|
|
|
|
|
|
| Author |
Message |
Lionel Elie Mamane
*nix forums Guru Wannabe
Joined: 11 Mar 2005
Posts: 100
|
 Posted: Tue Jul 18, 2006 8:40 am Post subject:
Re: greylisting on debian.org?
|
|
|
On Tue, Jul 18, 2006 at 10:22:41AM +0200, Christian Perrier wrote:
| Quote: | Lionel Elie Mamane a 閏rit :
|
| Quote: | Bingo: Legitimate mail slowed down. You think the price is worth
it, which is a valid opinion. I happen not to think so.
The question becomes: aren't you in a small minority?
|
That may very well be. A message was sent saying "only Thomas
disagrees", I just wanted to say that if we go the voice-counting way,
I have one, too.
| Quote: | We certainly all know that it's perfectly impossible to reach a 100%
consensus on such a topic. But what would be your point if a strong
majority of DD agrees with the use of greylisting (as described by
Pierre)
|
Then it would be OK to implement it. The very best would be to do the
same I do on my mail server, where users can individually choose
greylisting or not for personal mail to them, by a settings file in
their home directory. But if a strong majority wants greylisting, it
is OK to just do it on all mail (except postmaster@, maybe).
| Quote: | I don't remember the "master cannot cope under mail load, we need
desperate measures" point being brought up before. I may have
missed it.
Well, given the way I received debian lists mail last day, there has
probably been something somewhere..
|
I meant "in this thread". I do not read all threads, nor all mailing
lists.
--
Lionel
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
 |
Pierre HABOUZIT
*nix forums beginner
Joined: 16 Apr 2006
Posts: 42
|
| Posted: Tue Jul 18, 2006 8:50 am Post subject:
Re: Measuring "should I greylist?" false positive rate [was: greylisting on debian.org?]
|
|
|
Le mar 18 juillet 2006 10:27, Lionel Elie Mamane a 茅crit :
| Quote: | On Tue, Jul 18, 2006 at 10:03:59AM +0200, Pierre Habouzit wrote:
it's the number of mails that are beeing resubmited per week with
my system. so in fact, in them, there is 49 spams.
Fascinating. Which RBL's do you use for that? Or do you have atypical
mail patterns? Exactly two of my 50-or-so mail users use greylisting,
based on RBLs *only*. They are kinda high-traffic mail users, but
still, they, on their own, push the greylisting "this triplet is
allowed" database entries to the thousands. The "this triplet tried
once, but not more, in the alloted time" database entries are more
numerous only by about an order of magnitude.
|
I already told before what I use for my personnal setup. on those
servers it's:
rbl: cbl.abuseat.org
rbl: dynablock.njabl.org
we used to use dul.dnsbl.sorbs.net, but it recently got mad and took
ages to answer, making us greylist the whole planet.
The 50 resubmitted mails are what we have now that the 'postgrey'
database is trained. it was a bit higher during the earlier days. and
the efficiency is remarkable: http://madism.org/~madcoder/pub/glist.png
(it's only one of the MX's)
the green area is the amount of accepted mails.
the red/blue/orange curves are what our bayesian filter thinks of those
mails.
the grey curve is unrelated to the others, and is the amount of mails we
temporarily refused. Like said, very few are resubmited after. sadly we
don't draw them, we should...
since we have that setup, our servers rarely have a load over 0.8 (only
when a big mail list delivers), whereas it was over 3 to 4 frequently
due to spam before. mails are always delivered in less than 3 seconds
(against sth up to the minute before).
