Political, organizational discussions

Adrian 'Dagurashibanipal' von Bidder | 1 May 2003 08:53

Picon

Re: spam sent to debian.org addresses

On Wednesday 30 April 2003 22:50, Matt Zimmerman wrote:
> On Tue, Apr 29, 2003 at 08:50:43PM +0200, Marco d'Itri wrote:
> > What's wrong with our mail system? Why can't the debian admins blacklist
> > a well known spammer, or even better use a reputable DNSBL like SBL?
> > I asked the same questions to the debian admins but nobody ever replied,
> > I'm sick of receiving every few days the same spam from the same
> > professional spammer which could be trivially filtered.
>
> If it can be so trivially filtered, just filter it on your end and forget
> about it.

A big part of the spam can be trivially blocked at the point where it enters 
the Debian servers, using DNSRBLs and other sensible restrictions. When it 
enters my mailer, it can not be trivially blocked as it comes from 
murphy.debian.org which is a mail server I want to accept mail from.

Note that I have no problem with the spam coming through the Debian list, they 
get tagged by spamassassin and moved into my spam folder where they get 
spamcopped. But nevertheless, Debian and the pgp-keyserver-folk mailing lists 
produce the majority of the spam I get on my system. Spam delivered directly 
to me mostly does not come through these days.

Note also that I know that I can afford to block very aggressively because 
it's my personal mailserver with only few users while the Debian mailserver 
can't block that aggressively (like, blocking on the whole of China and Korea 
is probably not a good idea...).

cheers
-- vbi

(Continue reading)

Matt Zimmerman | 1 May 2003 15:36

Picon

Re: spam sent to debian.org addresses

On Thu, May 01, 2003 at 08:53:31AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote:

> A big part of the spam can be trivially blocked at the point where it enters 
> the Debian servers, using DNSRBLs and other sensible restrictions. When it 
> enters my mailer, it can not be trivially blocked as it comes from 
> murphy.debian.org which is a mail server I want to accept mail from.

A lot of legitimate mail can be trivially blocked this way, as well, which
is why it doesn't make sense to drop it on the server side.

> Note also that I know that I can afford to block very aggressively because 
> it's my personal mailserver with only few users while the Debian mailserver 
> can't block that aggressively (like, blocking on the whole of China and Korea 
> is probably not a good idea...).

Agreed.

--

-- 
 - mdz

Marco d'Itri | 1 May 2003 22:27

Re: spam sent to debian.org addresses

mdz <at> debian.org wrote:

>A lot of legitimate mail can be trivially blocked this way, as well, which
>is why it doesn't make sense to drop it on the server side.
No. Using SBL definitely does not block "a lot" of legitimate mail.

--

-- 
ciao,
Marco

Robert Lemmen | 2 May 2003 11:56

Re: spam sent to debian.org addresses

On Thu, May 01, 2003 at 08:27:42PM +0000, Marco d'Itri wrote:
> >A lot of legitimate mail can be trivially blocked this way, as well, which
> >is why it doesn't make sense to drop it on the server side.
> No. Using SBL definitely does not block "a lot" of legitimate mail.

in some cases it does. using SPEWS for example would lead to all of my
mails being dropped because there is an online casino somewhere in my
providers netblock... (btw, does anybody know whats the problem with an
online casino???)

cu  robertle

Marco d'Itri | 2 May 2003 16:51

Re: spam sent to debian.org addresses

robertle <at> semistable.com wrote:

>> >A lot of legitimate mail can be trivially blocked this way, as well, which
>> >is why it doesn't make sense to drop it on the server side.
>> No. Using SBL definitely does not block "a lot" of legitimate mail.
>in some cases it does. using SPEWS for example would lead to all of my
Non sequitur. I wrote "SBL", not "SPEWS", "DSBL" or anything else.
SBL has near-zero false positives and is used by major companies and
governments from all over the world.

>mails being dropped because there is an online casino somewhere in my
>providers netblock... (btw, does anybody know whats the problem with an
>online casino???)
I assume the problem is that it's spam-advertised.

--

-- 
ciao,
Marco

Santiago Vila | 2 May 2003 13:53

Picon

Re: spam sent to debian.org addresses

On Fri, 2 May 2003, Robert Lemmen wrote:
> On Thu, May 01, 2003 at 08:27:42PM +0000, Marco d'Itri wrote:
> > >A lot of legitimate mail can be trivially blocked this way, as well, which
> > >is why it doesn't make sense to drop it on the server side.
> > No. Using SBL definitely does not block "a lot" of legitimate mail.
>
> in some cases it does. using SPEWS for example would lead to all of my
> mails being dropped because there is an online casino somewhere in my
> providers netblock...

I think he refers specifically to DSBL (see http://dsbl.org), *not*
every DNS-distributed IP blacklist.

I agree that Debian should use *some* IP blocking list. I didn't join
the project to receive lots of spam from verified spam sources.

> (btw, does anybody know whats the problem with an
> online casino???)

If they send spam, that's probably the problem.

Neil Schemenauer | 1 May 2003 18:49

Picon

Re: spam sent to debian.org addresses

Matt Zimmerman wrote:
> Adrian 'Dagurashibanipal' von Bidder wrote:
> 
> > A big part of the spam can be trivially blocked at the point where
> > it enters the Debian servers, using DNSRBLs and other sensible
> > restrictions. When it enters my mailer, it can not be trivially
> > blocked as it comes from murphy.debian.org which is a mail server I
> > want to accept mail from.
> 
> A lot of legitimate mail can be trivially blocked this way, as well,
> which is why it doesn't make sense to drop it on the server side.

My solution to this problem is to temporary reject the message but also
keep a cookie identifing it.  If the message is still being retried
after a certain amount of time (e.g. 24 hours) then it is allowed.

This technique has been very effective for me.  A lot of spam is sent
directly and is not retried.  Open relays are often fixed before the
time is reached.  Spammers that connect directly cannot keep retrying
for a long time.  They need to hit and run otherwise the IP address they
are using will be blackholed.

  Neil

Adrian 'Dagurashibanipal' von Bidder | 1 May 2003 18:29

Picon

Re: spam sent to debian.org addresses

On Thursday 01 May 2003 15:36, Matt Zimmerman wrote:
> On Thu, May 01, 2003 at 08:53:31AM +0200, Adrian 'Dagurashibanipal' von 
Bidder wrote:
> > A big part of the spam can be trivially blocked at the point where it
> > enters the Debian servers, using DNSRBLs and other sensible restrictions.
> > When it enters my mailer, it can not be trivially blocked as it comes
> > from murphy.debian.org which is a mail server I want to accept mail from.
>
> A lot of legitimate mail can be trivially blocked this way, as well, which
> is why it doesn't make sense to drop it on the server side.

For some arbitrary definition of 'a lot'. There is a wide range of dnsrbls 
available, with different goals. Blocking on the more conservative lists, 
like the spamhaus one, and on the open relay lists will hardly block any 
legitimate mail. Using lists like SPEWS or even spamcop will guarantee quite 
a bit of mail blocked (IIRC murphy has been in and out the spamcop list in 
the past, and I know that the AOL mailservers are in the spamcop list quite 
frequently). In the special case of an international project like Debian, 
blocking country level cannot be done for obvious reasons, whereas the same 
can easily be done even for a relatively large company with few foreign 
contacts.

Hmmm. Has anybody done statistcs about how many first-time/one-time posters 
there are on the Debian lists every week (particularly on *-users-*)? One 
thing that could be feasible is to use an automatic whitelist, with first 
time posters needing a much lower spamassassin score than regulars (those who 
are above the score would need to be approved - personally I'd think doing an 
email ping pong with those would not be a rude thing to do on a mailing list, 
as opposed to a private email address, but iirc I am in the minority with 
that opinion).

(Continue reading)

Martin Schulze | 1 May 2003 17:59

Re: spam sent to debian.org addresses

Matt Zimmerman wrote:
> On Thu, May 01, 2003 at 08:53:31AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote:
> 
> > A big part of the spam can be trivially blocked at the point where it enters 
> > the Debian servers, using DNSRBLs and other sensible restrictions. When it 
> > enters my mailer, it can not be trivially blocked as it comes from 
> > murphy.debian.org which is a mail server I want to accept mail from.
> 
> A lot of legitimate mail can be trivially blocked this way, as well, which
> is why it doesn't make sense to drop it on the server side.

Which is also a reason dialup-rbl lists are not enabled by default.
Even if it would reduce the amount of spam, it would close Debian
for certain people, which is not acceptable for/by Debian.

Regards,

	Joey

--

-- 
Life is too short to run proprietary software.  -- Bdale Garbee

Return

Return to gmane.linux.debian.devel.project.

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane