|
|
|
|
|
|
| Author |
Message |
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
 Posted: Wed Jul 05, 2006 2:50 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Wolfgang Lonien <wolfgang@lonien.de> [2006.07.05.1519 +0200]:
| Quote: | Do we use greylisting on the @debian.org domain and especially on
@lists.debian.org?
If not, then we should probably try it - for my private stuff, that
works just nice. The only things which still come through are spams
which were sent over debian.org and such, which obviously use real mail
servers.
|
This has been brought up. Basically I don't think people were
opposed to it, but there was noone available to implement it.
So if you really want it, log in to the hosts, copy the exim
configuration, implement greylisting, test it, then contact
debian-admin@lists.d.o with patches.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
i've not lost my mind. it's backed up on tape somewhere. |
|
| Back to top |
|
 |
Pierre HABOUZIT
*nix forums beginner
Joined: 16 Apr 2006
Posts: 42
|
| Posted: Wed Jul 05, 2006 3:40 pm Post subject:
Re: greylisting on debian.org?
|
|
|
Le mer 5 juillet 2006 16:45, martin f krafft a écrit :
| Quote: | also sprach Wolfgang Lonien <wolfgang@lonien.de> [2006.07.05.1519
+0200]:
Do we use greylisting on the @debian.org domain and especially on
@lists.debian.org?
If not, then we should probably try it - for my private stuff, that
works just nice. The only things which still come through are spams
which were sent over debian.org and such, which obviously use real
mail servers.
This has been brought up. Basically I don't think people were
opposed to it, but there was noone available to implement it.
So if you really want it, log in to the hosts, copy the exim
configuration, implement greylisting, test it, then contact
debian-admin@lists.d.o with patches.
|
the patches exists, and I already did that. the setup is in production
on alioth FWIW, thanks to raphael hertzog.
basically, on alioth the greylisting is a selective greylist: we only
use greylisting on hosts that are awkward (like listed on rbl's,
reverse IP do not resolve, ...).
greylist is inneficient if the remote host is a real smtp server, and
real smtp server likely :
- are not listed on rbl's
- uses a correct reverse dns
- ...
I had a couple of posts on the subject on my blog[1]. FWIW I also have
written a policy daemon, used with postgrey (or any other existant
greylister) called whitelister[2], in order to implement the same thing
on postfix. Configuration is pretty straightforward.
[1] http://blog.madism.org/index.php/2006/03/25/79-debianorg-and-spam
http://blog.madism.org/index.php/2006/03/28/80-debianorg-and-spam-2
     http://blog.madism.org/index.php/2006/04/03/81-debianorg-and-spam-3-alioth
[2] http://packages.qa.debian.org/w/whitelister.html
http://backports.org/package.php?search=whitelister
--
·O· Pierre Habouzit
··O madcoder@debian.org
OOO http://www.madism.org |
|
| Back to top |
|
|
Marco d'Itri
*nix forums Guru
Joined: 03 Apr 2005
Posts: 401
|
| Posted: Wed Jul 05, 2006 4:10 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On Jul 05, Wolfgang Lonien <wolfgang@lonien.de> wrote:
| Quote: | Do we use greylisting on the @debian.org domain and especially on
@lists.debian.org?
No, we prefer to silently junk messages to mailing lists which appear |
to be spam.
The @debian.org addreses have no filtering at all, so I implemented
some myself, which so far has been working very well:
md@master:~$cat .forward
| /home/md/bin/I-do-not-use-this-address
md@master:~$cat /home/md/bin/I-do-not-use-this-address
#!/bin/sh
echo "***********************************************************"
echo "************** PLEASE MAIL ME AT md@linux.it **************"
echo "***********************************************************"
echo ""
echo "I never used my @debian.org address and I had to disable it because"
echo "it delivers a huge quantity of spam and almost no legitimate mail."
echo "If you want to send me mail you can use my usual md@linux.it address."
echo ""
echo "If your address was forged by a spammer and you received this"
echo "backscatter bounce, feel free to report it to postmaster@debian.org."
exit 1
md@master:~$
--
ciao,
Marco |
|
| Back to top |
|
|
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
| Posted: Wed Jul 05, 2006 4:10 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Pierre Habouzit <madcoder@debian.org> [2006.07.05.1733 +0200]:
| Quote: | the patches exists, and I already did that. the setup is in production
on alioth FWIW, thanks to raphael hertzog.
|
ah! have you submitted them to debian-admin?
| Quote: | basically, on alioth the greylisting is a selective greylist: we only
use greylisting on hosts that are awkward (like listed on rbl's,
reverse IP do not resolve, ...).
greylist is inneficient if the remote host is a real smtp server, and
real smtp server likely :
- are not listed on rbl's
- uses a correct reverse dns
- ...
|
FWIW, I do the same now, but I just use a regexp:
/(\-.+){4}$/ greylisting
/(\..+){4}$/ greylisting
/unknown/ greylisting
and these two:
http://sqlgrey.bouton.name/dyn_fqdn.regexp
http://sqlgrey.bouton.name/smtp_server.regexp
Now, about whitelister, would you consider backporting that to
sarge?