--
路O路 Pierre Habouzit
路路O madcoder@debian.org
OOO http://www.madism.org |
|
| Back to top |
|
|
Christian Perrier
*nix forums Guru Wannabe
Joined: 22 Mar 2005
Posts: 204
|
| Posted: Tue Jul 18, 2006 10:00 am Post subject:
Re: greylisting on debian.org?
|
|
|
| Quote: | Then it would be OK to implement it. The very best would be to do the
same I do on my mail server, where users can individually choose
greylisting or not for personal mail to them, by a settings file in
their home directory. But if a strong majority wants greylisting, it
is OK to just do it on all mail (except postmaster@, maybe).
|
Well, if per-user settings are possible, then it would be a *very*
valuable feature to have. That would certainly allow avoiding concerns
like yours (or minimize them as much as possible).
Dunno if that is possible with Pierre Habouzit greylisting
system...Pierre?
-- |
|
| Back to top |
|
|
Pierre HABOUZIT
*nix forums beginner
Joined: 16 Apr 2006
Posts: 42
|
| Posted: Tue Jul 18, 2006 10:20 am Post subject:
Re: greylisting on debian.org?
|
|
|
Le mar 18 juillet 2006 11:51, Christian Perrier a 茅crit :
| Quote: | Then it would be OK to implement it. The very best would be to do
the same I do on my mail server, where users can individually
choose greylisting or not for personal mail to them, by a settings
file in their home directory. But if a strong majority wants
greylisting, it is OK to just do it on all mail (except
postmaster@, maybe).
Well, if per-user settings are possible, then it would be a *very*
valuable feature to have. That would certainly allow avoiding
concerns like yours (or minimize them as much as possible).
Dunno if that is possible with Pierre Habouzit greylisting
system...Pierre?
|
it is, and it's not.
the historical way to perform greylist is to do it on a per user basis,
answering your 200/400 answers to each RCPT TO command.
so basically, the greylister could know he should not greylist some
recipients.
*but*:
(1) many broken MTA do not understand that you give a 400 to some
RCPT's and not others, and have erratic behaviours that may result
in:
- many resents of the same mail for the people that do not use
greylisting
- delay even for the one that do not user greylisting
(2) "modern" greylisting usually do it at DATA now (I mean at the DATA
command, where the smtpd usually anser sth like:
321 please end your command with <CR><LF>.<CR><LF> or sth
similar), because it makes checks beeing done only once.
but basically, what I've suggested alread some time ago, is not to
refine the greylisting method, here you can use whatever greylister you
want, with whatever customization you need/want. I just suggested to do
conditionnal greylisting, the rest is up to the greylister you use,
really. everything is possible.
--
路O路 Pierre Habouzit
路路O madcoder@debian.org
OOO http://www.madism.org |
|
| Back to top |
|
|
Wouter Verhelst
*nix forums Guru
Joined: 04 Apr 2005
Posts: 558
|
| Posted: Tue Jul 18, 2006 10:50 am Post subject:
Re: greylisting on debian.org?
|
|
|
On Tue, Jul 18, 2006 at 09:47:13AM +0200, Lionel Elie Mamane wrote:
| Quote: | On Tue, Jul 18, 2006 at 12:47:49AM +0200, Josselin Mouette wrote:
* Exim sender/callout fails with a fatal error.
"Fatal" means not temporary?
|
Yes. It means exim did this to one of the MX hosts listed for the
domain:
EHLO <hostname>
MAIL FROM:<>
RCPT TO:<address to be tested>
QUIT
and received a 5xx error in reply to the RCPT TO: line (not 4xx).
--
Fun will now commence
-- Seven Of Nine, "Ashes to Ashes", stardate 53679.4
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Adrian von Bidder
*nix forums Guru Wannabe
Joined: 05 Mar 2005
Posts: 206
|
| Posted: Tue Jul 18, 2006 11:30 am Post subject:
Greylisting: discussion should stop here, for now (Re: greylisting on debian.org?)
|
|
|
Apart from the fact that the opinions seem to be set (and haven't really
changed since the last time the discussion came up IIRC, so we really can
stop arguing - nothing new for quite some time...): am I correct in my
observation that nobody who has participated in this discussion up to now
is involved in Debian email administration? I had a quick look at
<http://www.debian.org/intro/organization>, but I didn't really check all
names.
