Re: Nearly-spam mail causes unsubscription threat

[tomas]

On Wed, Aug 14, 2024 at 06:56:07PM +0100, piorunz wrote:
> Hi Thomas,
> 
> Same here, I am on GMX mailbox too, received a warning recently that I
> will be unsubscribed forcibly because my e-mail provider GMX rejected
> spam Debian list is sending towards me. LOL. Maybe Debian e-mail server
> could improve filtering so I don't receive any spam in the first place?
> It's so easy to spot this spam, IDK why server is not trained to
> recognize typical spam words in these e-mails.

Spam is... difficult [1]. And you can't expect the Debian mailing list
server to agree with each and every one and their dog's mail provider's
servers on what is spam. There will always bee disagreements.

Moreover: mail providers are growing more and more hysterical about
rejecting mails.

I think it's OK to discuss possible improvements with the listmasters,
but one would have to start with realistic premises. And "the list servers
should have the same spam criteria as GMX" is not realistic.

Cheers

[1] especially its last 0.5%. More so when you define "spam" to include
   the recipient's parameters (which you have to start doing to catch
   the last 5%). More so when you let the definition to move over time
   (which you also have to do for those last 5%)

-- 
t


signature.asc
Description: PGP signature

Re: Nearly-spam mail causes unsubscription threat

[piorunz]

Hi Thomas,

Same here, I am on GMX mailbox too, received a warning recently that I
will be unsubscribed forcibly because my e-mail provider GMX rejected
spam Debian list is sending towards me. LOL. Maybe Debian e-mail server
could improve filtering so I don't receive any spam in the first place?
It's so easy to spot this spam, IDK why server is not trained to
recognize typical spam words in these e-mails.

On 11/08/2024 12:51, Thomas Schmitt wrote:

Hi,

i just received a message from the list server that my mail provider
GMX has rejected a spam message which the Debian list allowed to pass
by a tiny not-spam margin.
 From this quite unsuspicious situation the automat of Debian Listmaster
Team derived the threat to unsubscribe me.

I see the potential for a bounce troll, like we had a few years ago.
(Whenever one of us posted to the list, the troll faked a bounce from
our mail providers.)

Do other experience the same ?

(I would propose that list server shall please refrain from
unsubscription threads if the mail in question gets a near-spam score in
the Debian list system.)


-
Details:

The list server quotes a reply from the GMX mail servers.

   https://lists.debian.org/bounces/FVOZui8Ui2aBD+8obfofFQ
shows
   "For explanation visit

https://postmaster.gmx.net/de/case?c=r0701&i=ip&v=82.195.75.100&r=1MYcpl-1siPQU12EF-00K6HO";
   ...
   X-Spam-Status: No, score=3.9 required=4.0 ...,DATE_IN_FUTURE_06_12,...
   ...
   Received: from mail-wr1-x443.google.com ...
  by bendel.debian.org (Postfix) with ESMTPS id 2121E2049B
  for ;
  Sun, 11 Aug 2024 10:21:41 + (UTC)
   Received: by mail-wr1-x443.google.com ...
  for ; Sun, 11 Aug 2024 03:21:41 -0700 (PDT)
   ...
   Date: Sun, 11 Aug 2024 11:21:27 -0700

The web says that DATE_IN_FUTURE_06_12 from Spamassassin means that
the mail's Date is 6 to 12 hours in the future relative to the time it
was received.

My provider takes more offense:

   
https://postmaster.gmx.net/de/case?c=r0701&i=ip&v=82.195.75.100&r=1MYcpl-1siPQU12EF-00K6HO
   "Die Zeitangabe im Date-Header weicht zu stark von der tatsächlichen
Zeit ab."
   = "The time stamp of the Date header deviates too much from the
  actual time."


Have a nice day :)

Thomas



--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: Nearly-spam mail causes unsubscription threat

[Alex King]

I offer a reflection on keeping the list on track.

On 12/08/24 03:58, Hanno 'Rince' Wagner wrote:

Hi Thomas,

On Sun, 11 Aug 2024, Thomas Schmitt wrote:


 From this quite unsuspicious situation the automat of Debian Listmaster
Team derived the threat to unsubscribe me.

There is no threat. the mail is an information that - if there are
more bounces (and there is a number and a total number in x days _and_
a number in percent) that if the threshold is surpassed you will be
unsubscribed.

There is no threat. Only an information.


As a point of information, there was a threat.  The definition of threat 
from https://dictionary.cambridge.org/dictionary/english/threat includes 
"a suggestion that something unpleasant or violent will happen."  If 
Thomas finds being automatically unsubscribed from the list as 
unpleasant, then a threat was made.  Another definition of threat from 
the same page: "the possibility that something unwanted will happen." 
Again, if Thomas doesn't want to be unsubscribed, then a threat has been 
made.


A threat (and a promise) are suggestions or notifications or information 
that a future action will be performed.  A notification of a future 
action is a threat if it is perceived as negative, and it is a promise 
if it is perceived as positive.


Concepts (such as threat or promise) which rely on human subjectivity 
(e.g. Thomas finds this email threatening, Hanno does not) are most 
usefully evaluated in the frame of a particular person.  We sow the 
seeds for flame wars when we discuss subjective concepts as if they are 
facts.  When we assume or imply a universal "normal" frame of reference, 
not acknowledging that each person has a unique way of viewing things.


To keep the signal-to-noise ratio on the list high, we could all benefit 
from using a "robust code" principle: accept a wide variety of (e.g. 
subjective) input (without taking offense, or objecting to another 
person's subjective assessment) and output clear (fact/observation 
based, not subjective) outputs.


So Thomas could have phrased the initial contribution in non subjective 
terms:


Triggered by this bounce situation the Debian List System told me it would 
unsubscribe me in future on certain conditions.

Or Thomas could acknowledge his frame of reference:

From this (to me) quite unsuspicious situation the automat of Debian Listmaster
Team notified to unsubscribe me, which I perceive as a threat.

Regardless of how Thomas has phrased it (subjective or observational,) 
Hanno can start the email acknowledging Thomas's point of view:


I understand you perceive a threat, since you are being notified of possible 
unsubscription which you'd prefer didn't happen.  The mail is an information 
that - ...


As Andy did (acknowledge Thomas's view):

What you have interpreted as "a threat" was

although Andy then goes on to say Thomas was incorrect,  and tries to 
differentiate


between "a threat" and "a procedural warning"

when in fact the warning is well described as both a threat and a 
procedural warning.  Thomas's subjective point of view is of course not 
wrong, it is simply a point of view and as valid as anyone else's.


Andy also offers:

It is an overreaction because this case is not like the other case...

Instead, Andy could acknowledge the subjective concept of overreaction:

I see that as an overreaction because this case is not like the other case...

Or leave out the subjective and (in my opinion) unnecessary overreaction 
concept without any (in my view) loss of meaning:


This case is not like the other case...

It all depends whether we're trying to discuss a technical subject (how 
the list handles bounces) and discuss requests for what might make 
things better for us (e.g. not count emails that score just below the 
spam threshold in the unsubscription algorithm), or whether we're 
(perhaps unconsciously) trying to play a game of who's right and wrong


Cheers,
Alex

Re: Nearly-spam mail causes unsubscription threat

[Thomas Schmitt]

Hi,

Karen Lewellen wrote:
> As a side note..I got the message, assuming you mean the one indicating it
> was from new service with  account statement or some such.

Yes. The message which was bounced by GMX is in the list archive as

  https://lists.debian.org/debian-user/2024/08/msg00366.html

Obvious spam.


> Naturally, I did not so much as open the item.

If i would trust in my web browser to protect me then i would look at
what lurks behind the link "TERMS OF SERVICE" at docs.google.com.
But i am not _that_ curious.


Have a nice day :)

Thomas

Re: Nearly-spam mail causes unsubscription threat

[Karen Lewellen]

As a side note..I got the message, assuming you mean the one indicating it 
was from new service with  account statement or some such.

Naturally, I did not so much as open the item.
seems like a broad list attempt, assuming this is the post you are 
referencing of course.

Kare



On Sun, 11 Aug 2024, Andy Smith wrote:


Hello,

On Sun, Aug 11, 2024 at 08:25:09PM +0200, Thomas Schmitt wrote:

How do you then explain that it lasted 2 days until i got affected
exactly after i challenged the (potential) troll by stating:
  "although i seem not to be worth to be targeted by our bounce assassin,"

Between the first report by Greg Wooledge and this challenge i had posted
half a dozen mails. No problems were to see. Many others posted and did
not report unsubscriptions.

So why did this bug not affect everybody ?


I think it was either random sampling or threshold based on how many
bounce replicas were seen.

Note that anyone anywhere can send mails to this list pretending to
be from anyone, so if it were malicious then there is actually no
reason why it would have stopped. I think the broken subscriber was
simply removed from the list based on complaints to listmaster.


My theory is that it was exploited in a targeted way.


I can see I can't convince you that it wasn't a malicious attack on
you and a small group of others.

Nevertheless it's a fact that your most recent interaction with the
mailing list software was by a different route than the 2021
incident and caused by a different mechanism, namely GMX rejecting a
connection from the list software, and not anything to worry about.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Nearly-spam mail causes unsubscription threat

[eben]

On 8/11/24 17:11, Thomas Schmitt wrote:


Normally GMX puts spam into a separate box where i can unjail it if
i deem it not guilty. (Happens often enough.)



* they do actually filter some extreme stuff out that I believe is
   required by law or somesuch. I never see it, so I don't know exactly
   what it is.


The mail in question was not put into any mail box. I only became
aware when i was informed by the Debian list automat that bad things
would happen if ...


Yes, and not only can you not disable their anti-spam measures, you have to
log into webmail each time to undo it.  On the odd occasion where they catch
something I'd rather not see, I leave it there.  Frankly, I'd rather it be
local rather than a web browser + login away.  I mean, I didn't install
spamassassin for practice using apt.


Well, the advantage of GMX is that it is big and well integrated in the
mail server community.
The disadvantage is that it is big and thus the preferences of a single
user don't matter.


What you said.

--
  A little rudeness and disrespect
can elevate a meaningless interaction into a battle of wills
  and add drama to an otherwise dull day.
-- Calvin discovers Usenet

Re: Nearly-spam mail causes unsubscription threat

[Thomas Schmitt]

Hi,

debian-u...@howorth.org.uk wrote:
> You don't need to run a mailserver to do something similar. I simply
> told my ISP (Zen) not to filter spam out of my mail.

Normally GMX puts spam into a separate box where i can unjail it if
i deem it not guilty. (Happens often enough.)


> * they do actually filter some extreme stuff out that I believe is
>   required by law or somesuch. I never see it, so I don't know exactly
>   what it is.

The mail in question was not put into any mail box. I only became
aware when i was informed by the Debian list automat that bad things
would happen if ...


> I suppose you do have to have a 'sensible' ISP.

Well, the advantage of GMX is that it is big and well integrated in the
mail server community.
The disadvantage is that it is big and thus the preferences of a single
user don't matter.


Have a nice day :)

Thomas

Re: Nearly-spam mail causes unsubscription threat

[Andy Smith]

Hello,

On Sun, Aug 11, 2024 at 08:25:09PM +0200, Thomas Schmitt wrote:
> How do you then explain that it lasted 2 days until i got affected
> exactly after i challenged the (potential) troll by stating:
>   "although i seem not to be worth to be targeted by our bounce assassin,"
> 
> Between the first report by Greg Wooledge and this challenge i had posted
> half a dozen mails. No problems were to see. Many others posted and did
> not report unsubscriptions.
> 
> So why did this bug not affect everybody ?

I think it was either random sampling or threshold based on how many
bounce replicas were seen.

Note that anyone anywhere can send mails to this list pretending to
be from anyone, so if it were malicious then there is actually no
reason why it would have stopped. I think the broken subscriber was
simply removed from the list based on complaints to listmaster.

> My theory is that it was exploited in a targeted way.

I can see I can't convince you that it wasn't a malicious attack on
you and a small group of others.

Nevertheless it's a fact that your most recent interaction with the
mailing list software was by a different route than the 2021
incident and caused by a different mechanism, namely GMX rejecting a
connection from the list software, and not anything to worry about.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Nearly-spam mail causes unsubscription threat

[debian-user]

Andy Smith  wrote:

> Personally what I do is silently discard spammy emails from known
> list servers instead of rejecting them at SMTP time (which is
> otherwise and usually desirable). Doing that does require running
> your own mail server though, which almost no one does.

You don't need to run a mailserver to do something similar. I simply
told my ISP (Zen) not to filter spam out of my mail. They send it
unfiltered* to me and my MUA filters it out using bogofilter. Works
very well for me; I suppose you do have to have a 'sensible' ISP.

* they do actually filter some extreme stuff out that I believe is
  required by law or somesuch. I never see it, so I don't know exactly
  what it is.

Re: Nearly-spam mail causes unsubscription threat

[Thomas Schmitt]

Hi,

i wrote:
> > debian-user is the only mailing list where i ever
> > witnessed that a troll exploited the unscubscription habits to
> > throw out multiple users.

Andy Smith wrote:
> I was here when those events occurred and that is not what happened.
> [...]
> It was just a bug in Debian's list software combined with a
> badly-behaving subscriber system. Some subscriber was bouncing mails
> back to the actual list address.

How do you then explain that it lasted 2 days until i got affected
exactly after i challenged the (potential) troll by stating:
  "although i seem not to be worth to be targeted by our bounce assassin,"

Between the first report by Greg Wooledge and this challenge i had posted
half a dozen mails. No problems were to see. Many others posted and did
not report unsubscriptions.

So why did this bug not affect everybody ?
My theory is that it was exploited in a targeted way.


Have a nice day :)

Thomas

Re: Nearly-spam mail causes unsubscription threat

[Andy Smith]

On Sun, Aug 11, 2024 at 06:49:26PM +0200, Thomas Schmitt wrote:
> Andy Smith wrote:
> > What you have interpreted as "a threat" was simply a procedural
> > warning that if your address continues to be undeliverable then you
> > will be automatically unsubscribed.
> 
> It is a threat

You are assigning human motivations to an automated process.

> because debian-user is the only mailing list where i ever
> witnessed that a troll exploited the unscubscription habits to
> throw out multiple users.

I was here when those events occurred and that is not what happened.

