You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/12/22 20:58:24 UTC
Re: I'm afraid I might have to report this list as a spam source
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim C. Nasby writes:
> BTW, this email is a great example of why it's a horrible idea to filter
> mail based on an RBL. It's surprising to me that the SA lists aren't
> just run through SA. Spam making it past that is a good indication of
> where SA could be improved afterall.
Agreed ;)
However, as an Apache project, we're hosting our lists at apache.org, and
they get *insane* quantities of spam, viruses, and blowback -- far too
many for the hardware to cope with, without upfront DNSBL use, apparently.
It's not our call alone -- it's up to the ASF infrastructure volunteers.
We can *ask* them nicely, but considering we get it for free, it's
their call.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFDqwVgMJF5cimLx9ARAmBrAJwL0SyafdePYX9fYvmLTl+j/RbNfQCgo+Pf
eiF43WUr/VmOt3nRVaAB/RI=
=MRin
-----END PGP SIGNATURE-----
Re: I'm afraid I might have to report this list as a spam source
Posted by "M.S. Lucas" <ms...@taos-it.nl>.
From: "Craig McLean" <cr...@fukka.co.uk>
> Kai Schaetzl wrote:
>> Craig McLean wrote on Fri, 23 Dec 2005 16:02:47 +0000:
>>
>>> I'll disagree with you here, I have had to contact the list-owner to get
>>> a dynamic address unsubscribed
>>
>> You mean an address for which you sent email from dynamic IP space?
>> Honestly, and not meant to be offensive, but if you do that that's your
>> problem you should know better. I don't accept such mail either. And
>> don't
>> tell me you cannot send mail another way.
>
> You're missing the point. I *subscribed* with a dyndns-style address in
> a dynamic space, then couldn't *unsubscribe* it because the list bounced
> everything. This was even when using my ISPs SMTP relay smarthost-style.
> I'm still posting from the same IP range, but using a "real" domainname,
> and never seem to have a problem hitting the list, but the list
> management addresses may be a different matter.
Bounce back a message to the ezmlm software from the offending emailaddress.
Ezmlm will see this and send you a probe. Bounce back that probe and you
will be removed from the mailinglist.
It is not a nice methode but a working one. This is told you by Tony Finch
at 22-12-05.
Maurice Lucas
Re: I'm afraid I might have to report this list as a spam source
Posted by Kai Schaetzl <ma...@conactive.com>.
Craig McLean wrote on Tue, 27 Dec 2005 19:30:03 +0000:
> craig.dnsalias.com is a dynamic DNS domain provided by dyndns.com.
Ok, I see. There's no good reason to reject such a domain by it's name.
> In my case, my IP is supposedly dynamic, in that it's in a dynamic
> range, but in reality hasn't changed in over a year. That's why I got
> fukka.co.uk and just pointed it at this year-old IP lease.
Well, no matter how long your lease is if it is advertised as dynmaic there's
good reason to reject it, though ;-) So, if you send mail directly from that
address it can bounce if it is known to RBLs, but not because of the
dnsalias.com email address. However, they might have their own ACL and put
dnsalias.com in there because of bad experience.
> No idea, it was months ago and the mails have been removed.
Ah, sorry, I confused you with the original poster. I guess we have beaten this
to death now :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: I'm afraid I might have to report this list as a spam source
Posted by Craig McLean <cr...@fukka.co.uk>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kai Schaetzl wrote:
> Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +0000:
>
>> I *subscribed* with a dyndns-style address in
>> a dynamic space, then couldn't *unsubscribe* it because the list bounced
>> everything. This was even when using my ISPs SMTP relay smarthost-style.
>
> I don't know what a "dyndns-style address" is.
e.g. craig@craig.dnsalias.com.
craig.dnsalias.com is a dynamic DNS domain provided by dyndns.com.
It's specifically designed for people who want to have a domain-name,
but have dynamic IP addresses. It generally gives very short leases, and
uses a client daemon to update your entry in the zone.
In my case, my IP is supposedly dynamic, in that it's in a dynamic
range, but in reality hasn't changed in over a year. That's why I got
fukka.co.uk and just pointed it at this year-old IP lease.
> An RBL will include IP numbers not email addresses.
Yep. I was aware of that.
> If your mail is bounced even when sending over
> a smarthost then something may be broken. What *is* the reason given in the
> bounced message?
No idea, it was months ago and the mails have been removed. I remember
them not giving any useful information other than something curt about
dialup addresses and being, if I recall, from an unexpected (to me at
least) address in Scandinavia.