So even if the discussion leans in favor of greylisting on RBL (SBL+XBL? Or
also DUL, spamcop, ...?): is there any chance of this getting anywhere?
cheers
-- vbi
--
Computer programmers don't byte, they nibble a bit. |
|
| Back to top |
|
|
Pierre HABOUZIT
*nix forums beginner
Joined: 16 Apr 2006
Posts: 42
|
| Posted: Tue Jul 18, 2006 11:50 am Post subject:
Re: Greylisting: discussion should stop here, for now (Re: greylisting on debian.org?)
|
|
|
Le mar 18 juillet 2006 13:20, Adrian von Bidder a 茅crit :
| Quote: | Apart from the fact that the opinions seem to be set (and haven't
really changed since the last time the discussion came up IIRC, so we
really can stop arguing - nothing new for quite some time...): am I
correct in my observation that nobody who has participated in this
discussion up to now is involved in Debian email administration? I
had a quick look at <http://www.debian.org/intro/organization>, but I
didn't really check all names.
|
For the record (it was already said in the thread IIRC), the setup we
are discussing is in production on alioth since sth like 4 or 5 monthes
now (maybe a bit less) on my idea, and thanks to Raphael Hertzog for
actually using his alioth admin hat to put it together.
so as a matter of a fact, yes, I've already worked in a way so that such
solutions can be implemented where there is reachable and listening
people to work with.
| Quote: | So even if the discussion leans in favor of greylisting on RBL
(SBL+XBL? Or also DUL, spamcop, ...?): is there any chance of this
getting anywhere?
|
I'm not sure the DSA team is a very open one, if I'm mistaken, then take
that mail as an official application request, either for a temporary
delegation (or for a more permanent thing) to work on implementing more
efficient mail delivery on debian MX'es.
--
路O路 Pierre Habouzit
路路O madcoder@debian.org
OOO http://www.madism.org |
|
| Back to top |
|
|
Thomas Bushnell BSG
*nix forums Guru
Joined: 20 Feb 2005
Posts: 806
|
| Posted: Tue Jul 18, 2006 7:30 pm Post subject:
Re: greylisting on debian.org?
|
|
|
Adam Borowski <kilobyte@angband.pl> writes:
| Quote: | Even worse, there's nothing preventing a site from saying it has a
temporary local problem when it _does_. Thus, if your mail server
can't handle retrying, it will drop mail every time something is not
in perfect working order. And hardware or network failures are
something to be expected.
Any legitimate server must support retrying. For any reason.
|
Yes, and this is not the point. The point is that the standard does
*not* say that the retry must come from the same place, or even
anything like the same place.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Thomas Bushnell BSG
*nix forums Guru
Joined: 20 Feb 2005
Posts: 806
|
| Posted: Tue Jul 18, 2006 7:30 pm Post subject:
Re: greylisting on debian.org?
|
|
|
Stephen Gran <sgran@debian.org> writes:
| Quote: | This one time, at band camp, Thomas Bushnell BSG said:
And finally, if we don't care about standards conformance, I have said
that a good second-best is to document exactly what our requirements
are, rather than burying them in apparent secrecy.
What standards, exactly? Can you be specific? I have seen you assert
this several times, but I see nothing in the RFCs preventing a site from
saying it has a temporary local problem when it doesn't. You've been
asked this before in response to your assertion, and haven't answered.
|
So the meaning of 4xx is "temporary local problem". Sending that when
you don't have a temporary local problem is a violation, right there.
Must the standard repeat after every sentence, "oh, and don't lie".
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Thomas Bushnell BSG
*nix forums Guru
Joined: 20 Feb 2005
Posts: 806
|
| Posted: Tue Jul 18, 2006 7:30 pm Post subject:
Re: greylisting on debian.org?
|
|
|
Josselin Mouette <joss@debian.org> writes:
| Quote: | I have refused greylisting for a long time for that exact reason.