It was just a bug in Debian's list software combined with a
badly-behaving subscriber system. Some subscriber was bouncing mails
back to the actual list address. The Debian list software was
(correctly) detecting them as bounce messages and (correctly)
avoiding to send these on to the list, but it was incorrectly
parsing out the subscriber it thought they were coming from. The
result was that it was accumulating bounce score for whoever sent
the mail that was being bounced, not the system bouncing the email.
I explained this in the thread you linked to:

https://lists.debian.org/debian-user/2021/10/msg00524.html

This was not some "troll campaign" to get people unsubscribed. There
was no malicious action intended, it was just interaction of broken
software. I don't know if it was fixed on the Debian side by
tightening up the bounce handling or just locating the broken
subscriber.

I want to also stress that those events of 2021 also bear very
little relation to what you have just experienced, as the former
case was about the mishandling of actual bounce emails sent by a
third party whereas this one now is the correct handling of a
directly rejected SMTP conversation by your mail provider.

> So i want to prepare for possible real problems by first asking how many
> mail providers differ slightly from the list servers assessment and
> reaction.

It is an overreaction because this case is not like the other case;
as soon as the next mail is delivered to you correctly the bounce
score resets, so it is quite hard to get unsubscribed for rejecting
spam.

> > we can assume it will be rare that GMX and Debian will disagree over
> > spam score
> 
> I refrain from developing a proof-of-concept how to exploit the current
> behavior. But i am quite sure it is possible to do so.

When you are starting from a misunderstanding of how it actually
works it seems unlikely but if I had to hazard a guess I'd say
probably not much has been fixed for the case from 2021 and it might
be possible to cause some small; degree of havoc by bouncing mails
directly back to debian-user@lists.debian.org as that misbehaving
system did in 2021.

This event you have experienced now though is run of the mill
ordinary and I don't think has much scope for maliciousness as you
have to be a party to the SMTP conversation to do it, i.e. you can
only really do it to yourself by rejecting the SMTP conversation.

To do it to others you'd have to craft an email that is sufficiently
spammy that it *causes* subscribers to reject it but not spammy
enough that Debian rejects it. You won't be able to guess which
subscribers will reject it. And their scores will be reset the
moment there is another successful mail.

So in grand scheme of things it doesn't seem like a very efficient
form of attack.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Nearly-spam mail causes unsubscription threat

[Thomas Schmitt]

Hi,

Andy Smith wrote:
> What you have interpreted as "a threat" was simply a procedural
> warning that if your address continues to be undeliverable then you
> will be automatically unsubscribed.

It is a threat, because debian-user is the only mailing list where i
ever witnessed that a troll exploited the unscubscription habits to
throw out multiple users.
See the threads under
  https://lists.debian.org/debian-user/2021/10/msg00248.html
  https://lists.debian.org/debian-user/2021/10/msg00335.html
  https://lists.debian.org/debian-user/2021/10/msg00337.html

I myself had to challenge the offender to get thrown out too.
  https://lists.debian.org/debian-user/2021/10/msg00434.html
So it was a human or a very smart AI.

It lasted a few days until a remedy was developed. I had to re-subscribe
after each message i posted.

So i want to prepare for possible real problems by first asking how many
mail providers differ slightly from the list servers assessment and
reaction.
As next step i would ask the list masters to consider ignoring bounces
if the mail has a nearly-spam score on the Debian list. In such a case
it is likely that other servers see a barely-spam score and let bounce.

(The usual attempts of spam catching are futile at best and really
annoying when not only obvious spam comes through, but also legit mails
are rejected or even unsubscriptions are enforced.
It is easier for me to cope with all unfiltered spam than with
half-working attempts to protect me from falling victim to social
engineering.)


> we can assume it will be rare that GMX and Debian will disagree over
> spam score

I refrain from developing a proof-of-concept how to exploit the current
behavior. But i am quite sure it is possible to do so.


> Personally what I do is silently discard spammy emails from known
> list servers instead of rejecting them at SMTP time (which is
> otherwise and usually desirable). Doing that does require running
> your own mail server though, which almost no one does.

This is hardly feasible for me in these days.
DKIM, SPF, DMARC, ... not a problem for the spammers, but hard for the
innocent, old, and clueless.


Have a nice day :)

Thomas

Re: Nearly-spam mail causes unsubscription threat

[Andy Smith]

Hi,

On Sun, Aug 11, 2024 at 01:51:50PM +0200, Thomas Schmitt wrote:
> i just received a message from the list server that my mail provider
> GMX has rejected a spam message which the Debian list allowed to pass
> by a tiny not-spam margin.
> From this quite unsuspicious situation the automat of Debian Listmaster
> Team derived the threat to unsubscribe me.

What you have interpreted as "a threat" was simply a procedural
warning that if your address continues to be undeliverable then you
will be automatically unsubscribed. Almost every single mailing list
in the world works this way, but some do not warn you that your
mail is bouncing.

The difference between "a threat" and "a procedural warning" is
semantic and subtle, but what you have experienced is commonplace
and not a cause for concern - we can assume it will be rare that GMX
and Debian will disagree over spam score and as soon as you receive
a successful delivery, the list software will reset its bounce
counter for you. Which will already have happened.

> (I would propose that list server shall please refrain from
> unsubscription threads if the mail in question gets a near-spam score in
> the Debian list system.)

I suppose it would be possible and you could submit a wishlist bug
to that effect, but to be honest I do not think it would receive
much attention. However I could easily be wrong, perhaps it would
grab the attention of a listmaster, so you'd have to submit it to
find out.

Personally what I do is silently discard spammy emails from known
list servers instead of rejecting them at SMTP time (which is
otherwise and usually desirable). Doing that does require running
your own mail server though, which almost no one does.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Nearly-spam mail causes unsubscription threat

[Eike Lantzsch ZP5CGE / KY4PZ]

On Sunday, 11 August 2024 07:51:50 -04 Thomas Schmitt wrote:
> Hi,
> 
> i just received a message from the list server that my mail provider
> GMX has rejected a spam message which the Debian list allowed to pass
> by a tiny not-spam margin.
> From this quite unsuspicious situation the automat of Debian
> Listmaster Team derived the threat to unsubscribe me.
> 
> I see the potential for a bounce troll, like we had a few years ago.
> (Whenever one of us posted to the list, the troll faked a bounce from
> our mail providers.)
> 
> Do other experience the same ?
> 
Yep, Thomas, same here, but it was just one bounce.

vy 73 de Eike

> (I would propose that list server shall please refrain from
> unsubscription threads if the mail in question gets a near-spam score
> in the Debian list system.)
> 
> 
> -
> Details:
> 
> The list server quotes a reply from the GMX mail servers.
> 
>   https://lists.debian.org/bounces/FVOZui8Ui2aBD+8obfofFQ
> shows
>   "For explanation visit
>   
> https://postmaster.gmx.net/de/case?c=r0701&i=ip&v=82.195.75.100&r=1MY
> cpl-1siPQU12EF-00K6HO" ...
>   X-Spam-Status: No, score=3.9 required=4.0
> ...,DATE_IN_FUTURE_06_12,... ...
>   Received: from mail-wr1-x443.google.com ...
>  by bendel.debian.org (Postfix) with ESMTPS id 2121E2049B
>  for ;
>  Sun, 11 Aug 2024 10:21:41 + (UTC)
>   Received: by mail-wr1-x443.google.com ...
>  for ; Sun, 11 Aug 2024 03:21:41
> -0700 (PDT) ...
>   Date: Sun, 11 Aug 2024 11:21:27 -0700
> 
> The web says that DATE_IN_FUTURE_06_12 from Spamassassin means that
> the mail's Date is 6 to 12 hours in the future relative to the time it
> was received.
> 
> My provider takes more offense:
> 
>  
> https://postmaster.gmx.net/de/case?c=r0701&i=ip&v=82.195.75.100&r=1MY
> cpl-1siPQU12EF-00K6HO "Die Zeitangabe im Date-Header weicht zu stark
> von der tatsächlichen Zeit ab."
>   = "The time stamp of the Date header deviates too much from the
>  actual time."
> 
> 
> Have a nice day :)
> 
> Thomas

-- 
Eike Lantzsch KY4PZ / ZP5CGE

Nearly-spam mail causes unsubscription threat

[Thomas Schmitt]

Hi,

i just received a message from the list server that my mail provider
GMX has rejected a spam message which the Debian list allowed to pass
by a tiny not-spam margin.
From this quite unsuspicious situation the automat of Debian Listmaster
Team derived the threat to unsubscribe me.

I see the potential for a bounce troll, like we had a few years ago.
(Whenever one of us posted to the list, the troll faked a bounce from
our mail providers.)

Do other experience the same ?

(I would propose that list server shall please refrain from
unsubscription threads if the mail in question gets a near-spam score in
the Debian list system.)


-
Details:

The list server quotes a reply from the GMX mail servers.

  https://lists.debian.org/bounces/FVOZui8Ui2aBD+8obfofFQ
shows
  "For explanation visit
   
https://postmaster.gmx.net/de/case?c=r0701&i=ip&v=82.195.75.100&r=1MYcpl-1siPQU12EF-00K6HO";
  ...
  X-Spam-Status: No, score=3.9 required=4.0 ...,DATE_IN_FUTURE_06_12,...
  ...
  Received: from mail-wr1-x443.google.com ...
 by bendel.debian.org (Postfix) with ESMTPS id 2121E2049B
 for ;
 Sun, 11 Aug 2024 10:21:41 + (UTC)
  Received: by mail-wr1-x443.google.com ...
 for ; Sun, 11 Aug 2024 03:21:41 -0700 (PDT)
  ...
  Date: Sun, 11 Aug 2024 11:21:27 -0700

The web says that DATE_IN_FUTURE_06_12 from Spamassassin means that
the mail's Date is 6 to 12 hours in the future relative to the time it
was received.

My provider takes more offense:

  
https://postmaster.gmx.net/de/case?c=r0701&i=ip&v=82.195.75.100&r=1MYcpl-1siPQU12EF-00K6HO
  "Die Zeitangabe im Date-Header weicht zu stark von der tatsächlichen
   Zeit ab."
  = "The time stamp of the Date header deviates too much from the
 actual time."


Have a nice day :)

Thomas

Re: OT - list mail claimed to be "known" spam!

[Felix Miata]

CHRIS M composed on 2024-06-23 21:36 (UTC-0500):

> Felix Miata wrote:

>> Stefan's isn't the only, but few others from any source become repeats, one
>> of which is every notification of new post added to subscribed thread on
>> forums.opensuse.org.

>> Trying to get EL to stop putting subscribed email into "known spam" is
>> futile. The mechanism EL provides to avoid such diversions doesn't work
>> with debian mailing list posts.

>> :~(

> Sounds like its time to turn off Earthlink's Spam filtering

I would LOVE to, but cannot find a way to do so. The only option offered is to
make it more intrusive. It used to not be a problem, before DMARC, before the
Earthlink/Yahoo war to see who could blackhole more non-spam from each other.

John Hasler composed on 2024-06-23 21:41 (UTC-0500):

> Quit using EL email.  Use Pobox.  Yes, it costs money.  It's worth it.

I've been with EL 18 years, SeaMonkey longer (originally as Mozilla Suite, 
before
Firefox existed). EL is not free, but it doesn't shove IMAP at me. I like my 
email
addresses. My people have known them long, understand the word, and don't ask 
how
to spell it.
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: OT - list mail claimed to be "known" spam!

[John Hasler]

Felix Miata wrote:
> Trying to get EL to stop putting subscribed email into "known spam" is
> futile. The mechanism EL provides to avoid such diversions doesn't work
> with debian mailing list posts.

Quit using EL email.  Use Pobox.  Yes, it costs money.  It's worth it.
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Re: OT - list mail claimed to be "known" spam! (was: mounting external hard drive...)

[CHRIS M]

On Sunday 23 June 2024 03:54:36 pm Felix Miata wrote:
>
> Stefan's isn't the only, but few others from any source become repeats, one
> of which is every notification of new post added to subscribed thread on
> forums.opensuse.org.
>
> Trying to get EL to stop putting subscribed email into "known spam" is
> futile. The mechanism EL provides to avoid such diversions doesn't work
> with debian mailing list posts.
>
> :~(

Sounds like its time to turn off Earthlink's Spam filtering and teach 
SeaMonkey Mail, what *IS* spam and what is *NOT* and is HAM / good mail. 

I've got the time / and somewhat patience to sit down at each mail check with 
TDE KMAIL and teach TDE KMAIL what is GOOD / HAM emails, and what is NOT and 
is SPAM. #YMMV.
-- 

THANKS IN ADVANCE!
 
CHRIS

ch...@cwm030.com

~* Lenovo ThinkCentre M710q*~~*
*~~1 TB SSD*~~
~*15.5 GiB of ram*~
~~* Q4OS Trinity Edition* ~~

~FYI, TDE is a continuation of KDE 3.x ~
~ Q4OS is based off of the latest Debian Version~

Re: OT - list mail claimed to be "known" spam!

[Stefan Monnier]

[ Sent directly to debian-user@lists.  ]

> FWIW, this reply goes to list because I expect high probability Stefan would 
> not
> see it otherwise. Most mailing list posts flow through to me unimpeded. Not so
> with Stefan's. AFAICT, every one of his is captured by Earthlink.net's "known
> spam" folder. The only ways I can see them are via the web archive, and by 
> opening
> webmail, so that I can extract them from "known spam".

My crystal ball suggests it's because I [read and] send them via Gmane,
and of course Gmane can't DKIM-sign my messages (and neither can my NNTP
client).


Stefan

Re: OT - list mail claimed to be "known" spam! (was: mounting external hard drive...)

[Felix Miata]

Stefan Monnier composed on 2024-06-23 12:35 (UTC-0400):
...
FWIW, this reply goes to list because I expect high probability Stefan would not
see it otherwise. Most mailing list posts flow through to me unimpeded. Not so
with Stefan's. AFAICT, every one of his is captured by Earthlink.net's "known
spam" folder. The only ways I can see them are via the web archive, and by 
opening
webmail, so that I can extract them from "known spam".

Stefan's isn't the only, but few others from any source become repeats, one of
which is every notification of new post added to subscribed thread on
forums.opensuse.org.

Trying to get EL to stop putting subscribed email into "known spam" is futile. 
The
mechanism EL provides to avoid such diversions doesn't work with debian mailing
list posts.

:~(
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: *****SPAM***** Re: Package libllvm12:i386 does not exists on Debian ?

[Hans]

Yes, this is, where the entry "i386" is put in. I remember, to execute the 
command "dpkg --add-architecture i386" a very long time ago.

Thus, aptitude now knows about it.

Zhanks for making things clearer.

Best

Hans 
> Indeed, multi-arch is a dpkg thing. The list of current architectures
> is kept in /var/lib/dpkg/arch [1]
> 
> Cheers

Re: *****SPAM***** Re: Package libllvm12:i386 does not exists on Debian ?