C.
- --
Craig McLean http://fukka.co.uk
craig@fukka.co.uk Where the fun never starts
Powered by FreeBSD, and GIN!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDsZY7MDDagS2VwJ4RAmOyAKDxahZ1bfsRsu4mmUVOFYPu+yh+hQCfda3N
Nwpp5PhP0ryqicMB5lMa2m4=
=+uzO
-----END PGP SIGNATURE-----
Re: I'm afraid I might have to report this list as a spam source
Posted by Kai Schaetzl <ma...@conactive.com>.
Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +0000:
> I *subscribed* with a dyndns-style address in
> a dynamic space, then couldn't *unsubscribe* it because the list bounced
> everything. This was even when using my ISPs SMTP relay smarthost-style.
I don't know what a "dyndns-style address" is. An RBL will include IP
numbers not email addresses. If your mail is bounced even when sending over
a smarthost then something may be broken. What *is* the reason given in the
bounced message?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: I'm afraid I might have to report this list as a spam source
Posted by Craig McLean <cr...@fukka.co.uk>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kai Schaetzl wrote:
> Craig McLean wrote on Fri, 23 Dec 2005 16:02:47 +0000:
>
>> I'll disagree with you here, I have had to contact the list-owner to get
>> a dynamic address unsubscribed
>
> You mean an address for which you sent email from dynamic IP space?
> Honestly, and not meant to be offensive, but if you do that that's your
> problem you should know better. I don't accept such mail either. And don't
> tell me you cannot send mail another way.
You're missing the point. I *subscribed* with a dyndns-style address in
a dynamic space, then couldn't *unsubscribe* it because the list bounced
everything. This was even when using my ISPs SMTP relay smarthost-style.
I'm still posting from the same IP range, but using a "real" domainname,
and never seem to have a problem hitting the list, but the list
management addresses may be a different matter.
C.
- --
Craig McLean http://fukka.co.uk
craig@fukka.co.uk Where the fun never starts
Powered by FreeBSD, and GIN!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDrqPxMDDagS2VwJ4RAnS4AKDXkh1Gb86tKs/7/uTaIxwM5uiiXACgoru+
W95JsHh1QSu6ixEVRn07814=
=jCh+
-----END PGP SIGNATURE-----
Re: I'm afraid I might have to report this list as a spam source
Posted by Kai Schaetzl <ma...@conactive.com>.
Jim C. Nasby wrote on Sun, 25 Dec 2005 21:21:23 -0600:
> Hence my suggestion for a version/option on SA that was meant to be
> extremely fast so that MTAs could use it while an email is inbound. That
> would allow (for example) hitting a number of RBLs and scoring them,
> instead of using a single RBL as a go/no-go decision.
You can do this with other software, f.i. MailScanner.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: I'm afraid I might have to report this list as a spam source
Posted by mouss <us...@free.fr>.
Jim C. Nasby a écrit :
>
> Hence my suggestion for a version/option on SA that was meant to be
> extremely fast so that MTAs could use it while an email is inbound. That
> would allow (for example) hitting a number of RBLs and scoring them,
> instead of using a single RBL as a go/no-go decision.
look at policyd-weight. This is a postfix policy service that uses a
score based system.
Re: I'm afraid I might have to report this list as a spam source
Posted by Gary V <mr...@hotmail.com>.
>Hence my suggestion for a version/option on SA that was meant to be
>extremely fast so that MTAs could use it while an email is inbound. That
>would allow (for example) hitting a number of RBLs and scoring them,
>instead of using a single RBL as a go/no-go decision.
>--
>Jim C. Nasby, Database Architect decibel@decibel.org
I believe it would then have to be MTA specific as SpamAssassin is not
always (not normally) used during the SMTP client conversation.
If you use Postfix, you can gain this type of functionality; see:
http://www.policyd-weight.org/
or possibly:
http://sourceforge.net/project/showfiles.php?group_id=135331
Gary V
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Re: I'm afraid I might have to report this list as a spam source
Posted by "Jim C. Nasby" <de...@decibel.org>.
On Sat, Dec 24, 2005 at 11:32:57PM +0100, Kai Schaetzl wrote:
> Well, ressource-wise it makes a difference if you run a million mails thru
> SA or if you can unload 90% at MTA level and run only the remaining 100.000
> thru SA.
Hence my suggestion for a version/option on SA that was meant to be
extremely fast so that MTAs could use it while an email is inbound. That
would allow (for example) hitting a number of RBLs and scoring them,
instead of using a single RBL as a go/no-go decision.