However the setup Pierre Habouzit describes does not delay most of
legitimate mail. Frankly, the remaining delays are sporadic and one can
live with them.
|
What bothers me is that we hear "it never delays legitimate mail!" and
then "well, ok, it delays some".
If the anti-spam advocates consistently said "our measures impose
such-and-such a cost, but we think it's worth it", I would be
delighted.
But what I seem to hear is not that. It's "hey, this imposes no
costs!" or "spam is evil, so any cost is worth bearing to fight it!"
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Lo颿 Minier
*nix forums addict
Joined: 28 Feb 2005
Posts: 60
|
| Posted: Tue Jul 18, 2006 7:40 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On Tue, Jul 18, 2006, Thomas Bushnell BSG wrote:
| Quote: | If the anti-spam advocates consistently said "our measures impose
such-and-such a cost, but we think it's worth it", I would be
delighted.
|
the measures impose a cost, but we think it's worth it
Can we get greylisting now?
--
Lo颿 Minier <lool@dooz.org>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Thomas Bushnell BSG
*nix forums Guru
Joined: 20 Feb 2005
Posts: 806
|
| Posted: Tue Jul 18, 2006 7:40 pm Post subject:
Re: Greylisting: discussion should stop here, for now (Re: greylisting on debian.org?)
|
|
|
Pierre Habouzit <madcoder@debian.org> writes:
| Quote: | For the record (it was already said in the thread IIRC), the setup we
are discussing is in production on alioth since sth like 4 or 5 monthes
now (maybe a bit less) on my idea, and thanks to Raphael Hertzog for
actually using his alioth admin hat to put it together.
|
Can you document on the relevant web page exactly how the graylisting
works and what specific things get blocked and when?
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Thomas Bushnell BSG
*nix forums Guru
Joined: 20 Feb 2005
Posts: 806
|
| Posted: Tue Jul 18, 2006 7:40 pm Post subject:
Re: greylisting on debian.org?
|
|
|
md@Linux.IT (Marco d'Itri) writes:
| Quote: | On Jul 17, Thomas Bushnell BSG <tb@becket.net> wrote:
Still, if you think it's just nitpicking, then why not ask the IETF to
amend the standard to clearly permit this practice?
Because there is no reason to do this, this is not a standard issue but
plain operations.
|
Really? So you think the IETF would happily issue a statement
agreeing?
Of course, the facts are that the IETF regards graylisting as a
violation of the email protocols and not to be implemented.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Marco d'Itri
*nix forums Guru
Joined: 03 Apr 2005
Posts: 401
|
| Posted: Tue Jul 18, 2006 7:50 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On Jul 18, Thomas Bushnell BSG <tb@becket.net> wrote:
| Quote: | Because there is no reason to do this, this is not a standard issue but
plain operations.
Really? So you think the IETF would happily issue a statement
agreeing?
Yes. |
| Quote: | Of course, the facts are that the IETF regards graylisting as a
violation of the email protocols and not to be implemented.
When (and how?) did the IETF express such an opinion? |
--
ciao,
Marco |
|
| Back to top |
|
|
Marco d'Itri
*nix forums Guru
Joined: 03 Apr 2005
Posts: 401
|
| Posted: Tue Jul 18, 2006 7:50 pm Post subject:
Re: greylisting on debian.org?
|
|
|
On Jul 18, Thomas Bushnell BSG <tb@becket.net> wrote:
| Quote: | Yes, and this is not the point. The point is that the standard does
*not* say that the retry must come from the same place, or even
anything like the same place.
The point is that in the real world nobody cares that this is not |
specified in a standard.
--
ciao,
Marco |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sat Nov 22, 2008 7:47 am | All times are GMT
|
|
Loans | Mortgage Calculator | Loan | Mortgage Calculator | Mortgages
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
Distributions
»
Debian
»
devel