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
"we should have a volleyballocracy.
we elect a six-pack of presidents.
each one serves until they screw up,
at which point they rotate."
-- dennis miller |
|
| Back to top |
|
|
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
| Posted: Wed Jul 05, 2006 4:20 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Marco d'Itri <md@Linux.IT> [2006.07.05.1807 +0200]:
| Quote: | echo "If your address was forged by a spammer and you received this"
echo "backscatter bounce, feel free to report it to postmaster@debian.org."
|
Very productive and cooperative.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
i've not lost my mind. it's backed up on tape somewhere. |
|
| Back to top |
|
|
Loïc Minier
*nix forums addict
Joined: 28 Feb 2005
Posts: 60
|
| Posted: Wed Jul 05, 2006 4:30 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On Wed, Jul 05, 2006, martin f krafft wrote:
| Quote: | Now, about whitelister, would you consider backporting that to
sarge?
|
Isn't it already?
whitelister:
Installed: (none)
Candidate: (none)
Version Table:
0.8-2 0
-1 http://ftp.fr.debian.org unstable/main Packages
0.8-0bpo1 0
-1 http://ftp.de.debian.org sarge-backports/main Packages
--
Loïc Minier <lool@dooz.org>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
| Posted: Wed Jul 05, 2006 4:40 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Loïc Minier <lool+debian@via.ecp.fr> [2006.07.05.1824 +0200]:
Mmmmmhhhhhh.... *something* here is broken then.
Sorry.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
"common sense is the collection
of prejudices acquired by age eighteen"
-- albert einstein |
|
| Back to top |
|
|
Matthew R. Dempsky
*nix forums Guru Wannabe
Joined: 11 Mar 2006
Posts: 110
|
| Posted: Wed Jul 05, 2006 5:00 pm Post subject:
Re: greylisting on debian.org?
|
|
|
(Is debian-devel the correct list for this?)
On Wed, Jul 05, 2006 at 03:19:08PM +0200, Wolfgang Lonien wrote:
| Quote: | If not, then we should probably try it
|
Can it be limited to suspected spam (e.g. mail with a high smtp-time
spamassassin score)? Others may disagree, but I prefer the small
amount of spam that does plague Debian's mailing lists to graylisting's
obnoxious delays for legitimate mail.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Thomas Bushnell BSG
*nix forums Guru
Joined: 20 Feb 2005
Posts: 806
|
| Posted: Sun Jul 09, 2006 4:00 am Post subject:
Re: greylisting on debian.org?
|
|
|
martin f krafft <madduck@debian.org> writes:
| Quote: | This has been brought up. Basically I don't think people were
opposed to it, but there was noone available to implement it.
|
There were people opposed to it, in fact.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Christian Perrier
*nix forums Guru Wannabe
Joined: 22 Mar 2005
Posts: 204
|
| Posted: Sun Jul 09, 2006 6:20 am Post subject:
Re: greylisting on debian.org?
|
|
|
Quoting Thomas Bushnell BSG (tb@becket.net):
| Quote: | martin f krafft <madduck@debian.org> writes:
This has been brought up. Basically I don't think people were
opposed to it, but there was noone available to implement it.
There were people opposed to it, in fact.
|
What were their arguments? |
|
| Back to top |
|
|
Marc Haber
*nix forums Guru
Joined: 20 Feb 2005
Posts: 646
|
| Posted: Sun Jul 09, 2006 12:40 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On Sun, 9 Jul 2006 08:14:20 +0200, Christian Perrier
<bubulle@debian.org> wrote:
| Quote: | Quoting Thomas Bushnell BSG (tb@becket.net):
martin f krafft <madduck@debian.org> writes:
This has been brought up. Basically I don't think people were
opposed to it, but there was noone available to implement it.
There were people opposed to it, in fact.
