Re: HELP!! spamasssin killing my server - SpamAssassin

This is a discussion on Re: HELP!! spamasssin killing my server - SpamAssassin ; ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Re: HELP!! spamasssin killing my server

  1. Re: Discussion side point: levels of Trust


  2. Re: HELP!! spamasssin killing my server

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    [sent only to the original poster by accident - reply-to considered
    "needs brain" ]

    | [skipped the debug output]

    A couple of notes:

    1) This advice:

    | Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
    | configured; it is recommended that you configure trusted_networks
    manually

    should not be ignored. Setting trusted_networks would slightly reduce
    the number of DNS lookups and can avoid all sorts of funny error
    situations.

    2) The WHOIS_* rules have proven pretty ineffective in my setup, and I
    have disabled them without negative impact on overall filtering
    effectiveness.

    3) Do you reject connections at the MTA level with a selection of
    blacklists (eg sbl/xbl/pbl/zen.spamhaus.org) and/or other means? This
    should greatly reduce the workload on SpamAssassin.

    4) How big are the bayes and AWL files? How do you do maintenance on them?

    - -- Matthias
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (Darwin)

    iD8DBQFIT3nHxbHw2nyi/okRAvuhAJsFvBgEFy5/fPgr6bSIcw0MqugHmwCgmJ4A
    BNzCcdP24ZkcFMtvsjGwcoo=
    =0K7b
    -----END PGP SIGNATURE-----


  3. Re: HELP!! spamasssin killing my server

    On 11.06.08 09:07, Matthias Leisi wrote:
    > [sent only to the original poster by accident - reply-to considered
    > "needs brain" ]


    your MUA needs brain, pardon, List-Reply function...

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    - Holmes, what kind of school did you study to be a detective?
    - Elementary, Watson.


  4. Re: Discussion side point: levels of Trust

    > Matthias Leisi wrote:
    > >1) This advice:
    > >| Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
    > >| configured; it is recommended that you configure trusted_networks
    > >manually
    > >
    > >should not be ignored. Setting trusted_networks would slightly reduce
    > >the number of DNS lookups and can avoid all sorts of funny error
    > >situations.


    On 11.06.08 17:46, Linda Walsh wrote:
    > How does one decided on 'trust'? I.e. I think it would be
    > useful to assign a probability to "Trust" at the least.


    It's completely up to you. You must decide who do you trust for not spamming
    and not faking IP address they (possibly) relay mail from.

    > I mean do I put
    > my ISP in my trusted server list? -- suppose they start partnering with
    > an ad-firm? Or.. get bought-out? ... I probably won't know most of their
    > internal politics... ISP's in some eastern state have already committed to
    > filtering arbitrary sites based on local values and arbitrary listing
    > policies(?) This whole 'save-the-child-porn' shtick the government is
    > using as a necessary excuse to violate computer privacy is unacceptable.


    Do as you wish, however correctly set trusted and internal networks may
    lower the number of DNS lookups and lower number of FPs/FNs.

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    We are but packets in the Internet of life (userfriendly.org)


  5. Re: Discussion side point: levels of Trust

    Linda Walsh schrieb am 12.06.2008 02:46:

    >> 1) This advice:
    >> | Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
    >> | configured; it is recommended that you configure trusted_networks
    >> manually


    > How does one decided on 'trust'?


    For trusted_network in SpamAssassin, the definition is simple. In the
    trusted_networks configuration "trust" is interpreted in such a way that
    you trust machines in the listed networks to insert correct Received:
    lines and not originate spam. You trust them that they will never insert
    forged Received: lines.

    It doesn't mean that you trust systems from trusted_network relay spam
    to you.

    You can read more about this in
    http://wiki.apache.org/spamassassin/TrustedRelays and
    http://wiki.apache.org/spamassassin/TrustPath

    Tschau
    Alex


  6. Re: Discussion side point: levels of Trust

    On Wed, 11 Jun 2008, SM wrote:

    > At 17:46 11-06-2008, Linda Walsh wrote:
    >> How does one decided on 'trust'? I.e. I think it would be
    >> useful to assign a probability to "Trust" at the least. I mean do I put
    >> my ISP in my trusted server list? -- suppose they start partnering with

    >
    > It could be a reputation system where you assign a probability.


    Probability of what, exactly?

    Bear in mind, "trusted" means "does not forge Received: headers", not
    "does not send or relay spam".

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    People seem to have this obsession with objects and tools as being
    dangerous in and of themselves, as though a weapon will act of its
    own accord to cause harm. A weapon is just a force multiplier. It's
    *humans* that are (or are not) dangerous.
    -----------------------------------------------------------------------
    6 days until SWMBO's Birthday


  7. best combinations of plugins for SA

    What is the best combinations of SA plugins that can work together and gives near perfect results?


  8. Re: Discussion side point: levels of Trust

    On Thu, 12 Jun 2008, SM wrote:

    > At 10:22 12-06-2008, John Hardin wrote:
    >> Probability of what, exactly?

    >
    > It can be a probability based on historical data of the sender or an
    > arbitrary score.


