On Dec 19, 2009, at 9:23 AM, RobertH wrote:
you know, with all the duking it out on the list over some methods
and such,
where is Jo Rhett when you need him?
he was always short and to the point...
:-)
Eh? Whut? (in the manner of someone woken from sleep)
--
Jo Rhett
Net Consonance
looking at 3.3 carefully but nothing stands out.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
scores, but
that's because years of personal experience demonstrated near-zero value. As
I have it configured today it works well without having to mark anything ;-)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other
randomness
else I missed?
Any solutions other then take the proxy server out and replace it with
the SpamAssassin/MTA combo?
--
Jo Rhett
Net Consonance ... net philanthropy, open source and other randomness
On Sep 23, 2007, at 5:17 PM, Michael Scheidell wrote:
Anyone have an answer that isn't obvious?
I already said I can't put it on the proxy.
No, you didn't. You mentioned that as an option.
And stop being rude to people who answer the question you asked.
--
Jo Rhett
Net Consonance
://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
with Amavis/SA processes that much mail PER HOUR without
breaking a sweat. No MTA-level RBLs.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
force you to use their mail servers.
Some other data providers are now doing transparent proxy on outbound
e-mail. In short, the user can't always control that.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
means that the user will never know that their session
was intercepted.
Yes, this means man-in-the-middle is trivial. No kidding. Beat up
the mail client creators.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
, etc etc.
As more and more people do more and more of their e-mail from hand-
held devices, this problem only gets worse.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
correspondent, so this
makes AWL more useful)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Mar 28, 2008, at 6:21 PM, Theo Van Dinter wrote:
On Fri, Mar 28, 2008 at 06:09:03PM -0700, Jo Rhett wrote:
I think that mail from self to self should be ignored by the AWL.
(it's harder to forged mail from a regular correspondent, so this
makes AWL more useful)
If you know the mail is from
. This is usually true, but forging your own address is
trivial.
On Mar 28, 2008, at 6:48 PM, Benny Pedersen wrote:
On Sat, March 29, 2008 02:09, Jo Rhett wrote:
I send myself a lot of email from my phone. So AWL properly scores
me well.
and the sender ip with a fuss of /16
I just got a piece
-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=3.8
tests=[ALL_TRUSTED=-1.44, AWL=0.720]
From: Jo Rhett [EMAIL PROTECTED]
Subject: test awl
Date: 01 Apr 2008 13:14:00 -0700
To: [EMAIL PROTECTED]
X-Mailer: ChatterEmail+ for Treo 6xx/700p
the reports to yourself first.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
.
Easy to forge, but who to forge? Hard for a spammer to know who I
correspond with frequently. Myself is the only one a spammer could
guess.
Again, not debating its merits just the implementation.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other
at netconsonance.com
X-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=3.8
tests=[ALL_TRUSTED=-1.44, AWL=0.720]
From: Jo Rhett [EMAIL PROTECTED]
Subject: test awl
Date: 01 Apr 2008 13:14:00 -0700
To: [EMAIL PROTECTED]
X-Mailer: ChatterEmail
in having every possible mail account need
a setting like this manually inserted. That's why I'm asking about a
fix in the module...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
in the module.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Received header
and goes to the previous one. That's why I asked the question about
which IP is used.
This is usually true, but forging your own address is trivial.
yep, but ip should still limit the problem very much
I agree.
--
Jo Rhett
Net Consonance : consonant endings by net
, reduce
the TTL on that record.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Matt Kettler wrote:
There's
nothing in trusted networks, I don't trust anything...
Jo, that's impossible in spamassasin. You cannot have an empty trust, it
doesn't make any logical sense, and would cause spamassassin to fail
miserably.
I should rather have said trust is only localhost.
If
John Hardin wrote:
I'm only suggesting bypassing SA for mail that originates on the local
network and is destined to the local network.
No. I don't trust every user who can authenticate to this host to run
active anti-virus on their hosts. I scan all mail, everywhere.
And again, this
Bob Proulx wrote:
Who to forge? The answer is Everyone! Any address that can be
obtained from a spam-virus infected PC and any address that can be
harvested from a web page. Forge them all. They are (mostly) valid
email addresses and will pass sender verification. Send To: and From:
all of
Justin Mason wrote:
hmm, I'm not sure. It depends on your trusted_networks setting.
try running spamassassin -D and see what it logs...
I'm sorry -- feeling dense, how is this supposed to help? From the
headers quoted below you know what spamassassin is seeing. There's
nothing in
sender. A few of my messages came from my other
accounts, many others (in the same spam run) came from people I
didn't know with the same lhs.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Apr 21, 2008, at 10:46 PM, Bob Proulx wrote:
Jo Rhett wrote:
Bob Proulx wrote:
Who to forge? The answer is Everyone! Any address that can be
You're going out of your way to miss the point. That's hard work
It is you who are missing the point. When spammers generate mail
from
.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
messages are equally magic
to SA, and it will never distinguish mail you sent as compared to
mail an outsider forged as you.
Yes, it knows the localhost received header is valid. Basics of SA
setup 101. Now can we return to the topic?
--
Jo Rhett
Net Consonance : consonant endings by net
over self-self
messages. It seems too easy to forge, and no gain in doing so.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 3, 2008, at 7:59 PM, Matt Kettler wrote:
Have you tried running one of the forged messages, and an actual
legitimate message through SA manually with the -D flag to see
what the trusted and untrusted hosts are, as SA sees it?
Yes. Many times. That's not the point of this thread.
I
Let's focus this on specific technical details:
1. How does AWL deal with forgery (other than by saving a /16 of the
source IP)
2. How can I easily see the AWL database for a given destination
address?
mouss, please do a little research before you go online attacking
people. Your statements about what work and don't have no backup, and
go against all existing evidence today, and yet you're blasting them
for lack of serious study. Try to do some yourself.
On May 19, 2008, at 11:46 AM,
On May 19, 2008, at 2:05 PM, Benny Pedersen wrote:
On Mon, May 19, 2008 20:18, Ralf Hildebrandt wrote:
To be fair (I'm testing it right now): It's easy to get running.
Right now the Tarpit and slowdown features cannot be had in Postfix,
so I'm giving it a spin.
give longer greylist times will
On May 19, 2008, at 11:43 PM, Koopmann, Jan-Peter wrote:
So yes: If their main benefit is tarpitting etc. then I agree it
probably is not worth the money or discussion.
Why is everyone willing to skip doing 5 minutes of research?
Mailchannels idea may not work for you. But it's worth doing
.
FYI: again, not affiliated and we're not using it either. But the
product is very well designed and it's a lot more clever/useful than
anything you're comparing it to.
I compare it to BarricadeMX and as I said, I think it is not so
clever.
Personal opinion.
Regards,
JP
--
Jo Rhett
Net
to do when an
unknown mail server contacts you is different in the approach.
greylist effectiveness is down to less than 10% effective at this
point, because the botnets know to retry now.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 20, 2008, at 10:51 AM, mouss wrote:
Jo Rhett wrote:
mouss, please do a little research
I did. I may get things wrong, and would be pleased to get
corrected. so please share your knowledge.
All I'm saying is that you're comparing what they are doing to things
which are not similar
?
tools/check_whitelist
Where can I find this? It's not in the Mail-SpamAssassin tarfile...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Jo Rhett wrote:
Matt, how can I possibly get you to move past this unfounded
assumption that my trust path is broken and focus on the real
problem? The trust path is not broken, it's just fine.
On May 20, 2008, at 5:47 PM, Matt Kettler wrote:
Ok, then the AWL code is *SEVERELY* bugged
breaking our internal auth schemes, but I will be doing so.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 7, 2008, at 9:17 AM, mouss wrote:
what if he comes back later to the same MX, again and again (AFAIK,
this is the case with qmail)? mail will be lost.
snarky comment
Good. Time for qmail to die ;-)
/snarky comment
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy
not true with even some basic
reading. This clearly indicates a lack of research.
I accept your accusation about my research IF you can please point me
to a document on FSL's website which addresses slowing down TCP
sessions. I can't find it.
--
Jo Rhett
Net Consonance : consonant endings
statements about products you haven't researched.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
see them so that someone else reading the thread will know that
this isn't the overall impression of the list
you'd better take time learning what research is.
now we're down to insults. *plonk*
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other
read what's right
in front of them, not even asking that they search around. Your
insults are irrelevant to the topic here, and I won't put up with it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
the
responses. Bots already deal with slow replies, it's non-effective.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 21, 2008, at 1:44 PM, mouss wrote:
Good. Time for qmail to die ;-)
start by updating the RFCs.
The RFCs are, and have always been clear on how MX records are
supposed to be used.
Are you just a nonsense machine? The SA list's personal eliza run
through the borker?
--
Jo
On May 22, 2008, at 7:29 AM, Jonas Eckerman wrote:
Jo Rhett wrote:
I'm not -- my Treo delivers mail directly to my mail server. From
DHCP-assigned addresses all over the world. I enjoy travel ;-)
Then I guess you use authenticated SMTP for that.
The easiest way to handle this probably
is a hack much
like disabling a firewall and I won't do it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
, which includes the user's saved SMTP AUTH passwords.
Like I said, SA has saved our butt each time it happened. I wouldn't
say that without it having happened multiple times...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 21, 2008, at 1:08 PM, mouss wrote:
I read every document on their website, and saw zero mentions of
this feature.
if you can't find the docs that others have read, and still accuse
them of lack of research, there is a word for this: ridiculous.
Jo Rhett wrote:
There's nothing
make it an
option. I for one would turn it off since it would not improve
things here.
You are the first person to say so. Can you explain why?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
to be addressed to the same user as it's addressed from.
You've presented good logic for acceping mail from self to self. But
you haven't explained by using the AWL for mail from self to self is
better than not having it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open
that this was a lark.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Obviously, putting 10/8 into the published SPF record makes no sense
at all, nor does adding 10/8 to the trusted_networks.
So... how can I say I trust Host B so much that I don't want to go
any farther for SPF checks?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy
internal hosts cannot connect to the mail server directly. Any
10.x address that does connect to the mailserver is guaranteed to be a
spammer.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
are you defining external in this context? What prevents
me from trusting an external hosts?
I don't actually have any internal hosts -- no NAT, no firewall,
it's all outside. There's hosts I trust, but none that aren't external.
--
Jo Rhett
Net Consonance : consonant endings by net
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated
on
an internal rfc1918 network and routed through a trusted host.
On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote:
netconsonance.com. IN TXT v=spf1 ip4:64.13.134.178 ip4
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It's
to the e-mail. If you read the
description of trusted hosts, that's clearly what the rule is meant to
do.
trusted_hosts should mean no, we really truly trust this host and
want everything it gives us
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
of hackery (although appreciate the
help) is kindof nonsense :-(
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
number of 10.x packets make their way to
our hosts.
belt-and-suspenders: Even if it's unlikely for a 10.x packet to reach
the host, why should I trust it?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
? Minimal requirement, minimal risk...
How exactly are these things not the way they should be?
If you mean something else, please explain.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
would think I'm doing it wrong?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
internal_networks to be less than trusted
hosts... that would likely fix it. But before I go configure it all
wrong tell me why this would be bad.
(no MX relays in our environment at all)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
the nature of the problem.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
anything that appears to be from the private network
that actually directly reaches my mail server. The mail server has no
ability to actually route a packet to that private network, so this is
clearly a forgery.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
On Jun 20, 2008, at 1:13 PM, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
irrelevant in scope)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
an IP
address which should never reach it?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
the
nature of the question.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
a forged IP
and I don't trust it.
why to accept connecctions from anything but host B ?
Because it's a public mail server which gets legitimate mail
connections from all over the world.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
. Is there a reason
not to do this?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
;-) This is why I want to avoid explicitly telling SA to
trust something it shouldn't if I can.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted networks. This will
probably solve my SPF problem
Because it's a public mail server which gets legitimate mail
connections from all over the world.