What were their arguments?
|
For example, that greylisting puts significant load on systems that
deliver mail to us, and that it is only a question of time before spam
zombies retry.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
|
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
| Posted: Sun Jul 09, 2006 1:40 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Marc Haber <mh+debian-devel@zugschlus.de> [2006.07.09.1430 +0200]:
| Quote: | For example, that greylisting puts significant load on systems
that deliver mail to us,
|
I am sorry, I don't buy this argument at all. First, a 4xx is not
"significant load" on any mailer unless you're running some piece of
crap. Sure, when you reach the thousands, even postfix could break
the occasional sweat, but which one server delivers thousands of
messages to continuously new from/rcpt combinations -- because
remember, greylisting caches.
| Quote: | and that it is only a question of time before spam zombies retry.
|
Yeah sure, which is why some of us wanted greylisting years ago, so
the question of time would have been longer regardless.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
"man kann die menschen nur von ihren eigenen meinungen überzeugen."
-- charles tschopp |
|
| Back to top |
|
|
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
| Posted: Sun Jul 09, 2006 1:50 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Thomas Bushnell BSG <tb@becket.net> [2006.07.09.0557 +0200]:
| Quote: | There were people opposed to it, in fact.
|
Sure, nobody expected it to be any different. This is Debian, after
all. :)
There will always be opposers. If we let our work be hindered by
them, we're going to stagnate.
Anyway, I'll be interested to hear a summary of their arguments, as
Christian Perrier requested. I find it hard to imagine how properly
configured greylisting should cause any problems.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
no micro$oft components were used
in the creation or posting of this email.
therefore, it is 100% virus free
and does not use html by default (yuck!). |
|
| Back to top |
|
|
Martijn van Oosterhout
*nix forums Guru
Joined: 02 Mar 2005
Posts: 674
|
| Posted: Sun Jul 09, 2006 1:50 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On 7/9/06, martin f krafft <madduck@debian.org> wrote:
| Quote: | also sprach Marc Haber <mh+debian-devel@zugschlus.de> [2006.07.09.1430 +0200]:
For example, that greylisting puts significant load on systems
that deliver mail to us,
I am sorry, I don't buy this argument at all. First, a 4xx is not
"significant load" on any mailer unless you're running some piece of
crap. Sure, when you reach the thousands, even postfix could break
the occasional sweat, but which one server delivers thousands of
messages to continuously new from/rcpt combinations -- because
remember, greylisting caches.
|
The point was about mailers sending mail to debian. If they receive a
4xx they have to queue the mail and retry later. It's cheap for
debian, but expensive for everyone else.
A far more reasonable solution is to only greylist mail with an
unreasonably high spamassassin score. Normal mail I assume generally
doesn't score high and is not susceptable to greylisting.
Not that I mind, the amount of spam received via this mailing list is
so marginal I can hardly imagine people worrying about it.
Have a nice day,
--
Martijn van Oosterhout <kleptog@gmail.com> http://svana.org/kleptog/
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
martin f krafft
*nix forums Guru
Joined: 01 Mar 2005
Posts: 360
|
| Posted: Sun Jul 09, 2006 2:20 pm Post subject:
Re: greylisting on debian.org?
|
|
|
also sprach Martijn van Oosterhout <kleptog@gmail.com> [2006.07.09.1548 +0200]:
| Quote: | The point was about mailers sending mail to debian. If they receive a
4xx they have to queue the mail and retry later. It's cheap for
debian, but expensive for everyone else.
|
My point was: even 100 such queued mails are not expensive nowadays
(unless your MTA is crap). If you have more than 100 queued mails
due to greylisting on debian.org, you are either a big provider and
can handle it, or a spammer.
| Quote: | A far more reasonable solution is to only greylist mail with an
unreasonably high spamassassin score. Normal mail I assume generally
doesn't score high and is not susceptable to greylisting.
|
Sure. Or greylist only when it's from a dynIP address.
| Quote: | Not that I mind, the amount of spam received via this mailing list is
so marginal I can hardly imagine people worrying about it.
|
Your email address doesn't appear to be plastered all over Debian
package control files, changelogs, the bug tracking system, and the
mailing lists. Or at least not as much as some others. I get
somewhere between 200-400 spam messages into my debian.org account
per day.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
*** important disclaimer:
by sending an email to any address, that will eventually cause it to
end up in my inbox without much interaction, you are agreeing that:
- i am by definition, "the intended recipient"
- all information in the email is mine to do with as i see fit and
make such financial profit, political mileage, or good joke as it
lends itself to. in particular, i may quote it on usenet.
- i may take the contents as representing the views of your company.
- this overrides any disclaimer or statement of confidentiality that
may be included on your message. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sat Nov 22, 2008 3:38 am | All times are GMT
|
|
Facebook Proxy | MPAA | Cingular Ringtones | Dutch Bodybuilding Forums | Loans
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
Distributions
»
Debian
»
devel