    That's not the "what" that you're measuring with the probability factor,
    that's the "how" you're measuring it.

    >> Bear in mind, "trusted" means "does not forge Received: headers", not "does
    >> not send or relay spam".

    >
    > My answer was more about levels of trust. It doesn't apply to
    > "trusted". As you pointed out above, that has a different meaning.


    Was the OP _not_ talking about "trust" in the only context that SA uses
    it, then? If so, that's what prompted my comment.

    I don't see how "does/does not forge headers" can be anything but binary,
    thus rendering a discussion of levels of trust meaningless in that
    context. "Probability of spamming" may be a useful metric to judge a host
    (witness the effectiveness of DNSBLs), but when discussing SA we should
    not use the term "trust" to refer to that concept.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    There is no doubt in my mind that millions of lives could have been
    saved if the people were not "brainwashed" about gun ownership and
    had been well armed. ... Gun haters always want to forget the Warsaw
    Ghetto uprising, which is a perfect example of how a ragtag,
    half-starved group of Jews took 10 handguns and made asses out of
    the Nazis. -- Theodore Haas, Dachau Survivor
    -----------------------------------------------------------------------


  9. Re: Discussion side point: levels of Trust



    John Hardin wrote:
    > On Wed, 11 Jun 2008, SM wrote:
    >
    >> At 17:46 11-06-2008, Linda Walsh wrote:
    >>> How does one decided on 'trust'? I.e. I think it would be
    >>> useful to assign a probability to "Trust" at the least. I mean do I put
    >>> my ISP in my trusted server list? -- suppose they start partnering
    >>> with

    >>
    >> It could be a reputation system where you assign a probability.

    >
    > Probability of what, exactly?
    >
    > Bear in mind, "trusted" means "does not forge Received: headers", not
    > "does not send or relay spam".


    ----
    I am aware of this.
    However, it's not an easily discerned number, but if I had att or comcast as an
    ISP, my trust in them would maybe be a trust value .7-.8. Like the
    ISP in Europe who insertted over 20million ads on HTML pages -- they could
    just as easily be adjusting return headers.
    But more worrysome are the cooperations of ISP's with the
    unconstitutional 'lawless intercept' actions by law enforcement agencies that
    are used to find and entrap end-users for any crime they wish to target.
    While the laws were sold on terrorist grounds, then later bolstered via
    the mantra "for the children for the children...its all the childporn" (expanded
    to apply to anyone under age 18).

    I could easily see the possibility of domain-information being
    corrupted -in real time- to allow intercept of traffic -- that could either
    be used in a 'honeypot' scenario, or just to monitor. While in some cases
    they ISP's have no choice but to cooperate, there have been several high profile
    ISP's (ATT, Verizon), who have handed over information without requiring any
    formal oversite or legal documents. That's scarey as the US moves more toward
    the corrupted-GOP's idealized police state. Hopefully we can get some
    serious regime change to undo some of these worst practices...but governments
    are notoriously bad about letting go of power once they've grabbed a hold of it.


  10. Re: Discussion side point: levels of Trust

    On Mon, 16 Jun 2008, Linda Walsh wrote:

    > John Hardin wrote:
    >> On Wed, 11 Jun 2008, SM wrote:
    >>
    >> > At 17:46 11-06-2008, Linda Walsh wrote:
    >> > > How does one decided on 'trust'? I.e. I think it would be
    >> > > useful to assign a probability to "Trust" at the least. I mean do I
    >> > > put
    >> > > my ISP in my trusted server list? -- suppose they start partnering
    >> > > with
    >> >
    >> > It could be a reputation system where you assign a probability.

    >>
    >> Probability of what, exactly?
    >>
    >> Bear in mind, "trusted" means "does not forge Received: headers", not
    >> "does not send or relay spam".

    >
    > I am aware of this.
    > However, it's not an easily discerned number, but if I had att or
    > comcast as an ISP, my trust in them would maybe be a trust value .7-.8.


    You think they shouldn't be trusted to honestly report the IP address
    their MTA accepts a message from?

    > Like the ISP in Europe who insertted over 20million ads on HTML pages --
    > they could just as easily be adjusting return headers.


    The situations aren't parallel. The HTML modification had a profit motive
    (at least until they lose enough in litigation to offset the profits from
    inserting ads in other people's web pages). Where is the motivation to
    forge Received: headers or lie? About the only scenario I can think of is
    that they are an ISP who knowingly hosts spammers.

    Where would an investigative need to report incorrect Received: data
    arise? Obscuring the source of an FBI keylogger-insertion email? Perhaps.
    How is that relevant to spam detection?

    If you are a subscriber of a given ISP and you're retrieving your mail
    from a mailbox at that ISP via POP/IMAP, you pretty much can't avoid
    trusting them. They are the public-facing interface of your account. How
    would fractional trust work in such a scenario?

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    The world has enough Mouse Clicking System Engineers.
    -- Dave Pooser
    -----------------------------------------------------------------------
    2 days until SWMBO's Birthday


+ Reply to Thread