--
Jim C. Nasby, Database Architect decibel@decibel.org
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
Re: I'm afraid I might have to report this list as a spam source
Posted by mouss <us...@free.fr>.
Kai Schaetzl a écrit :
> Craig McLean wrote on Fri, 23 Dec 2005 16:02:47 +0000:
>
>
>>I'll disagree with you here, I have had to contact the list-owner to get
>>a dynamic address unsubscribed
>
>
> You mean an address for which you sent email from dynamic IP space?
> Honestly, and not meant to be offensive, but if you do that that's your
> problem you should know better. I don't accept such mail either. And don't
> tell me you cannot send mail another way.
>
sometimes people's ISP gets listed (for good or bad reasons), and that
can be a very frustrating situation. This may be considered as
collateral damage, of course. but it's still annoying.
>
>>"It's surprising to me that the SA lists aren't just run through SA.
>
>
> Well, ressource-wise it makes a difference if you run a million mails thru
> SA or if you can unload 90% at MTA level and run only the remaining 100.000
> thru SA.
This is absolutely true.... if you can find reliable RBLs. but
unfortunately, this is not as easy as we would like.
BTW is the list of subscribers available to the MTA, so that it can
reject non subscribers at MTA time? that won't help with forgeries, but
should reduce the load (not sure, but would be good to know if spammers
target the list without forging a subscriber's address).
Re: I'm afraid I might have to report this list as a spam source
Posted by Kai Schaetzl <ma...@conactive.com>.
Craig McLean wrote on Fri, 23 Dec 2005 16:02:47 +0000:
> I'll disagree with you here, I have had to contact the list-owner to get
> a dynamic address unsubscribed
You mean an address for which you sent email from dynamic IP space?
Honestly, and not meant to be offensive, but if you do that that's your
problem you should know better. I don't accept such mail either. And don't
tell me you cannot send mail another way.
> "It's surprising to me that the SA lists aren't just run through SA.
Well, ressource-wise it makes a difference if you run a million mails thru
SA or if you can unload 90% at MTA level and run only the remaining 100.000
thru SA.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: I'm afraid I might have to report this list as a spam source
Posted by Craig McLean <cr...@fukka.co.uk>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Hepworth wrote:
>
>
>> -----Original Message-----
>> From: Craig McLean [mailto:craig@fukka.co.uk]
>> Sent: 23 December 2005 16:03
>> To: users@spamassassin.apache.org
>> Subject: Re: I'm afraid I might have to report this list as a spam source
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Kai Schaetzl wrote:
>>> You are all speculating. No one knows why or if the original poster
>> can't
>>> unsubscribe.
>> I'll agree with that, to a point.
>>
>>> And, frankly, it was the first posting of this kind I've ever
>>> seen. It's not a problem at all.
>>>
>> I'll disagree with you here, I have had to contact the list-owner to get
>> a dynamic address unsubscribed because when I tried the normal channels
>> everything got bounced.
>> Maybe this guy is just the first to complain out loud?
>>
>> Anyway, I'll second (third?) Jim Nasby's comments that:
>>
>> "It's surprising to me that the SA lists aren't just run through SA.
>> Spam making it past that is a good indication of where SA could be
>> improved afterall."
>>
>> C.
>>
>
> But of course when people drop examples etc it'll get blocked. I have the SA
> list whitelisted other wise it's FP all over the place.
As is the oft-repeated mantra of this list:
"SA doesn't block mail, it scores it."
C.
- --
Craig McLean http://fukka.co.uk
craig@fukka.co.uk Where the fun never starts
Powered by FreeBSD, and GIN!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDrCVHMDDagS2VwJ4RAsDdAKD0rVshgzsCE1xzBlPpE9eSux7q+QCfbxJ3
XtA0kFwc1ZBBMaxNuEDAxXQ=
=bu5v
-----END PGP SIGNATURE-----
RE: I'm afraid I might have to report this list as a spam source
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
> -----Original Message-----
> From: Craig McLean [mailto:craig@fukka.co.uk]
> Sent: 23 December 2005 16:03
> To: users@spamassassin.apache.org
> Subject: Re: I'm afraid I might have to report this list as a spam source
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kai Schaetzl wrote:
> > You are all speculating. No one knows why or if the original poster
> can't
> > unsubscribe.
>
> I'll agree with that, to a point.
>
> > And, frankly, it was the first posting of this kind I've ever
> > seen. It's not a problem at all.
