.
--
people didn't seem to be able to remember what it was like with the
elves around. Life was certainly more interesting then, but usually
because it was shorter. And it was more colourful, if you liked the
colour of blood. --Lords and Ladies
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/25/15, Reindl Harald <h....@thelounge.net> wrote:
>
> Am 25.03.2015 um 13:34 schrieb Nick Edwards:
>> It only applies to German based providers, located in Germany, serving
>> Germany.
>> A similar rule applies in Sweden too, and there are exceptions.
>>
>> I can reject who or what I want
>
> well, start with understand the difference between reject and discard
>
we reject and discard crap all the time here in hong kong, our
secondaries in hamburg, and in texas. I'm not revealing the SA score
we use to discard but it works perfect for us.
Anyway, your Austrian not German.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 13:34 schrieb Nick Edwards:
> It only applies to German based providers, located in Germany, serving Germany.
> A similar rule applies in Sweden too, and there are exceptions.
>
> I can reject who or what I want
well, start with understand the difference between reject and discard
Re: Spamassassin not catching spam (Follow-up)
Posted by Nick Edwards <ni...@gmail.com>.
On 3/25/15, Niamh Holding <ni...@fullbore.co.uk> wrote:
>
> Hello Reindl,
>
> Wednesday, March 25, 2015, 9:51:48 AM, you wrote:
>
> RH> i don't know the UK laws but in germany it's for sure not allowed
> RH> because it's legally classified identical to a postman says "meh i don't
>
> RH> walk to go upstairs today and throw the letter away"
>
> RH> if you pretend to provide relieable mailservices it should be logically
>
> RH> that discard instead reject so that none of both parties can take notice
>
> RH> in case of false positives is not that smart
>
> Better go tel MS as that's exactly what hotmail and live do.
>
It only applies to German based providers, located in Germany, serving Germany.
A similar rule applies in Sweden too, and there are exceptions.
I can reject who or what I want, because I'm not based in Germany,
however we do have multiple mx backups there, but not directly
providing a service directly to Germans, we can block who we want.
> --
> Best regards,
> Niamh mailto:niamh@fullbore.co.uk
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Reindl,
Wednesday, March 25, 2015, 9:51:48 AM, you wrote:
RH> i don't know the UK laws but in germany it's for sure not allowed
RH> because it's legally classified identical to a postman says "meh i don't
RH> walk to go upstairs today and throw the letter away"
RH> if you pretend to provide relieable mailservices it should be logically
RH> that discard instead reject so that none of both parties can take notice
RH> in case of false positives is not that smart
Better go tel MS as that's exactly what hotmail and live do.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.03.2015 um 10:45 schrieb Niamh Holding:
> Hello Reindl,
>
> Tuesday, March 24, 2015, 11:40:39 PM, you wrote:
>
> RH> you are not allowed to silent discard mail
>
> Could you please quote the relevant section of UK law which pertains?
i don't know the UK laws but in germany it's for sure not allowed
because it's legally classified identical to a postman says "meh i don't
walk to go upstairs today and throw the letter away"
if you pretend to provide relieable mailservices it should be logically
that discard instead reject so that none of both parties can take notice
in case of false positives is not that smart
Re: Spamassassin not catching spam (Follow-up)
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Reindl,
Tuesday, March 24, 2015, 11:40:39 PM, you wrote:
RH> you are not allowed to silent discard mail
Could you please quote the relevant section of UK law which pertains?
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 24.03.2015 um 23:13 schrieb Alex Regan:
> Spamassassin already verifies authenticity, although not pre-queue
whatever setup *not* pre-queue is wrong as long the server is not a
personal machine because you are not allowed to silent discard mail as
well you *must not* send bounces as response to spam
if you deliver me all spam message into some folder instead only a small
percentage for review i don't need a filter at all
Re: Spamassassin not catching spam (Follow-up)
Posted by Alex Regan <my...@gmail.com>.
Hi,
>> I contacted the list a couple of weeks ago about SA not missing a lot of
>> spam I thought it should be catching. There duplicates of message that I
>> had put through sa-learn, that were still getting passed. One of the
>> suggestions offered here, after posting my command line here, was that I
>> should run sa-learn as the user not, as root (silly mistake). That did
>> improve SA’s ability to catch spam. It cut it down to ~1/2, but I
>> thought there was more I could do. So, after more digging, I found this
>> script:
>> http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
>> I had been using the default Ubuntu configuration, but after
>> implementing this script, I’ve found SA catching ~90-95% of the spam. So
>> my faith is now restored
>
> well, a better setup would run spamassassin via milter *before-queue*
> and proper reject junk at SMTP level - so you have a tag level let say
> between 5.5 and 7.9 points and reject above 8.0
>
> the flagged ones can go in a seperate folder via sieve and the absolute
> high score junk is proper rejected and with some luck the spam attempts
> go down at all
>
> http://www.postfix.org/MILTER_README.html
If you're already using amavisd with postfix and postscreen, would there
be any benefit to considering a milter in this way?
Spamassassin already verifies authenticity, although not pre-queue, but
I'm not sure that's enough for me to introduce another set of
applications to manage...
Thanks,
Alex
Re: Spamassassin not catching spam (Follow-up)
Posted by Lorenzo Thurman <lo...@thethurmans.com>.
> On Mar 24, 2015, at 2:26 PM, Reindl Harald <h....@thelounge.net> wrote:
>
>
>
> Am 24.03.2015 um 20:10 schrieb Lorenzo Thurman:
>> I contacted the list a couple of weeks ago about SA not missing a lot of
>> spam I thought it should be catching. There duplicates of message that I
>> had put through sa-learn, that were still getting passed. One of the
>> suggestions offered here, after posting my command line here, was that I
>> should run sa-learn as the user not, as root (silly mistake). That did
>> improve SA’s ability to catch spam. It cut it down to ~1/2, but I
>> thought there was more I could do. So, after more digging, I found this
>> script:
>> http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
>> I had been using the default Ubuntu configuration, but after
>> implementing this script, I’ve found SA catching ~90-95% of the spam. So
>> my faith is now restored
>
> well, a better setup would run spamassassin via milter *before-queue* and proper reject junk at SMTP level - so you have a tag level let say between 5.5 and 7.9 points and reject above 8.0
>
> the flagged ones can go in a seperate folder via sieve and the absolute high score junk is proper rejected and with some luck the spam attempts go down at all
>
> http://www.postfix.org/MILTER_README.html
>
Thank you. I’ll look into this as well.
Re: Spamassassin not catching spam (Follow-up)
Posted by Reindl Harald <h....@thelounge.net>.
Am 24.03.2015 um 20:10 schrieb Lorenzo Thurman:
> I contacted the list a couple of weeks ago about SA not missing a lot of
> spam I thought it should be catching. There duplicates of message that I
> had put through sa-learn, that were still getting passed. One of the
> suggestions offered here, after posting my command line here, was that I
> should run sa-learn as the user not, as root (silly mistake). That did
> improve SA’s ability to catch spam. It cut it down to ~1/2, but I
> thought there was more I could do. So, after more digging, I found this
> script:
> http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
> I had been using the default Ubuntu configuration, but after
> implementing this script, I’ve found SA catching ~90-95% of the spam. So
> my faith is now restored
well, a better setup would run spamassassin via milter *before-queue*
and proper reject junk at SMTP level - so you have a tag level let say
between 5.5 and 7.9 points and reject above 8.0
the flagged ones can go in a seperate folder via sieve and the absolute
high score junk is proper rejected and with some luck the spam attempts
go down at all
http://www.postfix.org/MILTER_README.html