[Hans]

I am wondering, why aptitude is showing me (incorrectlly?) libllvm*:i386 and 
apt-get not. 

I have no i386 entry in sources.list, but where does aptitude get its 
information?




apt-cache search libllvm | grep i386





aptitude search libllvm | grep i386 
p  libllvm13:i386 - Modulare Techniken für Compiler und Toolchains, 
Laufzeitbibliothek 
p  libllvm14:i386 - Modulare Techniken für Compiler und Toolchains, 
Laufzeitbibliothek 
i A libllvm15:i386 - Modulare Techniken für Compiler und Toolchains, 
Laufzeitbibliothek 
p  libllvm16:i386 - Modular compiler and toolchain technologies, runtime 
library 
p  libllvmspirvlib-14-dev:i386 - bi-directional translator for LLVM/SPIRV -- 
development files 
p  libllvmspirvlib-15-dev:i386 - bi-directional translator for LLVM/SPIRV -- 
development files 
v  libllvmspirvlib-x.y-dev:i386 -  
p  libllvmspirvlib14:i386 - bi-directional translator for LLVM/SPIRV -- shared 
library 
p  libllvmspirvlib15:i386 - bi-directional translator for LLVM/SPIRV -- shared 
library



What did I miss?

Hans

Re: *****SPAM***** Re: Uninstalling a package and its entourage

[Hans]

Am Montag, 27. Mai 2024, 17:51:23 CEST schrieb to...@tuxteam.de:
> On Mon, May 27, 2024 at 04:59:55PM +0200, Nicolas George wrote:
> > Eben King (12024-05-27):
> > > Is there an easier way to uninstall a package and everything it brought
> > > in
> > > at one swell foop?  Thanks.
> > 
> > The packages you did not choose to install but were installed as a
> > consequence are shown by apt-get when you do almost anything:
> > 
> > The following packages were automatically installed and are no longer 
required:
> >   
> 
> ...and there is `apt-get autoremove' for that.
> 
> cheers

You can also try:

aptitude purge package_name 

and, maybe it is alrady deinstalle, you can purge any configurations:

aptitude purge ~c

Have fun!

Hans

Re: Marking as spam

[The Wanderer]

On 2024-04-18 at 11:53, Eduardo M KALINOWSKI wrote:

> On 18/04/2024 12:43, Hans wrote:
> 
>> But the "Sorry" mail I did send without the spam tag. However, I
>> get it WITH the spamtag, as all mails get the DCIM=false tag in the
>> header (created by the debian servers) and megamailservers.eu add
>> the SPAM tag.
> 
> Or you could use a less shitty mail service, because failed DKIM (I 
> assume that's what you mean by DCIM=false) does not mean that an
> email is a spam.

Good luck convincing a provider which has decided to do this of that.

> Conversely, I see a lot of spams that have a valid DKIM signature.
> 
> Moreover, I don't think the Debian list servers validate DKIM. It's 
> probably your host that is doing so.
> 
> And finally, your own mails fail DKIM, so for a mail server that
> seems to give so much importance to DKIM, they could at least set it
> up right.

My understanding, based I think in part on past conversations, was/is
that changes which are often made to messages automatically by
mailing-list software as part of forwarding them through to the list
members have the side effect of causing DKIM checks to fail (at least
with some DKIM-validating configurations, I'm not sure about all).

If that is correct, then not only would that likely be the reason for
Hans' mail provider seeing DKIM validation failing for all mails from
debian-user, it would also mean that mails from Hans would probably fail
DKIM validation for those who receive them through debian-user - without
meaning that his mail provider is necessarily doing DKIM wrong, at least
on the sending end.

A way to check that might be to have Hans send a mail to someone both
via the list and not, or (if that gets filtered out by some relevant
software as being a duplicate) send two mails, one via the list and the
other not. If the one via the list has the header flag for failed DKIM,
and the other doesn't, that would seem to narrow down the possibilities.

(I am not volunteering for this.)


On the other hand, if my understanding is *not* correct, then none of
that applies.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Marking as spam

[Eduardo M KALINOWSKI]

On 18/04/2024 12:43, Hans wrote:

But the "Sorry" mail I did send without the spam tag. However, I get it WITH
the spamtag, as all mails get the DCIM=false tag in the header (created by the
debian servers) and megamailservers.eu add the SPAM tag.


Or you could use a less shitty mail service, because failed DKIM (I 
assume that's what you mean by DCIM=false) does not mean that an email 
is a spam.


Conversely, I see a lot of spams that have a valid DKIM signature.

Moreover, I don't think the Debian list servers validate DKIM. It's 
probably your host that is doing so.


And finally, your own mails fail DKIM, so for a mail server that seems 
to give so much importance to DKIM, they could at least set it up right.


--
Nothing can be done in one trip.
-- Snider

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: *****SPAM***** Marking as spam

[Hans]

Am Donnerstag, 18. April 2024, 17:21:41 CEST schrieb rtnetz...@windstream.net:
To make clear: The first time I replied, I forgot to remove the spam tag.

But the "Sorry" mail I did send without the spam tag. However, I get it WITH 
the spamtag, as all mails get the DCIM=false tag in the header (created by the 
debian servers) and megamailservers.eu add the SPAM tag. 

Those, who receive their mails on another way, are not affected, but I am.

Thus, I get some mails from the debian list with SPAM tag and some 
without, depending how I received it. 

I can not fix this (as already described in another thread on this list here), 
so I had to create a whitelist rule in my spamrules.

However, yes, you can expect from me, that I remove the SPAM tag, when 
I reply of mails. 

If I reply, I am not sure, if the spam tag is recreated, whilst the DCIM=false 
tag might be kept in the reply mails (did not examine this).

Of course, I will watch to remove the spam tag when replying in the future.

Promised!

Best

Hans 

> As I understand what he wrote, the SPAM tag is added after the message
> leaves his control.
> 
> - Original Message -
> From: "Nicolas George" 
> To: "debian-user" 
> Sent: Thursday, April 18, 2024 11:13:44 AM
> Subject: Re: *SPAM* Marking as spam [was: *SPAM* Re:
> LibreOffice removed from Debian]
> Hans (12024-04-18):
> > As I can not fix it
> 
> You can manually remove “*SPAM*” from the mail when you reply.
> 
> You could even automate it on your end.

Re: *****SPAM***** Marking as spam [was: *****SPAM***** Re: LibreOffice removed from Debian]

[Nicolas George]

rtnetz...@windstream.net (12024-04-18):
> As I understand what he wrote, the SPAM tag is added after the message leaves 
> his control.

I very much doubt it, we would see “*****SPAM* Re:” rather than
“Re: *****SPAM*”.

And his recent “Sorry” mail was not tagged.

https://lists.debian.org/debian-user/2024/04/msg00294.html

Regards,

-- 
  Nicolas George

Re: *****SPAM***** Marking as spam [was: *****SPAM***** Re: LibreOffice removed from Debian]

[rtnetz...@windstream.net]

As I understand what he wrote, the SPAM tag is added after the message leaves 
his control.

- Original Message -
From: "Nicolas George" 
To: "debian-user" 
Sent: Thursday, April 18, 2024 11:13:44 AM
Subject: Re: *SPAM* Marking as spam [was: *SPAM* Re: 
LibreOffice removed from Debian]

Hans (12024-04-18):
> As I can not fix it

You can manually remove “*SPAM*” from the mail when you reply.

You could even automate it on your end.

-- 
  Nicolas George
-- 
Bob Netzlof a/k/a Sweet Old Bob

Re: *****SPAM***** Marking as spam [was: *****SPAM***** Re: LibreOffice removed from Debian]

[Nicolas George]

Hans (12024-04-18):
> As I can not fix it

You can manually remove “*****SPAM*” from the mail when you reply.

You could even automate it on your end.

-- 
  Nicolas George

Re: *****SPAM***** Marking as spam [was: *****SPAM***** Re: LibreOffice removed from Debian]

[Hans]

Am Donnerstag, 18. April 2024, 11:53:38 CEST schrieb to...@tuxteam.de:
Hi Tomas,

this is by debian servers, I talked about this for a while. Because the debian 
servers mark some things in the header, megamailservers.eu mark them as spam 
and add SPAM to the headline.

As I can not fix it and debian admins will also not do, and I just answered to 
the debian mail, you see the spam mark in the headline.

I am no motre thinking of it, because everything was said in another theread 
in this list.

For myself I made a rule in spamassassin, that mails from debian are 
whitelisted, although they are marked as spam and although they are appearing 
with SPA in the headline - as I know, they are NO spam!

Hope, this explains it.

Best 

Hans 
> Hi, Hans
> 
> is it your mail setup adding that *SPAM* decoration to the
> subject?
> 
> Just curious...
> 
> cheers

Re: On user expectations (Was Re: *****SPAM***** Re: LibreOffice removed from Debian)

[Brad Rogers]

On Thu, 18 Apr 2024 11:35:58 +
Andy Smith  wrote:

Hello Andy,

>I suspect that your text above has come out sounding more entitled
>than you intended, as English is not your first language.

In fairness to Hans, he did go on to explain as much.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
You couldn't find your feet, if you were looking for them
I Don't Like You - Stiff Little Fingers


pgpM3tCH2hMFt.pgp
Description: OpenPGP digital signature

On user expectations (Was Re: *****SPAM***** Re: LibreOffice removed from Debian)

[Andy Smith]

Hi Hans,

On Thu, Apr 18, 2024 at 11:38:18AM +0200, Hans wrote:
> I only hope, it will not happen the same fate like usermin and webmin 
> happened 
> to: It was once removed from the repoi with th ereason "spagehetti code, bad 
> code" and then no one ever took a look again to it, although many, many years 
> of coding passed by. 
> 
> And webmin and usermin are still developed! 

I suspect that your text above has come out sounding more entitled
than you intended, as English is not your first language.

Just bear in mind that you are/were expecting volunteers to do free
work for you in packaging this software for Debian. If they no
longer see the value in doing so, that is their concern and their
concern alone. If they never took any interest in it again, that
also is solely their own concern.

Every single package in Debian relies upon there being maintainers
who are interested in packaging it for Debian. We all live in
constant hope that our favoured packages are still worth packaging.

As you say, you are fortunate enough to still have a project that
has active upstream developers so it is still your option to either
install this software from upstream yourself, or pay them to do the
packaging work that you used to get for free.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Marking as spam [was: *****SPAM***** Re: LibreOffice removed from Debian]

[tomas]

Hi, Hans

is it your mail setup adding that *SPAM* decoration to the
subject?

Just curious...

cheers
-- 
t


signature.asc
Description: PGP signature

Re: *****SPAM***** Re: LibreOffice removed from Debian

[Hans]

I only hope, it will not happen the same fate like usermin and webmin happened 
to: It was once removed from the repoi with th ereason "spagehetti code, bad 
code" and then no one ever took a look again to it, although many, many years 
of coding passed by. 

And webmin and usermin are still developed! 

I suppose, it is much easier, to remove a package, than to fix it. Once 
removed, it will soon be forgotten.

This is not mourning, please note, just things, I am just reflect my 
watchings. 

And for libreoffice I suppose, it is planned, to change from 7.6 to 24.4, 
which will be a major jump.

Don't anger, if I do not find the correct Englisg idioms!

Best 

Hans 

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Andy Smith wrote:
> [...] I argue that at present it
> isn't a good idea to just reject all DKIM failures like OP's mailbox
> provider appears to be doing.

Just for the records:
The mails in question don't get rejected but rather marked as spam
and then get delivered.

The currently best theory is that megamailservers.eu adds a header
  X-Spam-Flag: YES
if it perceives DKIM problems, and that the local anti-spam software
of the receiver takes this header as reason to alter the subject by
the prefix "*SPAM*".

Whether it is a good idea to map DKIM failure to a spam marking header
is another interesting topic.

Original post of this thread with an example of all headers of a mail:
  https://lists.debian.org/msgid-search/3371640.PXJkl210th@protheus2


Have a nice day :)

Thomas

Re: Spam from the list?

[Andy Smith]

Hello,

On Fri, Mar 08, 2024 at 02:16:07AM +, Tim Woodall wrote:
> And some dkim seems setup with the intention that it should not be used
> for mailinglusts:
> 
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> d=dow.land;
> s=20210720;
> h=From:In-Reply-To:References:Subject:To:Message-Id:Date:
> Content-Type:Content-Transfer-Encoding:Mime-Version:Sender:Reply-To:Cc:
> Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
> Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
> List-Subscribe:List-Post:List-Owner:List-Archive;

So the thing is that the RFC for DKIM specifies a list of headers to
sign and those include ones commonly used by mailing list software
so as soon as one of those mails goes through list software, the DKIM
signatures get broken. And sadly because that is what is suggested
in the RFC, that is also the default setting of Exim in Debian.

As a result heaps of messages don't make it through mailing lists
with DKIM intact even when the list operator makes some effort to
allow it to work (e.g. avoids adding footers or subject tags, just
passes the mail through, like debian-user does).

> AFAICT, it's a problem at the originator causing failures, either
> something wrong with dkim setup or too strict set of headers.

Yes. But I think a person whose receiving system outright rejects on
DKIM failure might spend their whole lives tracking down and
contacting the operators of sending systems to educate them about
DKIM, only to be mostly met with disagreement, lack of
understanding, or silence. Which is why I argue that at present it
isn't a good idea to just reject all DKIM failures like OP's mailbox
provider appears to be doing.

That sort of setup would only be suitable for someone who doesn't
really use email, except for "transactional" mails (password
reminders, OTP, etc.) and one-way newsletters. Which admittedly is
probably the majority of users - but not OP!

> I shall be checking what this does when it gets back to me. One of the
> problems with dkim is that you assume it still works, it's hard to know
> what others actually see...

Adding DMARC and a reporting address gets you far more unwelcome
insight into what others do. 😀

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Spam from the list?

[Tim Woodall]

On Thu, 7 Mar 2024, Andy Smith wrote:


Hi,

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
> --- sninp ---
> 
> Authentication-Results: mail35c50.megamailservers.eu; spf=none 
> smtp.mailfrom=lists.debian.org

> Authentication-Results: mail35c50.megamailservers.eu;
> 	dkim=fail reason="signature verification failed" (2048-bit key) 
> header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"

> Return-Path: 
> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
> 	by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
> 425I9ZEK112497

>for ; Tue, 5 Mar 2024 18:09:37 +
> 
> --- snap ---
> 
> White mails get the dkim=pass and spam mails got dkim=fail (as you see above).


A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.


And some dkim seems setup with the intention that it should not be used
for mailinglusts:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=dow.land;
s=20210720;
h=From:In-Reply-To:References:Subject:To:Message-Id:Date:
Content-Type:Content-Transfer-Encoding:Mime-Version:Sender:Reply-To:Cc:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;

This one passed on bendel but not when it got to me. Most on debian-user
seem ok, debian-devel does seem to get more submissions with broken dkim
(based on looking at a random handful on each list)

AFAICT, it's a problem at the originator causing failures, either
something wrong with dkim setup or too strict set of headers.

I shall be checking what this does when it gets back to me. One of the
problems with dkim is that you assume it still works, it's hard to know
what others actually see...

Re: Spam from the list?

[John Crawley]

On 07/03/2024 21:04, Andy Smith wrote:

Hi,

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:

--- sninp ---

Authentication-Results: mail35c50.megamailservers.eu; spf=none
smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: 
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id
425I9ZEK112497
for ; Tue, 5 Mar 2024 18:09:37 +

--- snap ---

White mails get the dkim=pass and spam mails got dkim=fail (as you see above).


A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.

In this specific example your problem is that a mail came through
the Debian bug tracking system (which pretends to be the original
sender) and on the way out was DKIm signed by debian.org and then
went through Debian's list servers. Somewhere in there the DKIM
signature was broken.

I don't rate your chances of getting the operators of
bugs.debian.org and lists.debian.org to agree to preserve DKIM since
I know at least some of them are severely opposed to DKIM.

Your mailbox provider really should not be rejecting everything that
has a broken DKIm signature. This email from me will probably have a
broken DKIM signature.

Thanks,
Andy


Andy's mail's DKIM looks OK here:

Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=none (zohomail.com: 82.195.75.100 is neither permitted nor denied 
by domain of lists.debian.org)  
smtp.mailfrom=bounce-debian-user=john=bunsenlabs@lists.debian.org;
dmarc=pass(p=none dis=none)  header.from=strugglers.net
ARC-Seal: i=1; a=rsa-sha256; t=1709813111; cv=none;
d=zohomail.com; s=zohoarc;

b=E/0YtYVq6D01XC5ug3vazK169M6jDxoXOO6K7rs6qdKhNHP1XDV7QSLAvwJetsjzooDe39MNSl/160MWgl3URqQ1YhPYZ9aBFQ3DsmN74mTKPiQYOxqx0XzNy1Nemo4oRetVQDrwEGeegQWUBbrxtbD18x8R7Dd9Ps19NxKRMP8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; 
s=zohoarc;
t=1709813111; 
h=Content-Type:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Resent-Sender:Resent-Date:References:Resent-Message-ID:Resent-From:Subject:Subject:To:To:Message-Id:Reply-To:Cc;
bh=ohelUf+wTnNtAeaNpYE6UONuc2euPhvqBvxLaU7Fz7c=;

b=MUW94hTSknXpUch7F94usVvulKMrwldlWtoyP582oO6+EMhKaeisaBraF7KE46pdbHyE+AAzf/dn0xPDxNnN+M+RXSbXsQvu7qEIe/+q6fCdppDhql+IMx+U9H+Q61olqpD+JMh9IxFgAUSKme0bLD8NhFKOskvLdtzqq3XeIpg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=none (zohomail.com: 82.195.75.100 is neither permitted nor denied 
by domain of lists.debian.org)  
smtp.mailfrom=bounce-debian-user=john=bunsenlabs@lists.debian.org;
dmarc=pass header.from= (p=none dis=none)

--snip--

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=strugglers.net; s=alpha; 
h=In-Reply-To:Content-Type:MIME-Version:References

:Message-ID:Subject:To:From:Date:Content-Transfer-Encoding:Sender:Reply-To:Cc
:Content-ID:Content-Description:Resent-To;
bh=ohelUf+wTnNtAeaNpYE6UONuc2euPhvqBvxLaU7Fz7c=; 
b=c5YTQp9JWbbPNuLxDYO19XXqgy

KmEiV4tSD2LlNXy4C9/5PPfZ5JGT6U70UQpwIXgC1alHcUyD+LY6JDPEbO33KuWsWr4gvrJCwrq0u

HMUc+sKwQgknFeLxa5Jk3a3VFLURsYYec+6Lc9C4WsQB9I+xuv8CmO22xpRRNqB3SWdR7gtHy+Ab8

1UGvqoeEsCAtc5y2dt3uiX6Uy5qYDRbgbSVBhfq4TwjxmyTqmnkT1oG62tW2LavipJDvfR/40weCR

B/S7To5h6Lgc/1oLArFNtrtPlfyyRg38maGSj5Jgt9X5Vwdfg187lIla/I4OBjib2pDV5d38QzL7v
4Vz0PYFg==;

--
John

Re: Spam from the list?

[Andy Smith]

Hi,

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
> --- sninp ---
> 
> Authentication-Results: mail35c50.megamailservers.eu; spf=none 
> smtp.mailfrom=lists.debian.org
> Authentication-Results: mail35c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (2048-bit key) 
> header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
> Return-Path: 
> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
>   by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
> 425I9ZEK112497
>   for ; Tue, 5 Mar 2024 18:09:37 +
> 
> --- snap ---
> 
> White mails get the dkim=pass and spam mails got dkim=fail (as you see above).

A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.

In this specific example your problem is that a mail came through
the Debian bug tracking system (which pretends to be the original
sender) and on the way out was DKIm signed by debian.org and then
went through Debian's list servers. Somewhere in there the DKIM
signature was broken.

I don't rate your chances of getting the operators of
bugs.debian.org and lists.debian.org to agree to preserve DKIM since
I know at least some of them are severely opposed to DKIM.

Your mailbox provider really should not be rejecting everything that
has a broken DKIm signature. This email from me will probably have a
broken DKIM signature.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Spam from the list?

[Byunghee HWANG]

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
> Hi all,
> I believe, I found the reason, why mails are marked as spam and others not.
> 
> All spam mails shjow this entry in the header:
> 
> --- sninp ---
> 
> Authentication-Results: mail35c50.megamailservers.eu; spf=none 
> smtp.mailfrom=lists.debian.org
> Authentication-Results: mail35c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (2048-bit key) 
> header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
> Return-Path: 
> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
>   by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
> 425I9ZEK112497
>   for ; Tue, 5 Mar 2024 18:09:37 +
> 
> --- snap ---
> 
> White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
> 
> However, I am not much experienced with DKIM, but as far as I read, it has 
> soemthing to do with key exchanges. 
> 
> But who must exchange keys? I see also bendel.debian.org and a bounce message.
> 
> Can that be the reason, that bendel.debian.org and megameilservers.eu has 
> some 
> problems with the keys?
> 
> On both I can not take a look and have no influence to it, but mayme the 
> admins 
> of bendel.debian.org do know more.
> 
> Thanks for reading this,
> 
> Best regards
> 
> Hans

Well i think that you would be add to whitelist emails from bendel.debian.org. 


Thanks, Byunghee from South Korea

Re: Spam from the list?

[Hans]

Hi all,
I believe, I found the reason, why mails are marked as spam and others not.

All spam mails shjow this entry in the header:

--- sninp ---

Authentication-Results: mail35c50.megamailservers.eu; spf=none 
smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key) 
header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: 
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
425I9ZEK112497
for ; Tue, 5 Mar 2024 18:09:37 +

--- snap ---

White mails get the dkim=pass and spam mails got dkim=fail (as you see above).

However, I am not much experienced with DKIM, but as far as I read, it has 
soemthing to do with key exchanges. 

But who must exchange keys? I see also bendel.debian.org and a bounce message.

Can that be the reason, that bendel.debian.org and megameilservers.eu has some 
problems with the keys?

On both I can not take a look and have no influence to it, but mayme the admins 
of bendel.debian.org do know more.

Thanks for reading this,

Best regards

Hans

Re: Spam from the list?

[debian-user]

Hans  wrote:
> HI Brad,
> 
> I do not believe, it is a training problem. Why? Well, your formerly
> mail was marked as spam. So I marked it as ham. Now, your second mail
> again is marked as spam. 
> 
> We know, there is nothing unusual with your mail, but it is again
> marked as spam. Even, when I explicity marked your mails as ham! 
> 
> Thus the problem is not on my computer. 
> 
> I believe, what Thomas said: Megamail or my mailprovider is setting
> the X- Spam-Flag to YES, and my spamassassin is recognizing this and
> marks this as spam.
> 
> The solution would be, either to make megamails or my provider make
> things correctly (but I have no atom bombs to force them) , or delete
> my rule, to check the X-Spam-Flag (which I actually do not want). 

You don't need an atom bomb. Simply contact their support and tell them
they appear to be misclassifying mail. If they don't fix the problem
then consider changing your provider. Or at least tell them you will :)

Also they are still sending the mail to you, so it is your choice
whether to actually classify it as spam! Look at your mail program and
see what options it has regarding classifying spam. Change it to not
respect the particular header you think is causing problems.

> Important is: The cause is not at debian server (which is fine!) and
> not on my system (which is also fine), but on the provider server. 
> 
> To know this, I think we can safely close this issue.
> 
> We have learnt some things (which is always important) and could find
> the reason.
> 
> Thank you all for your help and input!!

Re: Spam from the list?

[Brad Rogers]

On Wed, 06 Mar 2024 15:36:25 +0100
Hans  wrote:

Hello Hans,

>I do not believe, it is a training problem. Why? Well, your formerly
>mail was marked as spam. So I marked it as ham. Now, your second mail
>again is marked as spam. 

Spam/ham training is not, IME, a single shot affair.  However, as you go
on to say, this particular issue is in all likelihood due to forces
outside of our control.

At which point, I'll hand over to people far more experienced than I.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
You criticize us, you say we're sh*t, but we're up here doin' it
We're The League - Anti-Nowhere League


pgpPJCjXv8hya.pgp
Description: OpenPGP digital signature

Re: Spam from the list?

[Hans]

HI Brad,

I do not believe, it is a training problem. Why? Well, your formerly mail was 
marked as spam. So I marked it as ham. Now, your second mail again is marked 
as spam. 

We know, there is nothing unusual with your mail, but it is again marked as 
spam. Even, when I explicity marked your mails as ham! 

Thus the problem is not on my computer. 

I believe, what Thomas said: Megamail or my mailprovider is setting the X-
Spam-Flag to YES, and my spamassassin is recognizing this and marks this as 
spam.

The solution would be, either to make megamails or my provider make things 
correctly (but I have no atom bombs to force them) , or delete my rule, to 
check the X-Spam-Flag (which I actually do not want). 

Important is: The cause is not at debian server (which is fine!) and not on my 
system (which is also fine), but on the provider server. 

To know this, I think we can safely close this issue.

We have learnt some things (which is always important) and could find the 
reason.

Thank you all for your help and input!!

Best regards

Hans


Am Mittwoch, 6. März 2024, 14:24:19 CET schrieb Brad Rogers:
> On Wed, 06 Mar 2024 13:53:49 +0100
> Hans  wrote:
> 
> Hello Hans,
> 
> >It should be well trained
> 
> Spam training is an ongoing process
> 
> >But until then suddenly the false positives increased from one day to
> >another, although I had changed nothing.
> 
> because the spam changes.  What's coming now is new, and SA has not
> seen it before.  You have to train it.  Equally, what you consider ham
> can change - for example, when you subscribe to a new mailing list that
> caters to a subject not encountered by you before because of, say, taking
> up a new hobby.
> 
> I've been using my spam filtering set up for years too, and I still get
> the occasional false positive.  I mark them as ham to (hopefully)
> improve spam filtering here.

Re: Spam from the list?

[Brad Rogers]

On Wed, 06 Mar 2024 13:53:49 +0100
Hans  wrote:

Hello Hans,

>It should be well trained

Spam training is an ongoing process

>But until then suddenly the false positives increased from one day to
>another, although I had changed nothing.

because the spam changes.  What's coming now is new, and SA has not
seen it before.  You have to train it.  Equally, what you consider ham
can change - for example, when you subscribe to a new mailing list that
caters to a subject not encountered by you before because of, say, taking
up a new hobby.

I've been using my spam filtering set up for years too, and I still get
the occasional false positive.  I mark them as ham to (hopefully)
improve spam filtering here.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
If you ain't sticking your knives in me, you will be eventually
Monsoon - Robbie Williams


pgpW7BRD_vUWU.pgp
Description: OpenPGP digital signature

Re: *****SPAM***** Re: Spam from the list?

[Nicolas George]

Hans (12024-03-06):
> I am using this spamfilter now for several years. It should be well trained 
> and 
> almost until about 4 months I never had any problems with it.

Hi.

It is probably not the reason for you problem now, but it is important
to note that in the “several years” since your spam filter was trained,
spammers have not stayed idle, they have learned, they have refined
their mail to bypass the most common protections. And in turn,
protections have evolved to fight the new stealthiness of spammers.

Spammers also have changed topics, they used to sell pills, now they
sell cryptocurrencies. If your Bayesian filter is trained to recognize
mails that sell pills, they might accept mails that seem to talk about
technical points of computing.

So if your own mail filter has not evolved, it is not surprising that it
becomes progressively less efficient.

> Am Mittwoch, 6. März 2024, 12:22:53 CET schrieb Brad Rogers:

Please remember not to top-post.

Regards,

-- 
  Nicolas George

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Hans wrote:
> Re: *****SPAM* Re: Spam from the list?
> In-Reply-To: <20240306112253.55e25...@earth.stargate.org.uk>

referring the mail

> > Date: Wed, 6 Mar 2024 11:22:53 +
> > From: Brad Rogers 
> > Message-ID: <20240306112253.55e25...@earth.stargate.org.uk>

I assume that this mail appeared with the "*SPAM*" marker in
your mailbox.
(The currently most plausible theory is that megamailservers.eu adds
"X-Spam-Flag: YES" and your local mail processing takes this header as
reason to change the subject.)

So what does the mail which you received from Brad via debian-user
say about "Authentication-Results:" ?
Your initial post quoted three such headers. Expect more than one.


Have a nice day :)

Thomas

Re: *****SPAM***** Re: Spam from the list?

[tomas]

On Wed, Mar 06, 2024 at 01:53:49PM +0100, Hans wrote:
> Hi Brad,
> 
> I am using this spamfilter now for several years. It should be well trained 
> and 
> almost until about 4 months I never had any problems with it.
> 
> But until then suddenly the false positives increased from one day to 
> another, 
> although I had changed nothing. 

You keep saying that. Your mail provider seems to have changed something.
Your spamassassin is seeing those new headers (which, by all comments in
this thread are being added on the way from the mailing list to you)
and acts accordingly.

So nothing weird. Except, perhaps, your mail provider. There are few of
them which are not weird these days.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: *****SPAM***** Re: Spam from the list?

[Hans]

Hi Brad,

I am using this spamfilter now for several years. It should be well trained and 
almost until about 4 months I never had any problems with it.

But until then suddenly the false positives increased from one day to another, 
although I had changed nothing. 

And weired: It happened only with mails from the debian forum! This looks 
weired for me. Other spammails are still well recognized and I get no false 
positives from any other site. 

Maybe this is by chance. But mails, which are recognized as spam are looking 
not fishy in any kind. Even a mail sent by myself to the forum was seen as 
spam.

Of course there is the option, that my own spamfilter has changed, although I 
did nothing manually, it could not be excluded.

I do not believe, it is is a training model, but of course, i will mark white 
mails as ham manually and see, if the false positives decrease.

Will inform you again in a few days.

Best 

Hans



Am Mittwoch, 6. März 2024, 12:22:53 CET schrieb Brad Rogers:
> On Wed, 06 Mar 2024 11:19:27 +0100
> Hans  wrote:
> 
> Hello Hans,
> 
> >Does one see any reason, why this is considered as spam???
> 
> Further to what Thomas says;  You haven't told your spam filtering that
> it's ham.  If you don't train your spam filters, it's never going to get
> any better at detecting what you consider to be ham/spam.

Re: Spam from the list?

[debian-user]

Hans  wrote:
> Hi Thomas,
> 
> > you perhaps subscribed to one of the "Resent-*" lists ?
> >  
> Not as far as I know.
>  
> > > Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector --
> > > Connector for Bleak Clients that handles transient connection
> > > failures  
> > 
> > The mark "*SPAM*" does not appear in the archive
> >   
> 
> This line is set by spamassassin on my own computer, when a spam mail
> is marked as spam. Then it will be filtered out. But I can not see,
> WHJY it is recognised as apam!
> 
> >   https://lists.debian.org/debian-devel/2024/03/msg00076.html
> > 
> > All in all it looks like a legit message, not like spam.
> > So the suspect would sit after Debian's mail servers.
> > 
> > The only Received header i see between Debian and you is:  
> > > Received: from bendel.debian.org (bendel.debian.org
> > > [82.195.75.100])
> > > 
> > > by mail104c50.megamailservers.eu (8.14.9/8.13.1) with
> > > ESMTP id 4269vZOl098298
> > > for ; Wed, 6 Mar 2024 09:57:37
> > > +  
> > 
> > It looks like either megamailservers.eu or your own processing added
> > the spam mark to the subject.
> >   
> Hmm, suspicious. I changed nothing and suddenly many mails from
> debian-user (but not all, only some) are recognized as spam. And I
> can not see, why they are. Thre are no URLs in it, no suspicous gifs
> or any other content. Just quite normal mails. And some are flagged
> as spam, some not. Weired.

So if it's not you, then it sounds like you need to ask
megamailservers.eu why.

Re: Spam from the list?

[Brad Rogers]

On Wed, 06 Mar 2024 11:19:27 +0100
Hans  wrote:

Hello Hans,

>Does one see any reason, why this is considered as spam???

Further to what Thomas says;  You haven't told your spam filtering that
it's ham.  If you don't train your spam filters, it's never going to get
any better at detecting what you consider to be ham/spam.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
People stare like they've seen a ghost
Titanic (My Over) Reaction - 999


pgp8hb40F8jjN.pgp
Description: OpenPGP digital signature

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Hans wrote:
> I changed nothing and suddenly many mails from debian-user
> (but not all, only some) are recognized as spam.

But the one you posted here did not come from debian-user.

So maybe what changed is an inadverted subscription to one of
  debian-bugs-d...@lists.debian.org
  debian-de...@lists.debian.org
  debian-pyt...@lists.debian.org,
  w...@debian.org
This might have broadened the set of mail senders and thus gives your
mail provider opportunities to complain like spotted by Dan Ritter:

> Authentication-Results: mail104c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (4096-bit key)
> header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"

"4angle.com" matches the mail address of the bug submitter
"Edward Betts ".


The shown message headers offer unsubscription from debian-devel:

> List-Unsubscribe: 
> <mailto:debian-devel-requ...@lists.debian.org?subject=unsubscribe>

I.e. to send a mail to debian-devel-requ...@lists.debian.org with the
subject line
  unsubscribe


Have a nice day :)

Thomas

Re: Spam from the list?

[Hans]

Am Mittwoch, 6. März 2024, 12:10:57 CET schrieb Dan Ritter:

> > 
> >  X-Spam-Flag: YES
> > 
> > X-SPAM-FACTOR: DKIM
> 
> What sets these two headers?
> 

I do not know. So I asked on this list.

What I believe is, that the X-Spam-Flag: YES is set somehow on the way and as 
spamassin is looking at that is marking the mail as spam. 

The question is: Where and why is this flag set? Maybe because of the DKIM 
failure? 

Sorry, I do not know, and maybe you are right: It might be a problem with 
megamailservers, who knows.

Best

Hans

Re: Spam from the list?

[Hans]

Hi Thomas,

> you perhaps subscribed to one of the "Resent-*" lists ?
>
Not as far as I know.
 
> > Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector --
> > Connector for Bleak Clients that handles transient connection failures
> 
> The mark "*SPAM*" does not appear in the archive
> 

This line is set by spamassassin on my own computer, when a spam mail is 
marked as spam. Then it will be filtered out. But I can not see, WHJY it is 
recognised as apam!

>   https://lists.debian.org/debian-devel/2024/03/msg00076.html
> 
> All in all it looks like a legit message, not like spam.
> So the suspect would sit after Debian's mail servers.
> 
> The only Received header i see between Debian and you is:
> > Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
> > 
> > by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP
> > id 4269vZOl098298
> > for ; Wed, 6 Mar 2024 09:57:37 +
> 
> It looks like either megamailservers.eu or your own processing added
> the spam mark to the subject.
> 
Hmm, suspicious. I changed nothing and suddenly many mails from debian-user 
(but not all, only some) are recognized as spam. And I can not see, why they 
are. Thre are no URLs in it, no suspicous gifs or any other content. Just 
quite normal mails. And some are flagged as spam, some not. Weired.

> 
> Have a nice day :)
> 
> Thomas


Best

Hans

Re: Spam from the list?

[Dan Ritter]

Hans wrote: 
> Hi folks,
> 
> during the last moonths I get more mails from the debian-user list marked as 
> spam than before. Something must have changed.
> 
> I examined the header of the mails, but did not see any unusual.
> 
> Below I send the header of an example of such a mail, maybe you can see the 
> reason?
> 
> On my computer I am also using spamassassin, and my own score is set to 3.4, 
> so even so it should not considered as spam. 
> 
>  X-Spam-Flag: YES
> X-SPAM-FACTOR: DKIM

What sets these two headers?


> Authentication-Results: mail104c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (4096-bit key) 
> header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"

That's the source of the DKIM fail.

> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on bendel.debian.org
> X-Spam-Level: 
> X-Spam-Status: No, score=-6.7 required=4.0 tests=BODY_INCLUDES_PACKAGE,
>   
> DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,
>   T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
>   version=3.4.2

This is debian.org's mailserver checking for spam and deciding that it isn't,
even though DKIM is invalid.

> X-Virus-Scanned: at lists.debian.org with policy bank en-ht
> X-Amavis-Spam-Status: No, score=-8.561 tagged_above=-1 required=5.3
>   tests=[BAYES_00=-2, BODY_INCLUDES_PACKAGE=-2, DKIM_INVALID=0.1,
>   DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
>   LDO_WHITELIST=-5, T_SCC_BODY_TEXT_LINE=-0.01]
>   autolearn=ham autolearn_force=no

This is debian.org again.

> X-Bogosity: Ham, tests=bogofilter, spamicity=0.053994, version=1.2.5
> 
> --- snap ---
> 
> Does one see any reason, why this is considered as spam???

Whatever set X-SPAM-FLAG: YES is probably at fault.

-dsr-

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Hans wrote:
> during the last moonths I get more mails from the debian-user list marked as
> spam than before.
> [...]
> Below I send the header of an example of such a mail, maybe you can see the
> reason?

The message does not look like it came to you via debian-user:

> X-Original-To: lists-debian-de...@bendel.debian.org
> Delivered-To: lists-debian-de...@bendel.debian.org
> Received: from localhost (localhost [127.0.0.1])
> by bendel.debian.org (Postfix) with ESMTP id B720220598
> for ; Wed,  6 Mar 2024
> [...]
> Resent-To: debian-bugs-d...@lists.debian.org
> Resent-CC: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org,
> w...@debian.org

Are you perhaps subscribed to one of the "Resent-*" lists ?


> Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector -- Connector
> for Bleak Clients that handles transient connection failures

The mark "*SPAM*" does not appear in the archive

  https://lists.debian.org/debian-devel/2024/03/msg00076.html

All in all it looks like a legit message, not like spam.
So the suspect would sit after Debian's mail servers.


The only Received header i see between Debian and you is:

> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
> by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP
> id 4269vZOl098298
> for ; Wed, 6 Mar 2024 09:57:37 +

It looks like either megamailservers.eu or your own processing added
the spam mark to the subject.


Have a nice day :)

Thomas

Spam from the list?

[Hans]

Hi folks,

during the last moonths I get more mails from the debian-user list marked as 
spam than before. Something must have changed.

I examined the header of the mails, but did not see any unusual.

Below I send the header of an example of such a mail, maybe you can see the 
reason?

On my computer I am also using spamassassin, and my own score is set to 3.4, 
so even so it should not considered as spam. 

Thisis the header:

--- snip ---

 X-Spam-Flag: YES
X-SPAM-FACTOR: DKIM
X-Envelope-From: bounce-debian-devel=hans.ullrich=loop...@lists.debian.org
DMARC-Filter: OpenDMARC Filter v1.4.1 mail104c50.megamailservers.eu 
4269vZOl098298
Authentication-Results: mail104c50.megamailservers.eu; dmarc=fail (p=reject 
dis=none) header.from=4angle.com
Authentication-Results: mail104c50.megamailservers.eu; spf=none 
smtp.mailfrom=lists.debian.org
Authentication-Results: mail104c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (4096-bit key) 
header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"
Return-Path: 
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
4269vZOl098298
for ; Wed, 6 Mar 2024 09:57:37 +
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id C9230205B1; Wed,  6 Mar 2024 09:57:27 + (UTC)
X-Mailbox-Line: From debian-devel-requ...@lists.debian.org  Wed Mar  6 
09:57:27 2024
Old-Return-Path: 
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on bendel.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.7 required=4.0 tests=BODY_INCLUDES_PACKAGE,

DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,
T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
version=3.4.2
X-Original-To: lists-debian-de...@bendel.debian.org
Delivered-To: lists-debian-de...@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id B720220598
for ; Wed,  6 Mar 2024 
09:57:16 + (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-8.561 tagged_above=-1 required=5.3
tests=[BAYES_00=-2, BODY_INCLUDES_PACKAGE=-2, DKIM_INVALID=0.1,
DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
LDO_WHITELIST=-5, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=ham autolearn_force=no
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 
2525)
with ESMTP id CnwFbHimGCbL for ;
Wed,  6 Mar 2024 09:57:08 + (UTC)
Received: from buxtehude.debian.org (buxtehude.debian.org 
[IPv6:2607:f8f0:614:1::1274:39])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) 
server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "buxtehude.debian.org", Issuer "Debian SMTP CA" (not 
verified))
by bendel.debian.org (Postfix) with ESMTPS id F06C820576;
Wed,  6 Mar 2024 09:57:07 + (UTC)
Received: from debbugs by buxtehude.debian.org with local (Exim 4.94.2)
(envelope-from )
id 1rho1I-0040qp-GA; Wed, 06 Mar 2024 09:57:04 +
X-Loop: ow...@bugs.debian.org
Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector -- Connector 
for Bleak Clients that handles transient connection failures
Reply-To: Edward Betts , 1065...@bugs.debian.org
Resent-From: Edward Betts 
Resent-To: debian-bugs-d...@lists.debian.org
Resent-CC: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org,
w...@debian.org
X-Loop: ow...@bugs.debian.org
Resent-Date: Wed, 06 Mar 2024 09:57:02 +
Resent-Message-ID: 
X-Debian-PR-Message: report 1065537
X-Debian-PR-Package: wnpp
X-Debian-PR-Keywords: 
Received: via spool by sub...@bugs.debian.org id=B.1709718770954021
  (code B); Wed, 06 Mar 2024 09:57:02 +
Received: (at submit) by bugs.debian.org; 6 Mar 2024 09:52:50 +
Received: from 4angle.com ([78.129.222.14]:43828)
by buxtehude.debian.org with esmtps 
(TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.94.2)
(envelope-from )
id 1rhnxC-0040B7-74
for sub...@bugs.debian.org; Wed, 06 Mar 2024 09:52:50 +
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=4angle.com;
s=bridge; h=Content-Type:MIME-Version:Message-
ID:Subject:To:From:Date:Sender:
Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-
Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-
Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-
Subscribe:
List-Post:List-Owner:List-Archive;
bh=RkmeLzNl75rHSQ2ewaAj7V5oqKSJrzv7gFE

Logistics vs hystereisis [was: Dealing with SPAM.]

[tomas]

On Mon, Dec 25, 2023 at 01:49:17PM +0100, Thomas Schmitt wrote:
> Hi,
> 
> to...@tuxteam.de wrote:
> > [...] (it's actually a logistic function [1]).
> > [1] https://en.wikipedia.org/wiki/Logistic_function
> > Looking forward to Yet Another Of Those Nerdy Monster Threads ;-)
> 
> Since it's happening periodically with about the same participants,
> shouldn't we rather try to model it as hysteresis ?
>   https://en.wikipedia.org/wiki/Hysteresis
>   ("Not to be confused with Hysteria.")

You do have a point there :)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Dealing with SPAM.

[Thomas Schmitt]

Hi,

to...@tuxteam.de wrote:
> [...] (it's actually a logistic function [1]).
> [1] https://en.wikipedia.org/wiki/Logistic_function
> Looking forward to Yet Another Of Those Nerdy Monster Threads ;-)

Since it's happening periodically with about the same participants,
shouldn't we rather try to model it as hysteresis ?
  https://en.wikipedia.org/wiki/Hysteresis
  ("Not to be confused with Hysteria.")


Have a nice day :)

Thomas

Re: Dealing with SPAM.