> >
>
> I'll disagree with you here, I have had to contact the list-owner to get
> a dynamic address unsubscribed because when I tried the normal channels
> everything got bounced.
> Maybe this guy is just the first to complain out loud?
>
> Anyway, I'll second (third?) Jim Nasby's comments that:
>
> "It's surprising to me that the SA lists aren't just run through SA.
> Spam making it past that is a good indication of where SA could be
> improved afterall."
>
> C.
>
But of course when people drop examples etc it'll get blocked. I have the SA
list whitelisted other wise it's FP all over the place.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: I'm afraid I might have to report this list as a spam source
Posted by Craig McLean <cr...@fukka.co.uk>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kai Schaetzl wrote:
> You are all speculating. No one knows why or if the original poster can't
> unsubscribe.
I'll agree with that, to a point.
> And, frankly, it was the first posting of this kind I've ever
> seen. It's not a problem at all.
>
I'll disagree with you here, I have had to contact the list-owner to get
a dynamic address unsubscribed because when I tried the normal channels
everything got bounced.
Maybe this guy is just the first to complain out loud?
Anyway, I'll second (third?) Jim Nasby's comments that:
"It's surprising to me that the SA lists aren't just run through SA.
Spam making it past that is a good indication of where SA could be
improved afterall."
C.
- --
Craig McLean http://fukka.co.uk
craig@fukka.co.uk Where the fun never starts
Powered by FreeBSD, and GIN!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDrB+nMDDagS2VwJ4RAr3EAJ9cvML0MGnq6cYMHYn+TFETxWREowCfUCRL
mmY3RsZCaMJVWmog7WPMot8=
=Xjch
-----END PGP SIGNATURE-----
Re: I'm afraid I might have to report this list as a spam source
Posted by Kai Schaetzl <ma...@conactive.com>.
You are all speculating. No one knows why or if the original poster can't
unsubscribe. And, frankly, it was the first posting of this kind I've ever
seen. It's not a problem at all.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: I'm afraid I might have to report this list as a spam source
Posted by us...@free.fr.
Selon Justin Mason <jm...@jmason.org>:
>
> However, as an Apache project, we're hosting our lists at apache.org, and
> they get *insane* quantities of spam, viruses, and blowback -- far too
> many for the hardware to cope with, without upfront DNSBL use, apparently.
>
sure, but:
- [philosopical] rejecting legitimate mail isn't the answer
- [practical] a mailing list that makes it hard to unsubscribe is no different
than a spammer that doesn't implement opt-out. an ML can reject mail from
someone, but can't continue to send him email if he wants to stop.
> It's not our call alone -- it's up to the ASF infrastructure volunteers.
> We can *ask* them nicely, but considering we get it for free, it's
> their call.
>
This explains the situation but doesn't solve the problem. I am certain that a
lot of people can host a mailing list for the popular spamassassin. otherwise,
we have a real problem:
- people can subscribe
- mail may be rejected for unreliable reasons
- people can't even unsubscribe
or am I to understand that "volunteer=open source=unreliable"???? fortunately
not. a single example is the dspam ML. it doesn't reject "sorbs slaves";-p
Re: I'm afraid I might have to report this list as a spam source
Posted by "Jim C. Nasby" <de...@decibel.org>.
On Thu, Dec 22, 2005 at 11:58:24AM -0800, Justin Mason wrote:
> However, as an Apache project, we're hosting our lists at apache.org, and
> they get *insane* quantities of spam, viruses, and blowback -- far too
> many for the hardware to cope with, without upfront DNSBL use, apparently.
>
> It's not our call alone -- it's up to the ASF infrastructure volunteers.
> We can *ask* them nicely, but considering we get it for free, it's
> their call.
Sounds to me what's needed is a sort of 'SA-uberfast' that can be used
as an MTA filter. For starters, this would allow for polling multiple
RBLs instead of filtering on the results of just one. (Yes, I know you
can poll multiple ones now, but the point is if you show up in any of
them you get dropped. This we each RBL could be assigned a weight, and
you only drop email based on total score).
Hmm.. there's other tests that could be done quickly as well; checking
for matching reverse DNS, for example.
And having a score of some kind available, you could also decide how to
handle the email based on the score. If the score is low, let the email
right in. If it's medium, greylist it. If it's high, drop it completely.
The one issue I can think of is this would have to perform better than a
full-blown SA check does. If much of SA's time is spent doing things
like BAYES checks then hopefully that wouldn't be an issue.
--
Jim C. Nasby, Database Architect decibel@decibel.org
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"