I mean, why to accept connections from anything other?
I don't understand your question. My only answer you quoted above.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy
the header address instead of
the envelope address.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
of backscatter, Benny.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
sends
backscatter because he doesn't like the behavior, even though he could
easily configure his mailer so that when people hit reply it does what
he wants it to.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
several times now? I don't
understand why this thread continues.
Jo Rhett wrote:
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass
posted to it. Even non-
members can
read it all in archives.
He is acted as is common and expected. Others who, like you, don't
want private copies set Reply-To.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
installed
instead if no freebsd ported versions are available. :(
So go make one :-) It's easy enough.
--
Jo Rhett
Network/Software Engineer
Net Consonance
, but they are compliant with the judgement
for all US users, which is all the US court has authority for.
--
Jo Rhett
Network/Software Engineer
Net Consonance
threaded in with the previous topic. On most days, I ignore
any such messages. The vast majority of other smart people do the same.
To start a new thread, use Compose Mail To or whatever your client
has...
--
Jo Rhett
Network/Software Engineer
Net Consonance
missed a smiley somewhere
that showed that you knew better.
--
Jo Rhett
Network/Software Engineer
Net Consonance
non-techy people. Only
recently was .us normalized so that it could be used by .us companies.
--
Jo Rhett
Network/Software Engineer
Net Consonance
and DKIM policies to tell other sites how to
interpret your mail. Right now, implementing both is good for 70% of
the backscatter.
--
Jo Rhett
Network/Software Engineer
Net Consonance
to that, or I might submit a patch eventually :-)
--
Jo Rhett
Network/Software Engineer
Net Consonance
not make it to the recipient !
I'm not a postfix user, so clue me in. Doesn't this prevent local
bounce messages from being delivered?
I also believe that the original post was about backscatter, not forged
postmaster mail.
--
Jo Rhett
Network/Software Engineer
Net Consonance
, or are all the dumb answers coming up today?
Or, perhaps, run spamassassin and don't worry about changing your e-mail
constantly? Duh?
--
Jo Rhett
Network/Software Engineer
Net Consonance
work unless you are behind a NAT. So a person who believes that without
testing won't realize that they're looking at the problem.
The autodetection is totally broken actually, and needs to be fixed.
I've added a comment to the Wiki to let people know about this.
--
Jo Rhett
Network/Software
I would trust the headers from a host, but wouldn't trust it for
bounces...
Also, I think (I don't have time to read the ruleset in detail right
now) that it seems a bit harsh. The goal would be to identify only
backscatter right? It seems likely to hit almost every bounce, yes?
--
Jo Rhett
a postmaster)
And John, there are metrics used to test this. Implement the testing
environment for yourself, and come up with real metrics before saying
this kind of absolute-statement-no-caveat nonsense.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Justin Mason wrote:
Jo Rhett writes:
Justin Mason wrote:
do you mean the one I posted about earlier, or the original?
Sorry, I haven't looked at it in a while and wouldn't remember.
Looking at yours - why don't use use the global parameters that specify
trusted header hosts instead
On Monday 16 October 2006 10:11, Jo Rhett wrote:
I got two HAM messages
with this set (but only this and not enough to filter on) and nearly
every spam either had this or was picked up by SPF or DKIM rules (was a
forged mail from a domain which had a postmaster)
John Andersen wrote:
Thanks
John D. Hardin wrote:
On Mon, 16 Oct 2006, Jo Rhett wrote:
I am convinced that spam (in all its forms) will continue to be a
problem until spammers start dying for what they are doing. That will
change the risk/benefit analysis rather strongly towards the negative.
So join WhackASpammer. You
of providing backscatter protection only
for the domains who are protecting others against their forgeries.
--
Jo Rhett
Network/Software Engineer
Net Consonance
who is trying to sell their mail services.
--
Jo Rhett
Network/Software Engineer
Net Consonance
1 - 100 of 277 matches
Mail list logo