[tomas]

On Mon, Dec 25, 2023 at 11:19:43AM +0100, Marco Moock wrote:
> Am 25.12.2023 um 08:56:41 Uhr schrieb Brad Rogers:
> 
> > On Mon, 25 Dec 2023 16:50:13 +1100
> > Zenaan Harkness  wrote:
> > 
> > Hello Zenaan,
> > 
> > >OMG money! I, being Debian User it  
> > 
> > The best thing to do is ignore SPAM.
> > 
> > If you *must* reply, don't quote the whole thing and send it to the
> > list *again*.  
> 
> Replying to spam will just tell the spammers that the mailbox is being
> read and that makes the address much more interesting for spam.

And replying to spam replies amplifies the phenomenon yet
more. The start is actually exponential, until things start
saturating (it's actually a logistic function [1]).

Looking forward to Yet Another Of Those Nerdy Monster Threads ;-)

Cheers

[1] https://en.wikipedia.org/wiki/Logistic_function
-- 
t


signature.asc
Description: PGP signature

Re: Dealing with SPAM.

[Andrew M.A. Cater]

On Mon, Dec 25, 2023 at 11:19:43AM +0100, Marco Moock wrote:
> Am 25.12.2023 um 08:56:41 Uhr schrieb Brad Rogers:
> 
> > On Mon, 25 Dec 2023 16:50:13 +1100
> > Zenaan Harkness  wrote:
> > 
> > Hello Zenaan,
> > 
> > >OMG money! I, being Debian User it  
> > 
> > The best thing to do is ignore SPAM.
> > 
> > If you *must* reply, don't quote the whole thing and send it to the
> > list *again*.  
> 
> Replying to spam will just tell the spammers that the mailbox is being
> read and that makes the address much more interesting for spam.
>

If you come across spam - ignore it in the mail that's come to you.
Also check in the web mailing list archives at lists.debian.org if its come
from a list and use the button to report as spam. If it gets removed from
the publicly visible archives there, it's also then less likely to be
harvested by spambots and used again.

Andy

Re: Dealing with SPAM.

[Marco Moock]

Am 25.12.2023 um 08:56:41 Uhr schrieb Brad Rogers:

> On Mon, 25 Dec 2023 16:50:13 +1100
> Zenaan Harkness  wrote:
> 
> Hello Zenaan,
> 
> >OMG money! I, being Debian User it  
> 
> The best thing to do is ignore SPAM.
> 
> If you *must* reply, don't quote the whole thing and send it to the
> list *again*.  

Replying to spam will just tell the spammers that the mailbox is being
read and that makes the address much more interesting for spam.

Dealing with SPAM.

[Brad Rogers]

On Mon, 25 Dec 2023 16:50:13 +1100
Zenaan Harkness  wrote:

Hello Zenaan,

>OMG money! I, being Debian User it

The best thing to do is ignore SPAM.

If you *must* reply, don't quote the whole thing and send it to the list
*again*.  

Thank you.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
Just stop and take a second
U & Ur Hand - P!nk


pgpEDguGGW5Fi.pgp
Description: OpenPGP digital signature

Re: Strange locally-originating spam messages from sport.qc.ca

[Julian Gilbey]

Hi Greg,

On Thu, Mar 30, 2023 at 07:18:15AM -0400, Greg Wooledge wrote:
> On Thu, Mar 30, 2023 at 12:00:01PM +0300, Reco wrote:
> > On Thu, Mar 30, 2023 at 09:30:49AM +0100, Julian Gilbey wrote:
> > > I wonder if anyone has any idea about how to track this down?
> > 
> > I'd check /var/log/exim4/mainlog first, obviously.
> 
> In addition to that, open one of the spam messages in a competent MUA
> and examine the full headers.  You should see one or more "Received:"
> headers.  Every time the message is handed off to a new MTA, a new
> Received: header is prepended to the top of the message, so to read
> them in chronological order, you have to start at the bottom and work
> your way upward.
> [...]

Thanks - this was useful, and eventually helped me to pin-point the
source of the spam.

Best wishes,

   Julian

Re: Strange locally-originating spam messages from sport.qc.ca

[Julian Gilbey]

Hi Reco,

On Thu, Mar 30, 2023 at 02:34:29PM +0300, Reco wrote:
>   Hi.
> 
> On Thu, Mar 30, 2023 at 12:19:24PM +0100, Julian Gilbey wrote:
> > The log seems quite unhelpful here, though I may be missing
> > something.  Here is an example:
> 
> I disagree. There's nothing to miss here, thus you're correct.
> [...]

Thanks for your detailed analysis and advice!  Though I've solved the
problem in this case (it was fetchmail running in daemon mode, pulling
in emails from another mail server, though I didn't realise that this
was happening), your suggestions are excellent and I will bear them in
mind in the future if anything similar happens.

Best wishes,

   Julian

Re: Strange locally-originating spam messages from sport.qc.ca

[Reco]

Hi.

On Thu, Mar 30, 2023 at 12:19:24PM +0100, Julian Gilbey wrote:
> The log seems quite unhelpful here, though I may be missing
> something.  Here is an example:

I disagree. There's nothing to miss here, thus you're correct.

> 2023-03-29 00:07:19 1phIPT-0047NQ-0H <= <> H=(LOCALHOSTNAME) [::1] P=smtp 
> S=2878

That, my friend, is a locally queued mail.
I.e. some process on that very host connected to exim on tcp:25 on the
same host and

> 2023-03-29 00:07:19 1phIPT-0047NQ-0H ** frpjxbkek...@sport.qc.ca 
>  R=nonlocal: Mailing to remote domains not supported

tried to send a e-mail to that e-mail above.
That exim is probably configured as "local" MTA, so it refused to send
that e-mail.


> It seems to have originated locally ([::1]), which is why I wonder
> whether I've got a virus of some sort.

"Virus" is such a harsh word.
It's a malware, plain and simple.

I suggest you to:

1) Poweroff problematic host ASAP.

2) Remove HDD from that host.

3) Attach the HDD to known clean host, preferably with a different CPU
architecture, mount filesystems.

4) Check Debian software for validity (debsums -ac -r ...).

5) Check crontabs (both system and users'), double-check www-data
crontab.

6) Check systemd timers, both system and users'.

7) Consider using very strict Apparmor policy for any LAN-facing
services that you have there in the future (aa-genprof).


> On my internet-facing host, these messages appear to originate from a
> Canadian ISP, but I don't know whether to believe it, given what's
> happening on my other machine.

Be generous, ban whole AS of that ISP via iptables/nft first.
Consider repeating the steps outlined above for internet-facing host
too.

Reco

Re: Strange locally-originating spam messages from sport.qc.ca

[Julian Gilbey]

Hi Jeremy!

On Thu, Mar 30, 2023 at 05:03:47PM +0800, Jeremy Ardley wrote:
> 
> On 30/3/23 16:30, Julian Gilbey wrote:
> > I'm getting a significant number of spam messages being sent to my MTA
> > (exim) for the address FRPJXbKeKuek at sport.qc.ca, and now I'm
> > starting to see some sent to www-data at aether.toine.be.  What is
> > disturbing is that the machine is on a local network, and my
> > internet-facing router does not forward anything to this machine.  So
> > I presume that these mails are originating from the machine itself.
> 
> The first problem I see is you have just published the internal DNS name of
> a machine in your local network.

To clarify: these are the addresses that the email was addressed to.
They have absolutely no relationship with my personal network(s),
hostname(s) or personal email addresses.

But I think I've just solved the problem (by grepping for this email
address across my system); my local machine was - unknown to me -
running fetchmail.  These spam messages must have been sent to the
mail server being read by fetchmail.  That is a relief!

Best wishes,

   Julian

Re: Strange locally-originating spam messages from sport.qc.ca

[Julian Gilbey]

On Thu, Mar 30, 2023 at 12:00:01PM +0300, Reco wrote:
>   Hi.
> 
> On Thu, Mar 30, 2023 at 09:30:49AM +0100, Julian Gilbey wrote:
> > I wonder if anyone has any idea about how to track this down?
> 
> I'd check /var/log/exim4/mainlog first, obviously.
> For instance, your mail was sent to my MTA by bendel.d.o, as is
> should be:
> 
> $ grep ZmNnhCgr7-N.A.uSE.A2UJkB /var/log/exim4/mainlog
> 2023-03-30 10:51:15 1pho03-QZ-9B <= 
> bounce-debian-user=deb=enotuniq@lists.debian.org H=bendel.debian.org 
> [82.195.75.100] P=esmtps 
> X=TLS1.3:ECDHE_X25519__ECDSA_SECP384R1_SHA384__AES_256_GCM:256 CV=no S=5087 
> id=ZmNnhCgr7-N.A.uSE.A2UJkB@bendel

Hi Reco,

Thanks!

The log seems quite unhelpful here, though I may be missing
something.  Here is an example:

2023-03-29 00:07:19 1phIPT-0047NQ-0H <= <> H=(LOCALHOSTNAME) [::1] P=smtp S=2878
2023-03-29 00:07:19 1phIPT-0047NQ-0H ** frpjxbkek...@sport.qc.ca 
 R=nonlocal: Mailing to remote domains not supported
2023-03-29 00:07:19 1phIPP-0047NT-0V <= <> R=1phIPT-0047NQ-0H U=Debian-exim 
P=local S=667
2023-03-29 00:07:19 1phIPT-0047NQ-0H Frozen (delivery error message)
2023-03-29 00:13:24 1phIPT-0047NQ-0H Message is frozen

...and lots of repeats of this last message until I manually deleted
the message.

(I've replaced my local machine name with "LOCALHOSTNAME" in the above.)

It seems to have originated locally ([::1]), which is why I wonder
whether I've got a virus of some sort.

On my internet-facing host, these messages appear to originate from a
Canadian ISP, but I don't know whether to believe it, given what's
happening on my other machine.

Best wishes,

   Julian

Re: Strange locally-originating spam messages from sport.qc.ca

[Greg Wooledge]

On Thu, Mar 30, 2023 at 12:00:01PM +0300, Reco wrote:
> On Thu, Mar 30, 2023 at 09:30:49AM +0100, Julian Gilbey wrote:
> > I wonder if anyone has any idea about how to track this down?
> 
> I'd check /var/log/exim4/mainlog first, obviously.

In addition to that, open one of the spam messages in a competent MUA
and examine the full headers.  You should see one or more "Received:"
headers.  Every time the message is handed off to a new MTA, a new
Received: header is prepended to the top of the message, so to read
them in chronological order, you have to start at the bottom and work
your way upward.

So, look at the bottom-most Received: header first.  Do you recognize
either the sending or receiving system?  If not, continue upward until
you do.

At some point, one of them should reveal where the message came from
(i.e. who sent it to your computer).

If your computer truly is cut off from the Internet as you say, then
I would imagine you received it from another host on your local network.
Be prepared for that.

Re: Strange locally-originating spam messages from sport.qc.ca

[Reco]

Hi.

On Thu, Mar 30, 2023 at 09:30:49AM +0100, Julian Gilbey wrote:
> I wonder if anyone has any idea about how to track this down?

I'd check /var/log/exim4/mainlog first, obviously.
For instance, your mail was sent to my MTA by bendel.d.o, as is
should be:

$ grep ZmNnhCgr7-N.A.uSE.A2UJkB /var/log/exim4/mainlog
2023-03-30 10:51:15 1pho03-QZ-9B <= 
bounce-debian-user=deb=enotuniq@lists.debian.org H=bendel.debian.org 
[82.195.75.100] P=esmtps 
X=TLS1.3:ECDHE_X25519__ECDSA_SECP384R1_SHA384__AES_256_GCM:256 CV=no S=5087 
id=ZmNnhCgr7-N.A.uSE.A2UJkB@bendel

Reco

Re: Strange locally-originating spam messages from sport.qc.ca

[Jeremy Ardley]

On 30/3/23 16:30, Julian Gilbey wrote:

I'm getting a significant number of spam messages being sent to my MTA
(exim) for the address FRPJXbKeKuek at sport.qc.ca, and now I'm
starting to see some sent to www-data at aether.toine.be.  What is
disturbing is that the machine is on a local network, and my
internet-facing router does not forward anything to this machine.  So
I presume that these mails are originating from the machine itself.


The first problem I see is you have just published the internal DNS name 
of a machine in your local network.


bots will at this moment be scouring this mailing list and recording the 
internal dns name.


More intelligent bots will be able to pair your email address and server 
and the internal dns name and make a guess your internal server has a 
user www-data that can receive emails.


Hence you get emails to your public email server addressed to your 
internal server.


in 99.99% of the cases that won't be a problem. But in a small number of 
cases it will be.


--
Jeremy
(Lists)

Strange locally-originating spam messages from sport.qc.ca

[Julian Gilbey]

I'm getting a significant number of spam messages being sent to my MTA
(exim) for the address FRPJXbKeKuek at sport.qc.ca, and now I'm
starting to see some sent to www-data at aether.toine.be.  What is
disturbing is that the machine is on a local network, and my
internet-facing router does not forward anything to this machine.  So
I presume that these mails are originating from the machine itself.

I have another machine on the same network that is internet-facing and
also receives similar messages.

I don't know how to track down the source of these mails, and I wonder
if somehow my machine has picked up some sort of virus.

I wonder if anyone has any idea about how to track this down?

Thanks!

   Julian

Re: Per User Anti-spam Quarantine Reporting/Management

[Henning Follmann]

On Thu, Sep 16, 2021 at 08:08:43AM -0400, Tanstaafl wrote:
> Ok, a question about anti-spam software...
> 
> My new server will be a multi-domain MX gateway/anti-spam system running
> postfix with postscreen enabled, and Amavisd-New+SpamAssassin (unless
> someone has a better suggestion).
> 
> Since it has been a looong time - are there any better options for an
> anti-spam solution than just amavisd-new+spamassassin?
> 
> I'm specifically interested in adding some kind of per user anti-spam
> quarantine+management+reporting capabilities (as opposed to just
> tag+deliver), if possible.

Well on a gateway, that is actually the only reasonable thing to do:
tag and deliver / not deliver

That's it (mostly).

A while ago I experimented with milter.
But be prepared to spend some serious development/testing time.
So, /I/ never came up with a stable workable solution.


if you also do lmtp, that is where you could setup some kind of
per user logic.
I run dovecot and I use sieve to file tagged emails into a spam
folder of each user.
That seems the easiest/most stable way.

[...]

> 
> Thanks for any suggestions anyone might have...
> 
> -- 
> 
> Charles
>

-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Per User Anti-spam Quarantine Reporting/Management

[Tanstaafl]

Ok, a question about anti-spam software...

My new server will be a multi-domain MX gateway/anti-spam system running
postfix with postscreen enabled, and Amavisd-New+SpamAssassin (unless
someone has a better suggestion).

Since it has been a looong time - are there any better options for an
anti-spam solution than just amavisd-new+spamassassin?

I'm specifically interested in adding some kind of per user anti-spam
quarantine+management+reporting capabilities (as opposed to just
tag+deliver), if possible.

Searching online reveals Maia Mailguard, but it seems to be not well
maintained - most importantly, it apparently doesn't work with modern
versions of PHP.

Also, I saw a reference to something called 'SAQ', a 'SpamAssassin
Quarantine system', but it seems to have gone bye bye.

One option is ASSP, which I experimented with a very, very long time
ago, but I never implemented it because I really, really don't want one
big perl script as my primary front line gateway defense.

I may see if I can set up ASSP to just be an after the fact spam filter
rather than the gateway, if the per user Reporting/Quarantine management
will still work properly.

Thanks for any suggestions anyone might have...

-- 

Charles

Re: debian-user list info and guidelines: spam

[Andrei POPESCU]

On Lu, 25 ian 21, 15:29:11, John Kaufmann wrote:
> On 2021-01-25 14:23, Andrei POPESCU wrote:
> > On Lu, 25 ian 21, 11:11:44, John Kaufmann wrote:
> > > On 2021-01-25 08:11, Greg Wooledge wrote:
> > > > On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:
> > > > > > In the last seven days we've seen bounces for the following list:
> > > > > > * debian-user
> > > > > > 1 bounce out of  mails in one day (%, kick-score is 80%)
> > > > > 
> > > > > First: How common is this occurrence for others?
> > > > 
> > > > It is common enough that it belongs in a FAQ.
> > > 
> > > Ah, you mean this:
> > > > On 2021-01-23 14:24, Andrew M.A. Cater wrote:
> > > > > There is a comprehensive FAQ on the Debian Wiki which is in need of
> > > > > updating. https://wiki.debian.org/FAQsFromDebianUser
> > > 
> > > Despite the implicit invitation to all ;-) I'm not qualified to update 
> > > that FAQ. Who is?
> > 
> > Sigh.  The point of a wiki is to be kept up to date by *anyone* who
> > can provide a contribution (including spell checking!).
> 
> You are right, of course. I did not mean to suggest a reluctance in 
> principle, but a reluctance in domain expertise. (As mentioned, I 
> don't even know what measures the debian lists use against spam.) 
> Thanks; I will consider.

A link to the Listmaster's FAQ would be a good start ;)

More details on how the filtering is done probably belong there as well, 
and the debian-user FAQ should just link to that. Similar for everything 
that might be applicable for (many) other Debian lists.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: debian-user list info and guidelines: spam

[The Wanderer]

On 2021-01-25 at 08:57, Andy Smith wrote:

> Hi John,
> 
> On Mon, Jan 25, 2021 at 08:16:38AM -0500, John Kaufmann wrote:
>> nb.net no longer run their own MTA (maybe for just this reason?), 
>> farming it out to userservices.net. As a result they increasingly 
>> unresponsive to complaints. I have not figured out my next step.
> 
> As mentioned, I do self-host my own email but when friends and family
> ask for a solution I like to point them at fastmail.com.
> 
> I've no association with fastmail.com, I just find them pleasant to 
> deal with when helping people.

I am (as you can see from my E-mail address) a Fastmail customer, from
before they switched to the .com domain as their primary if not default
address location.

I have had zero complaints about them over the years. I'd have to dig
pretty deep into my archives to find out just how long it has been since
I switched - but at one point when my family changed ISPs and I had to
migrate all my subscriptions (etc.) to a new address, I decided I didn't
want to ever have to do that again, and Fastmail (even at some of its
cheaper tiers) looked like everything I was looking for.

I've rarely had occasion to communicate with them for customer service,
but in every case that I recall I've gotten a response from an actual
human, albeit not always promptly.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 14:23, Andrei POPESCU wrote:

On Lu, 25 ian 21, 11:11:44, John Kaufmann wrote:

On 2021-01-25 08:11, Greg Wooledge wrote:

On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:

In the last seven days we've seen bounces for the following list:
* debian-user
1 bounce out of  mails in one day (%, kick-score is 80%)


First: How common is this occurrence for others?


It is common enough that it belongs in a FAQ.


Ah, you mean this:

On 2021-01-23 14:24, Andrew M.A. Cater wrote:

There is a comprehensive FAQ on the Debian Wiki which is in need of
updating. https://wiki.debian.org/FAQsFromDebianUser


Despite the implicit invitation to all ;-) I'm not qualified to update that 
FAQ. Who is?


Sigh.  The point of a wiki is to be kept up to date by *anyone* who
can provide a contribution (including spell checking!).


You are right, of course. I did not mean to suggest a reluctance in principle, 
but a reluctance in domain expertise. (As mentioned, I don't even know what 
measures the debian lists use against spam.) Thanks; I will consider.

Kind regards,
John

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 14:57, to...@tuxteam.de wrote:

On Mon, Jan 25, 2021 at 11:39:14AM -0500, John Kaufmann wrote:

On 2021-01-25 08:56, to...@tuxteam.de wrote:

...
Look, I don't fear spam as much as provider's greed. ... IMO the best
anti-spam measures are a good MUA and a knowledgeable user.


Could not agree more. Thanks,
John

Re: debian-user list info and guidelines: spam

[tomas]

On Mon, Jan 25, 2021 at 11:39:14AM -0500, John Kaufmann wrote:
> On 2021-01-25 08:56, to...@tuxteam.de wrote:
> >...
> >Sometimes I get the impression that some economic actors hate mail
> >because it can't be fenced-off as easily as the "social" silos and
> >are doing their best to kill it.
> >
> >A pity that pgp/gpg hasn't caught on better.
> 
> That comment led me to wonder about what contribution pgp/gpg might make to 
> fighting spam. That led to pgp.mit.edu/faq.html, which has this ...

...although I didn't mean to imply that. OTOH, such shenanigans
as Brian reports (the mail provider changing mail's content in
transit -- hamfisted much? What else do they do?) would be cut
short by that.

> >Q: I think spammers got my email address from the PGP keyserver. What can I 
> >do?
> >A: Yes, there have been reports of spammers harvesting addresses from PGP 
> >keyservers. Unfortunately, there is not much that either we or you can do 
> >about this. Our best suggestion is you take advantage of any spam filtering 
> >technology offered by your ISP.
> 
> ... which of course brings us back to what triggered this thread. Now, I 
> suspect IAC that addresses harvested from a PGP server would be unprofitable 
> for a spammer, but do you have something operational in mind?

Look, I don't fear spam as much as provider's greed. FWIW, I run my
own mail server and have next to no spam filtering measures (whenever
some source becomes annoying, I quench that one directly) and the
amount of spam I receive is mildly annoying, at most.

IMO the best anti-spam measures are a good MUA and a knowledgeable
user.

Cheers
 - t


signature.asc
Description: Digital signature

Re: debian-user list info and guidelines: spam

[Andrei POPESCU]

On Lu, 25 ian 21, 11:11:44, John Kaufmann wrote:
> On 2021-01-25 08:11, Greg Wooledge wrote:
> > On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:
> > > > In the last seven days we've seen bounces for the following list:
> > > > * debian-user
> > > > 1 bounce out of  mails in one day (%, kick-score is 80%)
> > > 
> > > First: How common is this occurrence for others?
> > 
> > It is common enough that it belongs in a FAQ.
> 
> Ah, you mean this:
> > On 2021-01-23 14:24, Andrew M.A. Cater wrote:
> > > There is a comprehensive FAQ on the Debian Wiki which is in need of
> > > updating. https://wiki.debian.org/FAQsFromDebianUser
> 
> Despite the implicit invitation to all ;-) I'm not qualified to update that 
> FAQ. Who is?

Sigh.

The point of a wiki is to be kept up to date by *anyone* who can provide 
a contribution (including spell checking!).

Changes are monitored by other contributors and changes can be reverted 
quite easily (if really necessary).

If despite all this you are still reluctant to touch it please do feel 
free to post proposed changes to the list. If nobody objects within a 
few days proceed with the edits.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: debian-user list info and guidelines: spam

[Pierre Frenkiel]

On Mon, 25 Jan 2021, Andy Smith wrote:


 to point them at fastmail.com.

I've no association with fastmail.com, I just find them pleasant to
deal with when helping people.


  an other solution is "getmail", available as a debian package,
  and also, I suppose, with other distribs.
  I'm using it since several years, and is very happy with the way it works.
  It puts the incoming mail in a directory, and it's then easy to
  run a filter script, to remove spams.

best regards,
--
Pierre Frenkiel

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 08:56, to...@tuxteam.de wrote:

...
Sometimes I get the impression that some economic actors hate mail
because it can't be fenced-off as easily as the "social" silos and
are doing their best to kill it.

A pity that pgp/gpg hasn't caught on better.


That comment led me to wonder about what contribution pgp/gpg might make to 
fighting spam. That led to pgp.mit.edu/faq.html, which has this ...


Q: I think spammers got my email address from the PGP keyserver. What can I do?
A: Yes, there have been reports of spammers harvesting addresses from PGP 
keyservers. Unfortunately, there is not much that either we or you can do about 
this. Our best suggestion is you take advantage of any spam filtering 
technology offered by your ISP.


... which of course brings us back to what triggered this thread. Now, I 
suspect IAC that addresses harvested from a PGP server would be unprofitable 
for a spammer, but do you have something operational in mind?

Kind regards,
John

Re: debian-user list info and guidelines: spam

[brainfart]

On 2021-01-25 07:56 AM, to...@tuxteam.de wrote:


A pity that pgp/gpg hasn't caught on better.


fud - fear uncertainty and doubt
if you use encryption you'll attract the attention of the man

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 08:11, Greg Wooledge wrote:

On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:

In the last seven days we've seen bounces for the following list:
* debian-user
1 bounce out of  mails in one day (%, kick-score is 80%)


First: How common is this occurrence for others?


It is common enough that it belongs in a FAQ.


Ah, you mean this:

On 2021-01-23 14:24, Andrew M.A. Cater wrote:
There is a comprehensive FAQ on the Debian Wiki which is in need of updating. 
https://wiki.debian.org/FAQsFromDebianUser


Despite the implicit invitation to all ;-) I'm not qualified to update that 
FAQ. Who is?

Some subscribers are using corporate (or even non-corporate) email 
systems that have aggressive filtering. ... For the record, as of

today, the email that I receive at this address undergoes no fewer
than *four* types of modifications before I see it ...

... And those are just the modifications that I know about, for the
messages I actually see.  ...


That's depressing; it suggests that, for all the attention it attracts, the 
problem is getting worse, not better.

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 02:36, Andy Smith wrote:

On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:

... The best practice when dealing with a piece of mail that has been
identified as so spammy that you don't want to receive it is not to
file it away in a spam folder, but to reject it at SMTP time.

... At least with an SMTP-time reject, the sending system knows that
the mail has not been safely sent. If it is a human sender than they
can take appropriate action if a mistake has been made.

Unfortunately Debian's listserv doesn't like it when you do this...
[so I] abandon the SMTP reject best practice policy for mails from
Debian lists.

You don't have that option, because you don't run your MTA. But the
people who run your MTA are doing the right thing by rejecting email
that they consider too spammy. So although it may be worth asking if
there's anything they can do, it's likely they won't want to do
anything differently there.


I cannot currently post to the SOGo list because their spam
filter (UCEPROTECT) claims that my ISP currently hosts 6
spammers. In response, they block all mail from that ISP (called
UCEPROTECT Level2 protection). Again, getting my ISP to care
about this is an ongoing challenge.


Now this one is different. UCEPROTECT doesn't have a good reputation
amongst DNSBLs. They routinely list entire providers for a small
number of incidents and they require a payment to be removed.


Ah. That may have something to do with my MTA provider's lack of interest in 
dealing with UCEPROTECT.

I would call it extremely unwise to outright block email for 
UCEPROTECT level 2 listing. ... They will be rejecting a lot of

legitimate email...  All you can do is try to persuade them to stop
using UCEPROTECT though.


Which can be hard to do if they won't accept my mail. ;-)

Thanks,
John

Re: debian-user list info and guidelines: spam

[Gene Heskett]

On Monday 25 January 2021 08:56:04 to...@tuxteam.de wrote:

> On Mon, Jan 25, 2021 at 08:29:54AM -0500, Greg Wooledge wrote:
> > On Mon, Jan 25, 2021 at 02:17:34PM +0100, to...@tuxteam.de wrote:
> > > Are those modifications added by the Debian mailing list? That'd
> > > be strange, because I don't see them...
> >
> > No.  They're done on the receiving end.  I'm just letting you know
> > that there's some horrible shit out here in the real world.
>
> Definitely =:-o
>
> Sometimes I get the impression that some economic actors hate mail
> because it can't be fenced-off as easily as the "social" silos and
> are doing their best to kill it.
>
> A pity that pgp/gpg hasn't caught on better.

A lack of implementation instructions presented as a sales pitch is to 
blame there. That, and today, finding a copy that doesn't have the NSA 
back door that got Phil out of prison can be a chore.

> Cheers
>  - t


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: debian-user list info and guidelines: spam

[Gene Heskett]

On Monday 25 January 2021 08:29:54 Greg Wooledge wrote:

> On Mon, Jan 25, 2021 at 02:17:34PM +0100, to...@tuxteam.de wrote:
> > Are those modifications added by the Debian mailing list? That'd be
> > strange, because I don't see them...
>
> No.  They're done on the receiving end.  I'm just letting you know
> that there's some horrible shit out here in the real world.

I agree. I get them too, and I think in the last several years I've only 
found one legit email in the whole lot. So I dump the bounce msgs 
to /dev/null by hand.

What we really need is a utility like the little Amazon box that blocks 
phone numbers from a war dialer so nicely. I answer the phone here with 
a finger near the big red button, and I'll say go or hello twice in 3 
secs, if no human is on the line by then, its a war dialer looking for 
its human to sell me something, so the button gets pushed.  Never hear 
from that number again. Something that looks at the messages header and 
auto-composes a procmail recipe to kill it forever.  I'd install that in 
front of kmail in a heartbeat. I've had it about a year, the blocked 
counter is nearly 100.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: debian-user list info and guidelines: spam

[Greg Wooledge]

On Mon, Jan 25, 2021 at 02:56:04PM +0100, to...@tuxteam.de wrote:
> Sometimes I get the impression that some economic actors hate mail
> because it can't be fenced-off as easily as the "social" silos and
> are doing their best to kill it.

That may be true, but it's not the reasoning behind the changes at
my site.

The primary driving force behind the changes I've been experiencing is
a desire to protect the institute/enterprise from cyberattacks -- in
particular, ones like these:

https://www.beckershospitalreview.com/cybersecurity/the-5-most-significant-cyberattacks-in-healthcare-for-2020.html

(I can send URLs out -- I just can't see them when they come back in.
Not even my own.)

As near as I can determine, the short term goal that our IT department
is striving to reach is "no end user will ever receive anything through
email that could compromise the network", which means no unfiltered URLs
that could be clicked on, no attachments that can be executed, etc.
Doesn't matter that the end user is reading email in mutt in a Linux
terminal.  Our IT department is all Microsoft people anyway, and I'm
not sure they even understand what a terminal *is*.

They've also totally blocked access to gmail.com and other large email
sites, so users can't receive malware through that vector -- for those
users who are still working on campus, anyway.

In the long term, they're trying to get to a point where *all* Internet
traffic is under their complete control and supervision.

Don't be surprised if I unsubscribe from this list with this email
address in the near future.  I may have to.

Re: debian-user list info and guidelines: spam

[Andy Smith]

Hi John,

On Mon, Jan 25, 2021 at 08:16:38AM -0500, John Kaufmann wrote:
> nb.net no longer run their own MTA (maybe for just this reason?),
> farming it out to userservices.net. As a result they increasingly
> unresponsive to complaints. I have not figured out my next step.

As mentioned, I do self-host my own email but when friends and
family ask for a solution I like to point them at fastmail.com.

I've no association with fastmail.com, I just find them pleasant to
deal with when helping people.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: debian-user list info and guidelines: spam

[tomas]

On Mon, Jan 25, 2021 at 08:29:54AM -0500, Greg Wooledge wrote:
> On Mon, Jan 25, 2021 at 02:17:34PM +0100, to...@tuxteam.de wrote:
> > Are those modifications added by the Debian mailing list? That'd be
> > strange, because I don't see them...
> 
> No.  They're done on the receiving end.  I'm just letting you know that
> there's some horrible shit out here in the real world.

Definitely =:-o

Sometimes I get the impression that some economic actors hate mail
because it can't be fenced-off as easily as the "social" silos and
are doing their best to kill it.

A pity that pgp/gpg hasn't caught on better.

Cheers
 - t


signature.asc
Description: Digital signature

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 04:24, Joe wrote:

On Mon, 25 Jan 2021 08:55:53 +0200 Andrei POPESCU wrote:

On Lu, 25 ian 21, 01:03:07, John Kaufmann wrote:

...
Is there an intelligent way to manage when spam control efforts
break the system they want to protect? Do the debian lists attempt
to control spam by blocking specific users, domains or ISPs?


I've never found content-based anti-spam methods to be reliable. For a
time, I tried spamassassin, but I found I was spending a lot of time
tweaking it, and a week later would need to do it again. I decided that
spammers evolve faster than I care to try to deal with.

I do segregate some emails that cannot possibly be anything other than
spam but do not reject them, and send myself a daily email listing the
very few that were rejected that were actually sent to a real user on
my domains. I do get the occasional incorrect rejection, but no more
than half a dozen a year, which I can normally put right the next day.


Thanks for that perspective and summary of your practice,
John

Re: debian-user list info and guidelines: spam

[Greg Wooledge]

On Mon, Jan 25, 2021 at 02:17:34PM +0100, to...@tuxteam.de wrote:
> Are those modifications added by the Debian mailing list? That'd be
> strange, because I don't see them...

No.  They're done on the receiving end.  I'm just letting you know that
there's some horrible shit out here in the real world.

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 04:05, to...@tuxteam.de wrote:

On Mon, Jan 25, 2021 at 08:55:53AM +0200, Andrei POPESCU wrote:

On Lu, 25 ian 21, 01:03:07, John Kaufmann wrote:



[...] and can never get my ISP to care about this.


We can at least pester them about it. If enough of us do, eventually
they will have no choice but to listen, especially in case of paying
customers.


Very much this. Things only change if enough people care. Pestering
is /always/ The Right Thing to Do(TM).


Yes. I'm sympathetic to Doing the Right Thing(TM), but Time is a Scarce 
Commodity(TM) drained by unanswered emails and unreturned phone calls.

King regards,
John

Re: debian-user list info and guidelines: spam

[tomas]

On Mon, Jan 25, 2021 at 08:11:51AM -0500, Greg Wooledge wrote:
> On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:
> > > In the last seven days we've seen bounces for the following list:
> > > * debian-user
> > >   1 bounce out of  mails in one day (%, kick-score is 80%)
> > 
> > First: How common is this occurrence for others?
> 
> It is common enough that it belongs in a FAQ.
> 
> Some subscribers are using corporate (or even non-corporate) email
> systems that have aggressive filtering.  Some legitimate debian-user
> email may be caught by these filters and either rejected outright during
> SMTP, or delayed pending review.  If it's rejected during SMTP, that'll
> certainly trigger the "we've seen bounces" message.

I've seen that (not very often) either because my mail server is
down or because I fat-fingered some configuration.

> For the record, as of today, the email that I receive at this address
> undergoes no fewer than *four* types of modifications before I see it:
> 
> 1) The Subject: line is altered.
> 2) A two-line disclaimer is inserted at the top of the body.  (One very
>long line of text, because *obviously* all those Netiquette guides
>are wrong, and one blank line.)
> 3) All URLs, fully qualified domain names, IP addresses, or any other
>content that looks like one of the above to a dumb regex, get
>replaced by mimecast URLs.
> 4) All attachments that look like they might contain executable code
>are removed.  This includes shell scripts, perl scripts, etc.

Are those modifications added by the Debian mailing list? That'd be
strange, because I don't see them...

Cheers
 - t


signature.asc
Description: Digital signature

Re: debian-user list info and guidelines: spam

[John Kaufmann]

On 2021-01-25 01:55, Andrei POPESCU wrote:

On Lu, 25 ian 21, 01:03:07, John Kaufmann wrote:
...

... the background info links ... explain the origin
of the problem in spam control, and why bouncing list mail is not
nice, and what can and should be done about spam. I'm sympathetic to
the problem, but don't run my own mail server [I suspect many on this
list do so, and thus are closer to spam issues], and can never get my
ISP to care about this.


We can at least pester them about it. If enough of us do, eventually
they will have no choice but to listen, especially in case of paying
customers.


I avoid "free" mail services because I prefer not to be the commodity, so have 
been a paying customer (nb.net) forever. But nb.net no longer run their own MTA (maybe 
for just this reason?), farming it out to userservices.net. As a result they increasingly 
unresponsive to complaints. I have not figured out my next step.


...


Is there an intelligent way to manage when spam control efforts break
the system they want to protect? Do the debian lists attempt to
control spam by blocking specific users, domains or ISPs?


Start here:
https://wiki.debian.org/Teams/ListMaster/FAQ


Yes, that is where I started, but it does not address what measures the debian 
lists use to control spam. This thread was the next step toward mitigating the 
problem on my end. Thanks for your reply.

Kind regards,
John

Re: debian-user list info and guidelines: spam

[Greg Wooledge]

On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:
> > In the last seven days we've seen bounces for the following list:
> > * debian-user
> > 1 bounce out of  mails in one day (%, kick-score is 80%)
> 
> First: How common is this occurrence for others?

It is common enough that it belongs in a FAQ.

Some subscribers are using corporate (or even non-corporate) email
systems that have aggressive filtering.  Some legitimate debian-user
email may be caught by these filters and either rejected outright during
SMTP, or delayed pending review.  If it's rejected during SMTP, that'll
certainly trigger the "we've seen bounces" message.

For the record, as of today, the email that I receive at this address
undergoes no fewer than *four* types of modifications before I see it:

1) The Subject: line is altered.
2) A two-line disclaimer is inserted at the top of the body.  (One very
   long line of text, because *obviously* all those Netiquette guides
   are wrong, and one blank line.)
3) All URLs, fully qualified domain names, IP addresses, or any other
   content that looks like one of the above to a dumb regex, get
   replaced by mimecast URLs.
4) All attachments that look like they might contain executable code
   are removed.  This includes shell scripts, perl scripts, etc.

And those are just the modifications that I know about, for the messages
I actually see.  Some messages get held until I click an incredibly
long URL, which means I have to bounce the email to my Outlook account,
so I can see it in a web browser.  Even then, the email system warns
me that it still might choose not to deliver the message that I have
"released", because it will still be subject to further scrutiny first.

And yes, I do see those "we've seen bounces" emails.

Re: debian-user list info and guidelines: spam

[Richard Owlett]

On 01/25/2021 12:03 AM, John Kaufmann wrote:

On 2021-01-23 14:24, Andrew M.A. Cater wrote:
debian-user is a mailing list provided for support for Debian 
users,and to facilitate discussion on relevant topics.

...
There is a comprehensive FAQ on the Debian Wiki which is in need of 
updating.

https://wiki.debian.org/FAQsFromDebianUser


Your post provides a hook to ask about a question that arises 
sporadically: Probably less than one a month I receive from Debian 
Listmaster Team  a message 
"lists.debian.org has received bounces from you". Invariably it reads:

In the last seven days we've seen bounces for the following list:
* debian-user
1 bounce out of  mails in one day (%, kick-score is 80%)


First: How common is this occurrence for others?



I see about the same frequency. It is typically only a single message.
When I click on the link to the problem email I easily identify it as 
spam. I don't know if automatic filtering of posts to various Debian 
lists would be feasible.

Re: debian-user list info and guidelines: spam

[Joe]

On Mon, 25 Jan 2021 08:55:53 +0200
Andrei POPESCU  wrote:

> On Lu, 25 ian 21, 01:03:07, John Kaufmann wrote:
 
> > > In the last seven days we've seen bounces for the following list:
> > > * debian-user
> > >   1 bounce out of  mails in one day (%, kick-score
> > > is 80%)  
> > 
> > First: How common is this occurrence for others?  
> 
> Depends on the provider. I receive list mail to a GMX account and it 
> does happen from time to time.
>  
> > Even when it happens, it will obviously never rise to the
> > kick-score,   
> 
> It could happen quickly with a misconfigured e-mail server / spam 
> filter, which is why the warning is being sent out.
> 

Or with a mail server that's down for a while, or where the Internet
connection is down, and in my case at least, when Debian's DNS servers
do not respond in a reasonable time.

> > so it's functionally forgettable. But the post itself is
> > educational, particularly with the background info links, which
> > explain the origin of the problem in spam control, and why bouncing
> > list mail is not nice, and what can and should be done about spam.
> > I'm sympathetic to the problem, but don't run my own mail server [I
> > suspect many on this list do so, and thus are closer to spam
> > issues], and can never get my ISP to care about this.  

I run my own mail server, which does *not* reject SMTP transactions
based on content, it looks for respectability. It never rejects Debian
email, whether spam or not.
> 
> We can at least pester them about it. If enough of us do, eventually 
> they will have no choice but to listen, especially in case of paying 
> customers.

I have a client who uses BT as his ISP, and therefore must use
Microsoft as his email provider. It is not possible to affect their
spam policy in any way, or even to turn it off. 


> > 
> > Is there an intelligent way to manage when spam control efforts
> > break the system they want to protect? Do the debian lists attempt
> > to control spam by blocking specific users, domains or ISPs?  

I've never found content-based anti-spam methods to be reliable. For a
time, I tried spamassassin, but I found I was spending a lot of time
tweaking it, and a week later would need to do it again. I decided that
spammers evolve faster than I care to try to deal with.

I do segregate some emails that cannot possibly be anything other than
spam but do not reject them, and send myself a daily email listing the
very few that were rejected that were actually sent to a real user on
my domains. I do get the occasional incorrect rejection, but no more
than half a dozen a year, which I can normally put right the next day.

-- 
Joe

Re: debian-user list info and guidelines: spam

[tomas]

On Mon, Jan 25, 2021 at 08:55:53AM +0200, Andrei POPESCU wrote:
> On Lu, 25 ian 21, 01:03:07, John Kaufmann wrote:

> > [...]and can never get my 
> > ISP to care about this.
> 
> We can at least pester them about it. If enough of us do, eventually 
> they will have no choice but to listen, especially in case of paying 
> customers.

Very much this. Things only change if enough people care. Pestering
is /always/ The Right Thing to Do(TM).

Cheers
 - t


signature.asc
Description: Digital signature

Re: debian-user list info and guidelines: spam

[Andy Smith]

Hi John,

On Mon, Jan 25, 2021 at 01:03:07AM -0500, John Kaufmann wrote:
> Your post provides a hook to ask about a question that arises sporadically: 
> Probably less than one a month I receive from Debian Listmaster Team 
>  a message "lists.debian.org has received 
> bounces from you". Invariably it reads:
> >In the last seven days we've seen bounces for the following list:
> >* debian-user
> > 1 bounce out of  mails in one day (%, kick-score is 80%)
> 
> First: How common is this occurrence for others?

Probably around the same frequency as you until I set my mail server
to never reject spammy mails from Debian lists but instead silently
discard them.

The thing is, this is about spam. The best practice when dealing
with a piece of mail that has been identified as so spammy that you
don't want to receive it is not to file it away in a spam folder,
but to reject it at SMTP time.

If it were directed to a spam folder then the sender believe it has
been delivered but the user may not look at it ever. At least with
an SMTP-time reject, the sending system knows that the mail has not
been safely sent. If it is a human sender than they can take
appropriate action if a mistake has been made.

Unfortunately Debian's listserv doesn't like it when you do this and
will eventually unsubscribe you because it sees so many errors with
the (spam) emails it tries to send you. At least as you say the
threshold is quite high and it would be very unlikely to send 80%
rejectable spam in one day, but I still found it annoying enough to
abandon the SMTP reject best practice policy for mails from Debian
lists.

You don't have that option, because you don't run your MTA. But the
people who run your MTA are doing the right thing by rejecting email
that they consider too spammy. So although it may be worth asking if
there's anything they can do, it's likely they won't want to do
anything differently there.

>   I cannot currently post to the SOGo list because their spam
>   filter (UCEPROTECT) claims that my ISP currently hosts 6
>   spammers. In response, they block all mail from that ISP (called
>   UCEPROTECT Level2 protection). Again, getting my ISP to care
>   about this is an ongoing challenge.

Now this one is different. UCEPROTECT doesn't have a good reputation
amongst DNSBLs. They routinely list entire providers for a small
number of incidents and they require a payment to be removed.

I would call it extremely unwise to outright block email for
UCEPROTECT level 2 listing. I personally would not even score on
that. They will be rejecting a lot of legitimate email, not just
yours.

All you can do is try to persuade them to stop using UCEPROTECT
though.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting