Re: [SPAM] Visibility on tune.ssl.cachesize

[Baptiste]

On Mon, Dec 7, 2015 at 11:55 AM, Olivier Doucet  wrote:
>
>
> 2015-12-04 8:19 GMT+01:00 Baptiste :
>>
>> Hi Olivier,
>>
>> It's a LRU cache, so I guess the size isn't really important. It will
>> be full after some time.
>> What you may want to care is the cache miss value reported by a "show
>> stat" CLI command.
>
>
> You meant "show info" ? So these fields :
>
> SslRate: 241
> SslRateLimit: 0
> MaxSslRate: 480
> SslFrontendKeyRate: 91
> SslFrontendMaxKeyRate: 233
> SslFrontendSessionReuse_pct: 62
> SslBackendKeyRate: 0
> SslBackendMaxKeyRate: 0
> SslCacheLookups: 12395011
> SslCacheMisses: 2429965
>
>
>
> Olivier


Yes, you're right.

Baptiste

Re: [SPAM] Visibility on tune.ssl.cachesize

[Olivier Doucet]

2015-12-04 8:19 GMT+01:00 Baptiste :

> Hi Olivier,
>
> It's a LRU cache, so I guess the size isn't really important. It will
> be full after some time.
> What you may want to care is the cache miss value reported by a "show
> stat" CLI command.
>

You meant "show info" ? So these fields :

SslRate: 241
SslRateLimit: 0
MaxSslRate: 480
SslFrontendKeyRate: 91
SslFrontendMaxKeyRate: 233
SslFrontendSessionReuse_pct: 62
SslBackendKeyRate: 0
SslBackendMaxKeyRate: 0
SslCacheLookups: 12395011
SslCacheMisses: 2429965



Olivier

Re: [SPAM] Visibility on tune.ssl.cachesize

[Olivier Doucet]

Hello Cyril,


2015-12-04 9:32 GMT+01:00 Cyril Bonté :

> Hi Olivier,
>
> OT : do you have the hand on the ajeux.com DNS entries ? Can you provide
> a (valid) SPF record so that your mails won't be detected as spam anymore.
> I guess you may have some troubles outside of the mailing list too.
>
> Spam system on this mailing list is using barracudacentral, that
misclassified my website ajeux.com ; should have been fixed a few days ago.
Should be OK now.

Olivier

Re: [SPAM] Visibility on tune.ssl.cachesize

[Cyril Bonté]

Hi Olivier,

OT : do you have the hand on the ajeux.com DNS entries ? Can you provide 
a (valid) SPF record so that your mails won't be detected as spam 
anymore. I guess you may have some troubles outside of the mailing list too.



Le 04/12/2015 08:19, Baptiste a écrit :

On Wed, Dec 2, 2015 at 3:14 PM, Olivier Doucet  wrote:

Hello all,

I see parameter tune.ssl.cachesize with default value of 2

But today, I have no idea how much of this cache I'm actually using, and I
fail to find any information about it. Is there a way to know how much of it
I'm using ?


Olivier



Hi Olivier,

It's a LRU cache, so I guess the size isn't really important. It will
be full after some time.
What you may want to care is the cache miss value reported by a "show
stat" CLI command.

Baptiste




--
Cyril Bonté

Re: [SPAM] Visibility on tune.ssl.cachesize

[Baptiste]

On Wed, Dec 2, 2015 at 3:14 PM, Olivier Doucet  wrote:
> Hello all,
>
> I see parameter tune.ssl.cachesize with default value of 2
>
> But today, I have no idea how much of this cache I'm actually using, and I
> fail to find any information about it. Is there a way to know how much of it
> I'm using ?
>
>
> Olivier
>

Hi Olivier,

It's a LRU cache, so I guess the size isn't really important. It will
be full after some time.
What you may want to care is the cache miss value reported by a "show
stat" CLI command.

Baptiste

Re: [SPAM] Re: Architecture guide reworked

[bjun...@gmail.com]

2015-12-02 17:31 GMT+01:00 Olivier Doucet :

>
>
> 2015-12-02 17:25 GMT+01:00 Olivier Doucet :
>
>>
>> 2015-12-02 15:44 GMT+01:00 Michel Blanc :
>>
>>> Very good idea.
>>>
>>> Do you plan creating a git repo somewhere so people can contribute
>>> and/or create issues ?
>>>
>>> You might be interested in https://www.gitbook.com/ or
>>> https://readthedocs.org for the automated builds and the various output
>>> formats they provide.
>>>
>>
>> I intend to create the guide with text format that works so well for the
>> original documentation. I will also use haproxy-dconv project to test html
>> version.
>>
>> I think I'll create a repo on github to start the rewrite (will be easier
>> for contribs) but when rewrite is over this guide will of course get back
>> into haproxy project.
>>
>>
>> I did not know gitbook or readthedocs. Any other opinion on this ?
>>
>
>  Hi again,
>
> So gitbook format is specific (using Github markdown format) if I
> understand correctly. I'm not sure having a different format from other doc
> file in HAProxy is a good ideay ...
>
>
>
>
Hi Oliver,

very good proposal and i would like to contribute also.

I would like to see a chapter on healthchecks:

  - simple HTTP healthchecks
  - check specific applications (linux, via xinetd script)
  - check specific applications (windows, via powershell + simple webserver
(HttpListener))
  - tcp healtchecks (cleartext protocols)
  - tcp healtchecks (binary protocols)
  - how do you “chain” healthchecks  or create healtcheck dependencies


--
Best Regards,

Bjoern

Re: [SPAM] Architecture guide reworked

[Olivier Doucet]

Hi,


2015-11-29 10:30 GMT+01:00 Aleksandar Lazic :

> Dear Olivier
>
> Am 27-11-2015 17:18, schrieb Olivier:
>
>> Hello everyone !
>>
>> I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like all
>> toolbox, to use it at 100%, you need good examples.
>> HAProxy blog is a great start. There are some code snippets in
>> documentation too. But a long time ago (in a galaxy not so far away),
>> there was a dedicated guide on this matter, that has been forgotten :
>> The architecture guide. Yes, here:
>> http://www.haproxy.org/download/1.3/doc/architecture.txt
>>
>> It gives many examples that are great to start with, but :
>> - it was written 10 years ago !
>> - absolutely not up to date (regarding keep-alive for example)
>> - real word has changed since
>> - it is not compatible with HTML doc
>>
>
> Full ack.
>
> With 1.6 now out, it is now time to rewrite this guide from scratch. The
>> first features I could think of are:
>> - having general details on how a good config should be organized (I was
>> personnaly confused by backend, frontend, listen, bind ...)
>> - examples compatible with latest version, with workarounds if not
>> backward compatible)
>> - keep good ol' txt format, but make it HTML compatible, so that tools
>> like haproxy-dconv can make it readable (and nice)
>> - avoid paraphrasing the official doc. We really want to focus on real
>> world examples that can be applied immediately and easily, and point to
>> the documentation on keywords.
>>
>> I volunteer to provide a generic plan, and I'm sure many people around
>> will be glad to provide some really good examples. We all have different
>> experiences of HAProxy and different use, so we really want to show that
>> many things are possible (and sometimes, there are different ways to
>> solve one problem too. It can be great to show this with pros and cons
>> for each !).
>>
>> To avoid any long and non-productive discussion, here is my plan to
>> success :
>> * let's agree on a very generic plan
>> * then, use one mailing-list thread for each part. People that feel at
>> ease with one part can help without being burried through dozens of
>> emails
>>
>
> Sounds good.
>
> Here is draft 0.1 :
>>
>> 1) Introduction
>> a) Introduction on HAProxy config file
>>how it is organized (sections)
>>99% backward compatible through 1.x branch
>> b) How to check a config file
>>focus on check mode, how to read warnings, ...
>> c) Efficient reloading of HAProxy (hot reload)
>>
>> 2) Simple HTTP load balancing
>> a) Simple HTTP Load balancing
>>round robin
>>cookies
>>source balancing
>>
> b) session stickiness
>   .) L4
>   .) L? (ssl which layer is SSL?!)
>   .) L7
>   .)  with peers
>
> 3) Adding High-Availability
>> a) With keepalived
>> b) wih another L4 load balancer (Alteon ?)
>> c) other implementations ?
>>
> d) distributed ssl load example
>
> 4) HTTPS examples
>> a) Generic HTTP/HTTPS config
>>
> b) Secure recommendations (pfs, ecc, ...)
>
>
>> 5) Load balancing other protocols
>> a) Generic TCP protocols
>> b) Exchange load balancing real world example
>>
>> 6) Security hardening
>> a) chroot
>> b) protecting stats block
>>
> c) conatinering (docker, ...)
>
> 7) DDOS fighting
>> a) Level 4 limits
>> b) Level 7 limits
>>
>> 8) Using HAProxy command line
>> maintenance mode, manipulating backends, ssl-related commands ...
>>
>> 9) Multi-site load-balancing with local pref
>> (see example in current architecture.txt)
>>
>> 10) Advanced tuning
>> a) client-side
>> b) server-side
>> c) OS tuning
>> d) Hardware tuning
>>
>> All constructive comments are of course welcome. I'm aware this is quite
>> a large task, but I'm sure it can be done :)
>>
>
> Cheers
> aleks
>

Thanks for your feedback. I also want to focus on how to write a config
file with nbproc > 1 and points to focus on. I'll see where I can put this
in my plan.

Do you have any more feedback ? Anyone ? I'll have some time to start
working on it tomorrow, so if you want to share your point of view, now is
the time.

Olivier

Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

[Willy Tarreau]

On Mon, Nov 30, 2015 at 04:20:15PM -0800, Bryan Talbot wrote:
> On Mon, Nov 30, 2015 at 3:32 PM, Olivier Doucet  wrote:
> 
> > Hello,
> >
> > I'm digging out this thread, because having multiple certificate for one
> > single domain (SNI) but with different key types (RSA/ECDSA) can really be
> > a great functionality. Is there some progress ? How can we help ?
> >
> 
> 
> I'd love to see better support for multiple certificate key types for the
> same SNI too.
> 
> That said, it is possible to serve both EC and RSA keyed certificates using
> haproxy 1.6 now. See
> http://blog.haproxy.com/2015/07/15/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/
> for details. It's not exactly pretty but it does seem to work.

Sure, it was an efficient solution : simple to implement and reliable.
But now we clearly need to finish the work that was started a few months
ago on the subject.

> > A subsidiary question is : how much ECDSA certificates are supported ? So
> > if I use a single ECDSA certificate, how many people wont be able to see my
> > content ?
> >
> >
> >
> They're pretty well supported by modern clients. Exactly what that means is
> a bit fuzzy though: see
> https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_and_ECDHE_support for
> additional details.
> 
> If your clients are all "modern" browsers and mobile devices, you're
> probably good. If there are old clients, or other systems calling an API
> there can be issues especially if they are using Java <= 7.

I recently stumbled on a site (which I forgot) which reported that about 75%
of their visitors support ECDSA. So in short, if we can divide the CPU usage
by 20 for 75% of the visitors, that's roughly a 3.5x performance improvement
to be expected, that would be nice!

Regards,
Willy

Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

[Bryan Talbot]

On Mon, Nov 30, 2015 at 3:32 PM, Olivier Doucet  wrote:

> Hello,
>
> I'm digging out this thread, because having multiple certificate for one
> single domain (SNI) but with different key types (RSA/ECDSA) can really be
> a great functionality. Is there some progress ? How can we help ?
>


I'd love to see better support for multiple certificate key types for the
same SNI too.

That said, it is possible to serve both EC and RSA keyed certificates using
haproxy 1.6 now. See
http://blog.haproxy.com/2015/07/15/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/
for details. It's not exactly pretty but it does seem to work.




>
> A subsidiary question is : how much ECDSA certificates are supported ? So
> if I use a single ECDSA certificate, how many people wont be able to see my
> content ?
>
>
>
They're pretty well supported by modern clients. Exactly what that means is
a bit fuzzy though: see
https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_and_ECDHE_support for
additional details.

If your clients are all "modern" browsers and mobile devices, you're
probably good. If there are old clients, or other systems calling an API
there can be issues especially if they are using Java <= 7.

I've also discovered that Amazon CloudFront doesn't support EC certificates
at all. Can't use them in CloudFront distributions and CloudFront won't
connect to an Origin that uses them.

-Bryan

Re: [SPAM] Architecture guide reworked

[Aleksandar Lazic]

Dear Olivier

Am 27-11-2015 17:18, schrieb Olivier:

Hello everyone !

I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like 
all

toolbox, to use it at 100%, you need good examples.
HAProxy blog is a great start. There are some code snippets in
documentation too. But a long time ago (in a galaxy not so far away),
there was a dedicated guide on this matter, that has been forgotten :
The architecture guide. Yes, here:
http://www.haproxy.org/download/1.3/doc/architecture.txt

It gives many examples that are great to start with, but :
- it was written 10 years ago !
- absolutely not up to date (regarding keep-alive for example)
- real word has changed since
- it is not compatible with HTML doc


Full ack.

With 1.6 now out, it is now time to rewrite this guide from scratch. 
The

first features I could think of are:
- having general details on how a good config should be organized (I 
was

personnaly confused by backend, frontend, listen, bind ...)
- examples compatible with latest version, with workarounds if not
backward compatible)
- keep good ol' txt format, but make it HTML compatible, so that tools
like haproxy-dconv can make it readable (and nice)
- avoid paraphrasing the official doc. We really want to focus on real
world examples that can be applied immediately and easily, and point to
the documentation on keywords.

I volunteer to provide a generic plan, and I'm sure many people around
will be glad to provide some really good examples. We all have 
different
experiences of HAProxy and different use, so we really want to show 
that

many things are possible (and sometimes, there are different ways to
solve one problem too. It can be great to show this with pros and cons
for each !).

To avoid any long and non-productive discussion, here is my plan to
success :
* let's agree on a very generic plan
* then, use one mailing-list thread for each part. People that feel at
ease with one part can help without being burried through dozens of
emails


Sounds good.


Here is draft 0.1 :

1) Introduction
a) Introduction on HAProxy config file
   how it is organized (sections)
   99% backward compatible through 1.x branch
b) How to check a config file
   focus on check mode, how to read warnings, ...
c) Efficient reloading of HAProxy (hot reload)

2) Simple HTTP load balancing
a) Simple HTTP Load balancing
   round robin
   cookies
   source balancing

b) session stickiness
  .) L4
  .) L? (ssl which layer is SSL?!)
  .) L7
  .)  with peers


3) Adding High-Availability
a) With keepalived
b) wih another L4 load balancer (Alteon ?)
c) other implementations ?

d) distributed ssl load example


4) HTTPS examples
a) Generic HTTP/HTTPS config

b) Secure recommendations (pfs, ecc, ...)



5) Load balancing other protocols
a) Generic TCP protocols
b) Exchange load balancing real world example

6) Security hardening
a) chroot
b) protecting stats block

c) conatinering (docker, ...)


7) DDOS fighting
a) Level 4 limits
b) Level 7 limits

8) Using HAProxy command line
maintenance mode, manipulating backends, ssl-related commands ...

9) Multi-site load-balancing with local pref
(see example in current architecture.txt)

10) Advanced tuning
a) client-side
b) server-side
c) OS tuning
d) Hardware tuning

All constructive comments are of course welcome. I'm aware this is 
quite

a large task, but I'm sure it can be done :)


Cheers
aleks

RE: [SPAM] Re: CPU 100% when waiting for the client timeout

[Lukas Tribus]

> I think the right way to upgrade kernel with ubuntu, is: 
> 
> apt-get update && apt-get dist-upgrade

Exactly, apt may hold back kernel upgrades otherwise.


Lukas

  

Re: [SPAM] Re: Build failure of 1.6 and openssl 0.9.8

[Willy Tarreau]

Hi Marcus,

On Thu, Oct 22, 2015 at 12:14:53PM +0200, Marcus Rueckert wrote:
> On 2015-10-22 09:44:05 +0200, Willy Tarreau wrote:
> > On Thu, Oct 22, 2015 at 10:40:45AM +0300, Dmitry Sivachenko wrote:
> > > 1.6.1 still does not build with OpenSSL < 1.0:
> > > 
> > > src/ssl_sock.o: In function `ssl_sock_do_create_cert':
> > > ssl_sock.c:(.text+0x295b): undefined reference to 
> > > `EVP_PKEY_get_default_digest_nid'
> > > Makefile:760: recipe for target 'haproxy' failed
> > > 
> > > So is it intended behavior?
> > 
> > It's neither intended nor not intended, it's just that I was waiting for
> > Marcus' confirmation that the patch fixed the issue for him, and forgot
> > about this patch while waiting for a response. Can you confirm on your
> > side that the patch fixes the issue for you ? If so I'm willing to merge
> > the fix immediately. I prefer to be careful because on my side openssl
> > 0.9.8 doesn't break so I want to be sure that there isn't a second level
> > of breakage after this one.
> 
> 1. actually send a confirmation that it builds for me with the patch
>from Christopher Faulet.

I'm sorry, I just found your mail and your previous reply in my spambox.
Too bad I missed them before the release :-(

Thanks for having responded quickly!

Willy

Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

[Emeric Brun]

On 08/21/2015 08:08 PM, Emeric Brun wrote:
> Hey Dave,
> 
>>> the SNI tree a certificate regardless the CN/SAN. It's dirty i know, but
>>> some people use it.
>>>
>>> You will also notice, reading 'ssl_sock_process_crt_file' that if we use
>>> sni_filter (so filter in crt-list), a new ssl_ctx is always allocated and
>>> stored. But if no filter is set on the "crt-list" line,
>>> you will use SAN/CN to potentially complete an existing one. We reach an
>>> unpredictable behavior depending of the line order in crt-list.
>>
>> Correct me if I¹m wrong, but sni_filter is only applied to the crtfile
>> specified before the filter? So in the case, crt-list files without a user
>> supplied SNI will be treated as ordinary crt files.
>>
>> In the current model, these are added as SNI entries in the tree. But
>> these entries won¹t ever be used if there is another SNI entry that was
>> loaded before. So even though they are added to the tree, they wouldn¹t
>> ever be used? The behavior should remain consistent with what¹s there
>> today. Or am I mis-interpeting the code?
>>
>> -Dave 
>>
> 
> The issue is due to filters, I think the best is to write examples:
> 
> crt.list:
> (*.foo-bar.com RSA).pem *.foo-bar.com !foo-bar.foo-bar.com
> (foo-bar.foo-bar.com RSA).pem
> (foo-bar.foo-bar.com DSA).pem
> 
> 
> You will complete (*.foo-bar.com RSA) SSL_CTX's using the 
> (foo-bar.foo-bar.com DSA). Because first line register the certificate in 
> tree (with the flag "neg").
> 
> An user connecting with SNI dummy.foo-bar.com will potentially retrieve 
> (foo-bar.foo-bar.com DSA).pem as a certificate.
> 
> I think you can fix it looping on entries of same name and ignore those 
> flagged 'neg' in the tree.
> 
> 
> There is other cases:
> 
> (*.foo-bar.com RSA).pem
> (*.foo-bar.com DSA).pem *.foo-bar.com
> 
> Will always serve only the RSA.pem, because the second has a filter and in 
> your code it will not complete the first
> 
> Whereas
> (*.foo-bar.com RSA).pem *.foo-bar.com
> (*.foo-bar.com DSA).pem
> 
> Will serve both RSA and DSA, because the second will complete the first 
> regardless if the first was created with or without filter.
> 
> But if you fix it, adding a lookup based on the filter to complete existing 
> cert we will reach new inconsistencies
> 
> (*.foo-bar.com RSA).pem
> (*.foo-bar.com DSA).pem *.foo-bar.com !foo-bar.foo-bar.com
> 
> With that i expect to have both RSA/DSA available if dummy.foo-bar.com, but 
> always RSA for foo-bar.foo-bar.com.
> 
> It doesn't appear trivial to handle and i express a real doubt: Is the SNI 
> tree and CN/SAN the right way to complete SSL_CTX with different 
> certificates/keys?
> 
> If we're able to load the differents key/cert from the same pem file, we will 
> no have those inconsistencies.
> 
> Or we could use additionnal extensions as we do for .ocsp and .issuers.
> 
> R,
> Emeric
> 
> 
> 
Hi All,

This stupid anti-spam flagged my last mail as a spam because f o o b a r.

R,
Emeric

 
 

Re: [SPAM] segfault in src/buffer.c

[Marc-Antoine]

I forgot lua file content :

# cat mylua.lua 
-- a simple mirror web server
-- it generates a response whose body contains the requests headers
function mirror(txn)
local buffer = ""
local response = ""
local mydate = txn.sc:http_date(txn.f:date())

buffer = buffer .. "You sent the following headers\r\n"
buffer = buffer .. "===\r\n"
buffer = buffer .. txn.req:dup()
buffer = buffer .. "===\r\n"

response = response .. "HTTP/1.0 200 OK\r\n"
response = response .. "Server: haproxy-lua/mirror\r\n"
response = response .. "Content-Type: text/html\r\n"
response = response .. "Date: " .. mydate .. "\r\n"
response = response .. "Content-Length: " .. buffer:len() .. "\r\n"
response = response .. "Connection: close\r\n"
response = response .. "\r\n"
response = response .. buffer

txn.res:send(response)
txn:close()
end

On Wed, 12 Aug 2015 18:57:50 +0200,
Marc-Antoine  wrote :

> Hi,
> 
> i try to test lua in haproxy and i got segfault while doing curl request :
> 
> # curl http://127.0.0.1 -H "X-debug-me: yes"
> curl: (52) Empty reply from server
> 
> ---
> 
> # gdb ./haproxy
> GNU gdb (GDB) 7.4.1-debian
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> For bug reporting instructions, please see:
> ...
> Reading symbols from /root/haproxy/haproxy...done.
> (gdb) run -f /etc/haproxy/haproxy.cfg -db
> Starting program: /root/haproxy/haproxy -f /etc/haproxy/haproxy.cfg -db
> 
> Program received signal SIGSEGV, Segmentation fault.
> __memmove_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:2976
> 2976../sysdeps/x86_64/multiarch/memcpy-ssse3.S: Aucun fichier ou dossier 
> de ce type.
> (gdb) bt 
> #0  __memmove_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:2976
> #1  0x004130a9 in buffer_insert_line2 (b=0x7e53b0, pos=0x7e541c 
> "\r\n", str=0x782850 "", len=20) at src/buffer.c:126
> #2  0x00468c99 in http_header_add_tail2 (msg=0x7cd5a0, 
> hdr_idx=0x7cd540, text=0x782850 "", len=20) at src/proto_http.c:507
> #3  0x00472ebb in http_process_request (s=0x7cd1e0, req=0x7cd1f0, 
> an_bit=512) at src/proto_http.c:4596
> #4  0x004b7202 in process_stream (t=0x7d4cb0) at src/stream.c:1741
> #5  0x004196c4 in process_runnable_tasks () at src/task.c:238
> #6  0x0040c148 in run_poll_loop () at src/haproxy.c:1515
> #7  0x0040cca2 in main (argc=4, argv=0x7fffe6f8) at 
> src/haproxy.c:1874
> 
> ---
> 
> # ./haproxy -vv
> HA-Proxy version 1.6-dev3-03d0e4-59 2015/08/11
> Copyright 2000-2015 Willy Tarreau 
> 
> Build options :
>   TARGET  = linux2628
>   CPU = generic
>   CC  = gcc
>   CFLAGS  = -O0
>   OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
> 
> Default settings :
>   maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
> 
> Encrypted password support via crypt(3): yes
> Built with zlib version : 1.2.7
> Compression algorithms supported : identity("identity"), deflate("deflate"), 
> raw-deflate("deflate"), gzip("gzip")
> Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
> Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports prefer-server-ciphers : yes
> Built with PCRE version : 8.30 2012-02-04
> PCRE library supports JIT : no (USE_PCRE_JIT not set)
> Built with Lua version : Lua 5.3.1
> Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
> IP_FREEBIND
> 
> Available polling systems :
>   epoll : pref=300,  test result OK
>poll : pref=200,  test result OK
>  select : pref=150,  test result OK
> Total: 3 (3 usable), will use epoll.
> 
> ---
> 
> global
> log /dev/loglocal0
> chroot /var/lib/haproxy
> stats socket /run/haproxy/admin.sock mode 660 level admin
> stats timeout 30s
> user haproxy
> group haproxy
> daemon
> nbproc 1
> 
> # Default SSL material locations
> ca-base /etc/ssl/certs
> crt-base /etc/ssl/private
> 
> # Default ciphers to use on SSL-enabled listening sockets.
> # For more information, see ciphers(1SSL).
> ssl-default-bind-ciphers 
> kEECDH+aECDSA+AES:kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
> ssl-default-bind-options no-sslv3
> 
> lua-load /root/haproxy/mylua.lua
> 
> defaults
> log global
> mode

RE: [SPAM] HAProxy soft server turnoff issues

[Lukas Tribus]

Hi Alexander,


> Hello! 
> 
> My name is Alexander and I am writing on behalf of OWOX company, that 
> supports the most visited Ecommerce website in Ukraine 
> (rozetka.com.ua). 
> 
> We are using haproxy as a well-performance server to balance load 
> between our database servers. We are using several DB-servers, and 
> sometimes we need to softly turn off one of them for maintenance. In 
> case, when technical problems occur (like extreme CPU usage or 
> something) while high load hour, we need to prevent application errors 
> and turn off our server from HAProxy softly. It means, we want to 
> complete previously sent requests over haproxy to this server and get 
> response from it, but we don't want to send new requests. 
> 
> I could not find this case in documentation you provide, and did not 
> find a way to do that through the configuration. 

You can set the server mode to "DRAIN" from the admin socket, that
should achieve exactly what you want:

set server / state [ ready | drain | maint ]
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2-set%20server



Regards,

Lukas

  

Re: Spam

[Hoggins!]

Oh great ! I was not aware that this list was also a nest for personal
attacks.
Thank you.

Le 24/06/2015 16:03, Willy Tarreau a écrit :
> On Tue, Jun 23, 2015 at 02:40:51PM +0200, Hoggins! wrote:
>> Ha ha ! We could also imagine an anti-sarcasm filter.
> Not needed.
>
>> Anyway, that still does not explain why such discussions on spam
>> problems do not occur on other mailman MLs.
> Maybe you've been living under a rock for the last 20 years, but spam
> is quite common as soon as you have an e-mail address that anyone knows.
>
>> I get a lot of spam from
>> this ML, and *none* from others, even with a high volume of ham messages.
> Probably because you quickly unsubscribe from lists which send you some
> spam and you end up being subscribed only to the ones who do aggressive
> filtering to the point that even useful messages get dropped ? Or people
> posting from various origins regularly getting blocked due to political
> RBLs or DNSBLs being used... Before switching to the anti-spam, it took
> more time to deal with abnormal blocking than with spam. So no thanks.
>
> Or maybe you only subscribe to closed lists which, like sects, only accept
> subscribers and reject any external contribution, and are insulting to
> whoever is put in CC. Not to mention the fact that someone using multiple
> addresses can only post from one or receive the same messages multiple
> times.
>
> The list is open, the archives are available, and the spam amount is low,
> even if the ratio is quite high due to the low traffic of the list. If
> that causes any trouble, you don't need to be subscribed, you can simply
> unsusbcribe and post whenever you want without being subscribed.
>
> We're not trying to set a record on the number of subscribers so nobody
> will feel offended by you unsubscribing.
>
> However I'd just make a comment : posting to a list with a nickname such
> as "Hoggins!" and an address which doesn't look serious, rather impolite
> like "fucks...@wheres5.com" is not the best way to receive consideration
> for your posts.
>
> Regards,
> Willy
>
>




signature.asc
Description: OpenPGP digital signature

Re: Spam

[Willy Tarreau]

On Tue, Jun 23, 2015 at 05:43:46PM +0100, Kobus Bensch wrote:
> I don't get any. None. Nada. Zilch. 

We actually *do* forward a bit of spam which is not caught by
the filter, but nothing people can't cope with, and quite often
the last-mile anti-spam can easily catch them while letting the
recipient check in the spam box from time to time when they fear
something would get abusively blocked. Everyone can decide how
to deal with spam that way and I think that's the best balance
between excessive blocking and excessive relax.

Willy

Re: Spam

[Willy Tarreau]

On Tue, Jun 23, 2015 at 02:40:51PM +0200, Hoggins! wrote:
> Ha ha ! We could also imagine an anti-sarcasm filter.

Not needed.

> Anyway, that still does not explain why such discussions on spam
> problems do not occur on other mailman MLs.

Maybe you've been living under a rock for the last 20 years, but spam
is quite common as soon as you have an e-mail address that anyone knows.

> I get a lot of spam from
> this ML, and *none* from others, even with a high volume of ham messages.

Probably because you quickly unsubscribe from lists which send you some
spam and you end up being subscribed only to the ones who do aggressive
filtering to the point that even useful messages get dropped ? Or people
posting from various origins regularly getting blocked due to political
RBLs or DNSBLs being used... Before switching to the anti-spam, it took
more time to deal with abnormal blocking than with spam. So no thanks.

Or maybe you only subscribe to closed lists which, like sects, only accept
subscribers and reject any external contribution, and are insulting to
whoever is put in CC. Not to mention the fact that someone using multiple
addresses can only post from one or receive the same messages multiple
times.

The list is open, the archives are available, and the spam amount is low,
even if the ratio is quite high due to the low traffic of the list. If
that causes any trouble, you don't need to be subscribed, you can simply
unsusbcribe and post whenever you want without being subscribed.

We're not trying to set a record on the number of subscribers so nobody
will feel offended by you unsubscribing.

However I'd just make a comment : posting to a list with a nickname such
as "Hoggins!" and an address which doesn't look serious, rather impolite
like "fucks...@wheres5.com" is not the best way to receive consideration
for your posts.

Regards,
Willy

Re: Spam

[Kobus Bensch]

I don't get any. None. Nada. Zilch. 

Sent from my HTC

- Reply message -
From: "Hoggins!" 
To: 
Subject: Spam
Date: Tue, Jun 23, 2015 10:32

Hello everyone,

What surprises me the most is that I'm a subscriber for lots of other
mailing-lists, and that's the only one that has a significant amount of
spam.
On my opinion, the problem is not the antispam filter, it's the right to
communicate on that mailing-list. How come a mail such as
3207947...@qq.com is allowed to post things about those damn LED bulbs ?
Isn't there a simple way to avoid such noise by just having a whitelist
of posters ?

Hoggins!

Le 22/06/2015 17:53, Willy Tarreau a écrit :
> On Fri, Jun 19, 2015 at 01:37:59PM +0200, Pavlos Parissis wrote:
>>
>> On 19/06/2015 11:08 , Andrei Marinescu wrote:
>>> Same here, only 1-2 messages per week, and generally correctly tagged as
>>> [SPAM]. Way less than the last discussion on this topic produced J
>>>
>>>  
>>>
>> +1
>>
>> This has been discussed before and Willy expressed the reasons why there
>> isn't any smap filter in the ML.
>>
>> Personally, I am fine with the current setup as gmail does very good job
>> for filtering spam mails for me.
> There *is* a spam filter now, it simply tags SPAM what it finds as such,
> and does not delete anything (which is fortunate since we've had one or
> two false positives already). The recent "leds" spams are passing through
> it for now, let's hope they'll be detected soon.
>
> Willy
>
>
-- 


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.

For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: Spam

[Vincent Bernat]

 ❦ 23 juin 2015 11:32 +0200, "Hoggins!"  :

> On my opinion, the problem is not the antispam filter, it's the right to
> communicate on that mailing-list. How come a mail such as
> 3207947...@qq.com is allowed to post things about those damn LED bulbs ?
> Isn't there a simple way to avoid such noise by just having a whitelist
> of posters ?

As explained earlier, this mailing list accepts post from anyone to
ensure that non-regular contributors can send a patch without having to
subscribe. That's also a common pattern. The mailing lists for the Linux
kernel have the same policy.
-- 
Program defensively.
- The Elements of Programming Style (Kernighan & Plauger)

Re: Spam

[Hoggins!]

Ha ha ! We could also imagine an anti-sarcasm filter.

Anyway, that still does not explain why such discussions on spam
problems do not occur on other mailman MLs. I get a lot of spam from
this ML, and *none* from others, even with a high volume of ham messages.

Hoggins!

Le 23/06/2015 14:37, William Lewis a écrit :
> As someone that reads the content on this list very regularly, I see next to 
> no
> spam because gmail spam filters in the most part work really well.
> Actually someone coming along avery few months and whining about spam is
> far more annoying and spammy. Perhaps Willy should add a rule to blacklist
> anyone from posting who can’t just get on cope with the fact mailing lists 
> are 
> always going to have spam.
>
>> > On 23 Jun 2015, at 10:32, Hoggins!  wrote:
>> > 
>> > Hello everyone,
>> > 
>> > What surprises me the most is that I'm a subscriber for lots of other
>> > mailing-lists, and that's the only one that has a significant amount of
>> > spam.
>> > On my opinion, the problem is not the antispam filter, it's the right to
>> > communicate on that mailing-list. How come a mail such as
>> > 3207947...@qq.com is allowed to post things about those damn LED bulbs ?
>> > Isn't there a simple way to avoid such noise by just having a whitelist
>> > of posters ?
>> > 
>> > Hoggins!




signature.asc
Description: OpenPGP digital signature

Re: Spam

[William Lewis]

As someone that reads the content on this list very regularly, I see next to no
spam because gmail spam filters in the most part work really well.
Actually someone coming along avery few months and whining about spam is
far more annoying and spammy. Perhaps Willy should add a rule to blacklist
anyone from posting who can’t just get on cope with the fact mailing lists are 
always going to have spam.

> On 23 Jun 2015, at 10:32, Hoggins!  wrote:
> 
> Hello everyone,
> 
> What surprises me the most is that I'm a subscriber for lots of other
> mailing-lists, and that's the only one that has a significant amount of
> spam.
> On my opinion, the problem is not the antispam filter, it's the right to
> communicate on that mailing-list. How come a mail such as
> 3207947...@qq.com is allowed to post things about those damn LED bulbs ?
> Isn't there a simple way to avoid such noise by just having a whitelist
> of posters ?
> 
> Hoggins!
> 
> Le 22/06/2015 17:53, Willy Tarreau a écrit :
>> On Fri, Jun 19, 2015 at 01:37:59PM +0200, Pavlos Parissis wrote:
>>> 
>>> On 19/06/2015 11:08 , Andrei Marinescu wrote:
 Same here, only 1-2 messages per week, and generally correctly tagged as
 [SPAM]. Way less than the last discussion on this topic produced J
 
 
 
>>> +1
>>> 
>>> This has been discussed before and Willy expressed the reasons why there
>>> isn't any smap filter in the ML.
>>> 
>>> Personally, I am fine with the current setup as gmail does very good job
>>> for filtering spam mails for me.
>> There *is* a spam filter now, it simply tags SPAM what it finds as such,
>> and does not delete anything (which is fortunate since we've had one or
>> two false positives already). The recent "leds" spams are passing through
>> it for now, let's hope they'll be detected soon.
>> 
>> Willy
>> 
>> 
> 
> 

Re: Spam

[Hoggins!]

Hello everyone,

What surprises me the most is that I'm a subscriber for lots of other
mailing-lists, and that's the only one that has a significant amount of
spam.
On my opinion, the problem is not the antispam filter, it's the right to
communicate on that mailing-list. How come a mail such as
3207947...@qq.com is allowed to post things about those damn LED bulbs ?
Isn't there a simple way to avoid such noise by just having a whitelist
of posters ?

Hoggins!

Le 22/06/2015 17:53, Willy Tarreau a écrit :
> On Fri, Jun 19, 2015 at 01:37:59PM +0200, Pavlos Parissis wrote:
>>
>> On 19/06/2015 11:08 , Andrei Marinescu wrote:
>>> Same here, only 1-2 messages per week, and generally correctly tagged as
>>> [SPAM]. Way less than the last discussion on this topic produced J
>>>
>>>  
>>>
>> +1
>>
>> This has been discussed before and Willy expressed the reasons why there
>> isn't any smap filter in the ML.
>>
>> Personally, I am fine with the current setup as gmail does very good job
>> for filtering spam mails for me.
> There *is* a spam filter now, it simply tags SPAM what it finds as such,
> and does not delete anything (which is fortunate since we've had one or
> two false positives already). The recent "leds" spams are passing through
> it for now, let's hope they'll be detected soon.
>
> Willy
>
>




signature.asc
Description: OpenPGP digital signature

Re: Spam

[Willy Tarreau]

On Fri, Jun 19, 2015 at 01:37:59PM +0200, Pavlos Parissis wrote:
> 
> 
> On 19/06/2015 11:08 , Andrei Marinescu wrote:
> > Same here, only 1-2 messages per week, and generally correctly tagged as
> > [SPAM]. Way less than the last discussion on this topic produced J
> > 
> >  
> >
> 
> +1
> 
> This has been discussed before and Willy expressed the reasons why there
> isn't any smap filter in the ML.
> 
> Personally, I am fine with the current setup as gmail does very good job
> for filtering spam mails for me.

There *is* a spam filter now, it simply tags SPAM what it finds as such,
and does not delete anything (which is fortunate since we've had one or
two false positives already). The recent "leds" spams are passing through
it for now, let's hope they'll be detected soon.

Willy

Re: Spam

[Pavlos Parissis]

On 19/06/2015 11:08 πμ, Andrei Marinescu wrote:
> Same here, only 1-2 messages per week, and generally correctly tagged as
> [SPAM]. Way less than the last discussion on this topic produced J
> 
>  
>

+1

This has been discussed before and Willy expressed the reasons why there
isn't any smap filter in the ML.

Personally, I am fine with the current setup as gmail does very good job
for filtering spam mails for me.

My 2cents,
Pavlos




signature.asc
Description: OpenPGP digital signature

Re: Spam

[Martijn Otto]

Well, there are around 20 a day I guess. It depends on the spamfilter
you probably have set up on the mailserver you use to read the haproxy
mailing list.

They are mostly tagged right, but sometimes there is a false positive,
so I don't think it's a good idea to filter them automatically.

On vr, 2015-06-19 at 12:08 +0300, Andrei Marinescu wrote:
> Same here, only 1-2 messages per week, and generally correctly tagged
> as [SPAM]. Way less than the last discussion on this topic produced J
> 
>  
> 
> From: Kobus Bensch [mailto:kobus.ben...@trustpayglobal.com] 
> Sent: vineri, 19 iunie 2015 12:06
> To: haproxy@formilux.org
> Subject: Re: Spam
> 
> 
>  
> 
> I dont get any.
> 
> On 19/06/2015 07:38, Roger Sikorski wrote:
> 
> 
> Hello,
> 
>  
> 
> It is possibly to stop the spam which arrives here in the
> mailing list often?
> 
>  
> 
> Greetings
> 
> Roger
> 
>  
> 
> Roger Sikorski
> 
> 
> Auszubildender Fachinformatiker
> Systemintegration
> 
> 
> R&R Ice Cream Deutschland GmbH 
> 
> 
> Eduard Pestel Str. 15
> 
> 
> 49080 Osnabrück
> 
> 
> 
>
>
>  Fax: +49 541  301 
>
>
>
>  www.rr-icecream.eu
>
>
> roger.sikor...@de.rr-icecream.eu
>
>
> 
>  
> 
> Handelsregister Amtsgericht Osnabrück HRB 17067 Sitz der
> Gesellschaft: Osnabrück Ident Nr. DE 117657534
> Geschäftsführer: Dr. Ibrahim Najafi, Dr. Gotthard Kirchner
> 
> P Before you print think about the ENVIRONMENT 
> 
>  
> 
> 
> 
> 
> This e-mail has been scanned for viruses by R&R Ice Cream.
> The service is powered by MessageLabs.
> 
> 
> 
> 
>  
> 
> -- 
> Kobus Bensch
> Senior Systems Administrator
> Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2
> 7YD
> DDI:  0207 871 3958
> Tel:  0207 871 3890
> Email:  kobus.ben...@trustpayglobal.com
> 
> 
> 
>  
> 
> Trustpay Global Limited is an authorised Electronic Money Institution
> regulated by the Financial Conduct Authority registration number
> 900043. Company No 07427913 Registered in England and Wales with
> registered address 130 Wood Street, London, EC2V 6DL, United Kingdom.
> 
> For further details please visit our website at
> www.trustpayglobal.com.
> 
> The information in this email and any attachments are confidential and
> remain the property of Trustpay Global Ltd unless agreed by contract.
> It is intended solely for the person to whom or the entity to which it
> is addressed. If you are not the intended recipient you may not use,
> disclose, copy, distribute, print or rely on the content of this email
> or its attachments. If this email has been received by you in error
> please advise the sender and delete the email from your system.
> Trustpay Global Ltd does not accept any liability for any personal
> view expressed in this message.
> 
> 

RE: Spam

[Andrei Marinescu]

Same here, only 1-2 messages per week, and generally correctly tagged as
[SPAM]. Way less than the last discussion on this topic produced :)

 

From: Kobus Bensch [mailto:kobus.ben...@trustpayglobal.com] 
Sent: vineri, 19 iunie 2015 12:06
To: haproxy@formilux.org
Subject: Re: Spam

 

I dont get any.

On 19/06/2015 07:38, Roger Sikorski wrote:

Hello,

 

It is possibly to stop the spam which arrives here in the mailing list
often?

 

Greetings

Roger

 



Roger Sikorski


Auszubildender Fachinformatiker Systemintegration


R&R Ice Cream Deutschland GmbH 


Eduard Pestel Str. 15


49080 Osnabrück





 Fax: +49 541  301 



 <http://www.rr-icecream.eu/> www.rr-icecream.eu


roger.sikor...@de.rr-icecream.eu <mailto:roger.sikor...@de.rr-icecream.eu> 

 

Handelsregister Amtsgericht Osnabrück HRB 17067 Sitz der Gesellschaft:
Osnabrück Ident Nr. DE 117657534 Geschäftsführer: Dr. Ibrahim Najafi, Dr.
Gotthard Kirchner

P Before you print think about the ENVIRONMENT 

 



This e-mail has been scanned for viruses by R&R Ice Cream.
The service is powered by MessageLabs.


 

-- 
Kobus Bensch
Senior Systems Administrator
Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2 7YD
DDI:  0207 871 3958
Tel:  0207 871 3890
Email:  kobus.ben...@trustpayglobal.com
<mailto:kobus.ben...@trustpayglobal.com> 


 

Trustpay Global Limited is an authorised Electronic Money Institution
regulated by the Financial Conduct Authority registration number 900043.
Company No 07427913 Registered in England and Wales with registered address
130 Wood Street, London, EC2V 6DL, United Kingdom.

For further details please visit our website at www.trustpayglobal.com
<http://www.trustpayglobal.com> .

The information in this email and any attachments are confidential and
remain the property of Trustpay Global Ltd unless agreed by contract. It is
intended solely for the person to whom or the entity to which it is
addressed. If you are not the intended recipient you may not use, disclose,
copy, distribute, print or rely on the content of this email or its
attachments. If this email has been received by you in error please advise
the sender and delete the email from your system. Trustpay Global Ltd does
not accept any liability for any personal view expressed in this message.

Re: Spam

[Kobus Bensch]

I dont get any.

On 19/06/2015 07:38, Roger Sikorski wrote:


Hello,

It is possibly to stop the spam which arrives here in the mailing list 
often?


Greetings

Roger

*Roger Sikorski*

*Auszubildender Fachinformatiker Systemintegration*

R&R Ice Cream Deutschland GmbH

Eduard Pestel Str. 15

49080 Osnabrück





* Fax: +49 541  301 ***


www.rr-icecream.eu 

roger.sikor...@de.rr-icecream.eu 

Handelsregister Amtsgericht Osnabrück HRB 17067 Sitz der Gesellschaft: 
Osnabrück Ident Nr. DE 117657534 Geschäftsführer: Dr. Ibrahim Najafi, 
Dr. Gotthard Kirchner


P*Before you print*think about the *ENVIRONMENT*



This e-mail has been scanned for viruses by R&R Ice Cream.
The service is powered by MessageLabs.



--
Kobus Bensch Trustpay Global LTD email signature Kobus Bensch
Senior Systems Administrator
Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2 7YD
DDI:  0207 871 3958
Tel:  0207 871 3890
Email: kobus.ben...@trustpayglobal.com 



--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: [SPAM] backup option doesn't seem to work

[Baptiste]

Hi Yves,

The answer is simple.
The client comes with his persistence cookie which is valid.
So HAProxy honors persistance despite the server is a backup one.
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#backup

You can fix it by deletting cookies pointing to servers in backup state.

Baptiste



On Mon, May 18, 2015 at 10:12 AM, Yves Van Wert  wrote:
> Hi Baptiste,
>
> when i made the post to the list we were still running haproxy 1.4. I've
> upgraded yesterday to 1.5 but still notice the same behaviour.
>
> The backend config is :
>
> backend weblogic-tpc
>mode http
>stats enable
>stats auth admin:axihaproxy
>balance roundrobin
>cookie SERVERID insert indirect nocache
>option httpclose
>option forwardfor
>option allbackups
>server igcbiasprd05n 10.130.101.1:9003 check cookie igcbiasprd05n
> weight 15
>server igcbiasprd06n 10.130.101.1:9004 check cookie igcbiasprd06n
> weight 15
>server igcbiasprd07n 10.130.101.1:9005 check cookie igcbiasprd07n
> weight 15
>server igcbiasprd03n 10.130.101.7:9003 check cookie igcbiasprd03n
> weight 10 backup
>server igcbiasprd04n 10.130.101.8:9003 check cookie igcbiasprd04n
> weight 10 backup
>server igcbiasprd01n 10.130.101.5:9003 check cookie igcbiasprd01n
> weight 10 backup
>server igcbiasprd02n 10.130.101.6:9003 check cookie igcbiasprd02n
> weight 10 backup
>
>
> i'll attach a snippet of the logfile.
>
> do you have any idea what could go wrong ?
>
> regards
> Yves
>
>
>
>
> On Wed, May 6, 2015 at 12:04 PM, Baptiste  wrote:
>>
>> On Mon, May 4, 2015 at 5:38 PM, Yves Van Wert  wrote:
>> > Hi list,
>> >
>> > i've created this backend config :
>> >
>> > backend weblogic-tpc
>> >mode http
>> >balance roundrobin
>> >cookie SERVERID insert indirect nocache
>> >option httpclose
>> >option forwardfor
>> >option allbackups
>> >server server01n 10.130.101.5:9003 check cookie server01n weight
>> > 10
>> >server server02n 10.130.101.6:9003 check cookie server02n weight
>> > 10
>> >server server05n 10.130.101.1:9003 check cookie server05n weight
>> > 15
>> >server server06n 10.130.101.1:9004 check cookie server06n weight
>> > 15
>> >server server07n 10.130.101.1:9005 check cookie server07n weight
>> > 15
>> >server server03n 10.130.101.7:9003 check cookie server03n weight
>> > 10
>> > backup
>> >server server04n 10.130.101.8:9003 check cookie server04n weight
>> > 10
>> > backup
>> >
>> >
>> >
>> > after starting haproxy i notice in the logfile that connections are also
>> > being sent to server03 & 04.  Any idea on how this is possible ?
>> >
>> > thanks
>> > Yves
>>
>>
>> Hi Yves,
>>
>> Please share you logs as well :)
>>
>> Baptiste
>
>

Re: [SPAM] backup option doesn't seem to work

[Baptiste]

On Mon, May 4, 2015 at 5:38 PM, Yves Van Wert  wrote:
> Hi list,
>
> i've created this backend config :
>
> backend weblogic-tpc
>mode http
>balance roundrobin
>cookie SERVERID insert indirect nocache
>option httpclose
>option forwardfor
>option allbackups
>server server01n 10.130.101.5:9003 check cookie server01n weight 10
>server server02n 10.130.101.6:9003 check cookie server02n weight 10
>server server05n 10.130.101.1:9003 check cookie server05n weight 15
>server server06n 10.130.101.1:9004 check cookie server06n weight 15
>server server07n 10.130.101.1:9005 check cookie server07n weight 15
>server server03n 10.130.101.7:9003 check cookie server03n weight 10
> backup
>server server04n 10.130.101.8:9003 check cookie server04n weight 10
> backup
>
>
>
> after starting haproxy i notice in the logfile that connections are also
> being sent to server03 & 04.  Any idea on how this is possible ?
>
> thanks
> Yves


Hi Yves,

Please share you logs as well :)

Baptiste

RE: [SPAM] jBoss thread count issue while upgrading from 1.5dev21 to 1.5.11

[Lukas Tribus]

Hi Willy,

>> Put "option http-tunnel" in your default section, this will restore pre 
>> 1.5dev22
>> behavior. Read more about this here:
>> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20http-tunnel
>
> Hmmm no, there's option forceclose, so the two are supposed to close.
> There's something else I guess

Ups, I overlooked that, yes. forceclose is set on the only backend, so this is 
not the problem,
if this is the complete configuration.

In case the configuration is (over-)"simplified" however, there may be some 
services affected
by this anyway.

Nevertheless, more details are required.


Lukas

  

Re: [SPAM] jBoss thread count issue while upgrading from 1.5dev21 to 1.5.11

[Willy Tarreau]

Hi Lukas,

On Mon, Mar 30, 2015 at 02:55:32PM +0200, Lukas Tribus wrote:
> Hi Sarvesh,
> 
> 
> > Dear Team, 
> > 
> > We upgraded my haproxy from 1.5dev21 to 1.5.11 stable version with same 
> > configuration. At the backend, we are using jBoss. 
> > As soon as we upgraded, we encountered serious issue regarding jBoss 
> > thread counts. It has been increased tremendously. 
> > After rollback to 1.5dev21, everything works fine. 
> 
> Put "option http-tunnel" in your default section, this will restore pre 
> 1.5dev22
> behavior. Read more about this here:
> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20http-tunnel

Hmmm no, there's option forceclose, so the two are supposed to close.
There's something else I guess. Some logs, traces or whatever will
definitely be needed I fear.

Regards,
Willy

RE: [SPAM] jBoss thread count issue while upgrading from 1.5dev21 to 1.5.11

[Lukas Tribus]

Hi Sarvesh,


> Dear Team, 
> 
> We upgraded my haproxy from 1.5dev21 to 1.5.11 stable version with same 
> configuration. At the backend, we are using jBoss. 
> As soon as we upgraded, we encountered serious issue regarding jBoss 
> thread counts. It has been increased tremendously. 
> After rollback to 1.5dev21, everything works fine. 

Put "option http-tunnel" in your default section, this will restore pre 1.5dev22
behavior. Read more about this here:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20http-tunnel


Lukas

  

Re: Spam to this list?

[Morgan Aldridge]

On Monday, September 8, 2014, Steven Haigh  wrote:

> On 7/09/2014 9:27 PM, Willy Tarreau wrote:
> > On Sat, Sep 06, 2014 at 01:09:57AM +0200, Willy Tarreau wrote:
> >> FWIW, I've noticed that there is actually *more* spam than what I do
> >> receive, simply because my trivial procmail filters catch about half
> >> of it. I'll see if I find a way to port them to postfix in order to
> >> reduce this amount for everyone to the level I'm seeing on my side.
> >
> > With Benoit's help, we have converted most of these filters and applied
> > them to the list. They don't generate false positives on my side so they
> > should be safe.


Thank you very much for taking the time to discover that we're seeing more
spam than you and for implementing some additional filters!



-- 
Morgan
---
http://makkintosshu.com/
http://seriesparts.com/
http://rikuwoiku.com/
http://unna.org/

Re: Spam to this list?

[Steven Haigh]

On 7/09/2014 9:27 PM, Willy Tarreau wrote:
> On Sat, Sep 06, 2014 at 01:09:57AM +0200, Willy Tarreau wrote:
>> FWIW, I've noticed that there is actually *more* spam than what I do
>> receive, simply because my trivial procmail filters catch about half
>> of it. I'll see if I find a way to port them to postfix in order to
>> reduce this amount for everyone to the level I'm seeing on my side.
> 
> With Benoit's help, we have converted most of these filters and applied
> them to the list. They don't generate false positives on my side so they
> should be safe.

Thank you for making an effort on this.

> Also, please let me post a few numbers. On Friday, the server rejected
> 5495 emails at the connection level, 206 based on a few correctness rules,
> and only delivered 83 to the mailing list, 37 of which were valid, and 10
> of which were valid but caused by someone who intentionally wants to harm
> the list, which leaves 36 spam out of 5737, which is 0.63%. I had to delete
> about 10-20 of them by hand from my box, I don't remember, which indicates
> that the extra filters could catch about half of the remaining ones on
> average, without false positives.

I doubt you can count the 5495 messages - however I would count the 83
and the breakdown of such.

> Personally, I consider that if we kill 99.5% of spam and only let 0.5%
> leak through for the sake of not getting any false positives, it's already
> reasonably good for an open mailing list. I know that some people won't
> share this point of view, but that suits my goals for this list.

I think we disagree here, but I'll let the matter rest.

-- 
Steven Haigh

Email: net...@crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299



signature.asc
Description: OpenPGP digital signature

Re: Spam to this list?

[Willy Tarreau]

On Sat, Sep 06, 2014 at 01:09:57AM +0200, Willy Tarreau wrote:
> FWIW, I've noticed that there is actually *more* spam than what I do
> receive, simply because my trivial procmail filters catch about half
> of it. I'll see if I find a way to port them to postfix in order to
> reduce this amount for everyone to the level I'm seeing on my side.

With Benoit's help, we have converted most of these filters and applied
them to the list. They don't generate false positives on my side so they
should be safe.

Also, please let me post a few numbers. On Friday, the server rejected
5495 emails at the connection level, 206 based on a few correctness rules,
and only delivered 83 to the mailing list, 37 of which were valid, and 10
of which were valid but caused by someone who intentionally wants to harm
the list, which leaves 36 spam out of 5737, which is 0.63%. I had to delete
about 10-20 of them by hand from my box, I don't remember, which indicates
that the extra filters could catch about half of the remaining ones on
average, without false positives.

Personally, I consider that if we kill 99.5% of spam and only let 0.5%
leak through for the sake of not getting any false positives, it's already
reasonably good for an open mailing list. I know that some people won't
share this point of view, but that suits my goals for this list.

Regards,
Willy

Re: Spam to this list?

[Willy Tarreau]

On Fri, Sep 05, 2014 at 08:33:42PM +0200, Vincent Bernat wrote:
>  ???  5 septembre 2014 20:38 +0300, Juho Mäkinen  :
> 
> > Restricting the list to subscribed user (subonlypost) is not a
> > good thing either
> >
> > May I ask why this is not a good thing? I see no valid reason why not
> > subscribed members should be allowed to post. The subscription already
> > checks that the sender email is valid, thus should be a decent way to
> > remove most of the spam with very little configuration and
> > maintenance.
> >
> > I think all my other lists which I've subscribed require that you need
> > to be subscribed so you can post. 
> 
> This can be cumbersome for someone wanting to just ask a question or
> just send a patch. You need to subscribe, send your patch, then
> unsubscribe. This can happen even when you are subscribed but used an
> alternate email address for the patch (for example, your professional
> email).

Exactly, that's what I faced several times on oss-sec when trying to post
from work while I'm subscribed at home, and on postfix where I'm not
subscribed and was simply replying to some e-mails where I was CCed for
review of the proxy protocol implementation. It's quite frustrating to
see your response ignored and people continue to debate over a question
while your response lies in some moderator's queue.

> On the top of my head, the Linux kernel mailing-list (and other related
> mailing-lists) doesn't require subscription.

Indeed. *This* list is not going to be subscribers only because it's the
wrong solution to the spam problem : spam must not prevent people from
communicating normally.

Thanks,
Willy

Re: Spam to this list?

[Willy Tarreau]

On Sat, Sep 06, 2014 at 09:14:48AM +0800, Alexey Zilber wrote:
>Please don't take our issues with the spam personally.

why shouldn't I when people come here and say "hey I'm getting many spam,
please fix this" ? I'm not the one who generates these spam and people ask
me to "simply" filter it, still the solutions they offer are either
incompatible with my skills (I'm not going to develop filters nor scripts
myself to handle emails) or the basic rules I want for this list (open,
not subscribers only), or my available time (eg: moderate e-mails). So yes,
these complains get me nervous when I know that these people are free to
unsubscribe and read the archives or resubscribe when they need.

> Everyone appreciates the list

You're too optimistic IMHO. Like on every list, some people like to be there
to maintain useless out of topic threads.

> and the help it's provided, so keep in mind people are
> just voicing their opinions (and most of us have strong opinions) regarding
> spam.

I too have my opinion regarding spam and I expressed it. I hate spam but it's
part of todays internet, and I got used to even not see it. Just like I don't
complain about dust in the air nor blame all the world for this.

>   Going over the previous threads, imho if you don't have Greylisting,
> maybe that's the way to go?

We used to have some, I have some old memories of disabling it because it
caused some issues to some senders, I don't have all the details in mind.
You know, we're only aware of trouble for senders when they send me the
message which always looks like this : "hey, I tried to send this to the
list but it doesn't show up, is there anything wrong with the list ?".
And each time this happens, it's hours of troubleshooting, discovering
nasty side effects of any filtering method for a very small minority of
people, so we have to find another solution and that takes time.

> While my opinion still stands that the only
> real way to combat this spam is to make it a 'subscribe to post' list;  if
> you're using Greylisting, why not build it so that unsubscribed users have
> a weighted value, so users who post a lot are automatically whitelisted
> (before passing their email through spamassasin or other such spam scanner).

Because 1) I don't know how to do that, and 2) that still means that non-
subscribers suffer from a more aggressive filtering than subscribers which
is not the purpose of this open list.

Willy

Re: Spam to this list?

[Willy Tarreau]

On Sat, Sep 06, 2014 at 10:40:42AM +1000, Steven Haigh wrote:
> On 6/09/2014 9:09 AM, Willy Tarreau wrote:
> >> Ah, but your facts are in the discussion thread. I've seen very few
> >> people supporting the current state of things.
> > 
> > Numbers here aren't on your side :
> > 
> > # cat subscribers.d/*|wc -l
> > 830
> > 
> > 830 persons are currently subscribed to this list, 22 of which have posted
> > in this thread, with some not even sharing your opinion. So that's about 98%
> > which is hardly "very few" by my standards.
> 
> Oh come on. Trying to say that because you don't have 400+ replies
> saying 'put spam filters on' that it doesn't matter is trivial is
> almost I don't even know the word for it

That's not what I'm saying. What I'm saying is that 830 persons are still
subscribed despite this amount of spam so by definition they still support
this. And that is a fact. I urge all people who cannot stand this anymore
to unsubscribe, it will already reduce the noise on this list, because
the time we spend discussing this is not spent addressing the issue.

> > FWIW, I've noticed that there is actually *more* spam than what I do
> > receive, simply because my trivial procmail filters catch about half
> > of it. I'll see if I find a way to port them to postfix in order to
> > reduce this amount for everyone to the level I'm seeing on my side.
> 
> I don't want to try and insult you here - but tools are around to take
> care of these problems

Yes and tools take time as well. Initially this list was offered to help
contributors and developers and with more subscribers it becomes a real
burden to maintain because a few are always unsatisfied. What else can I
say ?

> - and have been done by people much smarter than
> you or I... The sad truth is that spammers exploit things like this
> list... The archives increase their google rankings for spam and make
> things harder for EVERYONE, not just this list.
> 
> > Now please let me remind me something important : this list is provided
> > for free to make it easier for developers and users to exchange together.
> > It's managed on spare time, it's fast and free to subscribe just like it's
> > fast and free to unsubscribe. Some users do indeed subscribe, participate
> > to a thread then unsubscribe. There have been about 3 times more
> > subscriptions than current subscribers, many of which coming back from
> > time to time. So for people for whom this amount of spam is a terrible
> > experience, there are a lot of options. However when you're on the service
> > side of things, options to fight spam *always* come from extra burden 
> > dealing
> > with false positives. So the situation is clearly far from being perfect, 
> > but
> > it used to be reasonably well balanced for 7 years now. Only very recently
> > we started to get subscribed to several lists and probably the address has
> > better circulated to spammers resulting in an increase in the amount of 
> > spam.
> > But I certainly won't spend as much time dealing with anti-spam problems as
> > I already spent in this sterile thread.
> 
> So you've lost at least half your subscriber base, and you can't see a
> problem with this?

No. I don't have a goal of saying "my list is bigger than yours". This list
is there so that people can exchange. Period. It is natural that people
subscribe during the period of a bug report and unsubsribe when they're no
more interested. I'm seeing the unsubscribe messages. Most of them happen
when there is a long thread like this one because these e-mails pass through
their spam filters and they find them boring.

> Sorry, but even including ALL posts in this thread over the past few
> days, the amount of spam STILL outnumbers the amount of content going
> through this list - something that is almost negligent in this day and
> age...

Yes, I confess that I regularly prefer to dedicate 5 hours to sleep each
24h than to assign one hour to try to optimise spam fighting on this list.
This is probably negligent. But I need this time to be able to work on the
product which is the subject of this list. I also know that every time we
play a bit with some options to combat spam, *I* to have to deal with the
people whose mails are eaten. And worst, those whose e-mails are eaten are
the ones who have absolutely no problem with the spam either since they're
filtered on their side.

> So I guess what will it take before something happens? Someone to fork
> the list off to somewhere else and fragment your community?

Could be an idea. It would save me a lot of time, and I would not have
to deal with complains from people whose e-mails are eaten, I'd just have
to redirect them to the new list maintainer and get rid of the issue. And
we'll also see how many people are bothered by the spam level to the point
of making the move to the new list.

Willy

Re: Spam to this list?

[Michael Johnson - MJ]

For those interested, the google group I am mirroring the haproxy mailing
list to can be found at:

https://groups.google.com/forum/#!forum/haproxy-filtered

Since I set this up, there have been 3 messages to the list.  1 was someone
signing the haproxy list up for a a french mailing list and made it through
the filters.  On was a legitimate post which was flagged as spam, and one
was a legitimate post that showed up initially as expected.

This is a very small sample size, but so far indicates the problematic
nature of this sort of filtering that Willy was concerned about.

If you have any interest in moderating this mirrored list, let me know as I
don't plan on doing much moderating myself once I am confident that things
are working correctly.


On Fri, Sep 5, 2014 at 6:46 PM, Michael Johnson - MJ  wrote:

> Oops...
>
> didn't cc the list on this.  fixing...
>
>
> On Fri, Sep 5, 2014 at 6:46 PM, Michael Johnson - MJ  wrote:
>
>> Rather than continue discussing/arguing about this, I've attempted to
>> take action to solve the problem.
>>
>> I've created a googlegroup called haproxy-filtered and attempted to
>> subscribe it to the haproxy mailing list.  All spam is set to be moderated,
>> otherwise it is unmoderated.
>>
>> This message will work as a test to see if I successfully subscribed it
>> to the mailing list.  Assuming it works, if you want permission to moderate
>> the spam, let me know (I probably will not be doing any moderating myself).
>>
>>
>> On Fri, Sep 5, 2014 at 6:14 PM, Alexey Zilber 
>> wrote:
>>
>>> On Sat, Sep 6, 2014 at 7:09 AM, Willy Tarreau  wrote:
>>>
 
 Now please let me remind me something important : this list is provided
 for free to make it easier for developers and users to exchange
 together.
 It's managed on spare time, it's fast and free to subscribe just like
 it's
 fast and free to unsubscribe. Some users do indeed subscribe,
 participate
 to a thread then unsubscribe. There have been about 3 times more
 subscriptions than current subscribers, many of which coming back from
 time to time. So for people for whom this amount of spam is a terrible
 experience, there are a lot of options. However when you're on the
 service
 side of things, options to fight spam *always* come from extra burden
 dealing
 with false positives. So the situation is clearly far from being
 perfect, but
 it used to be reasonably well balanced for 7 years now. Only very
 recently
 we started to get subscribed to several lists and probably the address
 has
 better circulated to spammers resulting in an increase in the amount of
 spam.
 But I certainly won't spend as much time dealing with anti-spam
 problems as
 I already spent in this sterile thread.

 Willy



>>> Willy,
>>>
>>>Please don't take our issues with the spam personally.   Everyone
>>> appreciates the list and the help it's provided, so keep in mind people are
>>> just voicing their opinions (and most of us have strong opinions) regarding
>>> spam.
>>>   Going over the previous threads, imho if you don't have Greylisting,
>>> maybe that's the way to go?  While my opinion still stands that the only
>>> real way to combat this spam is to make it a 'subscribe to post' list;  if
>>> you're using Greylisting, why not build it so that unsubscribed users have
>>> a weighted value, so users who post a lot are automatically whitelisted
>>> (before passing their email through spamassasin or other such spam scanner).
>>>
>>> Thanks Willy!
>>> -Alex
>>>
>>
>>
>>
>> --
>> Michael Johnson - MJ
>>
>
>
>
> --
> Michael Johnson - MJ
>



-- 
Michael Johnson - MJ

Re: Spam to this list?

[Michael Johnson - MJ]

Oops...

didn't cc the list on this.  fixing...


On Fri, Sep 5, 2014 at 6:46 PM, Michael Johnson - MJ  wrote:

> Rather than continue discussing/arguing about this, I've attempted to take
> action to solve the problem.
>
> I've created a googlegroup called haproxy-filtered and attempted to
> subscribe it to the haproxy mailing list.  All spam is set to be moderated,
> otherwise it is unmoderated.
>
> This message will work as a test to see if I successfully subscribed it to
> the mailing list.  Assuming it works, if you want permission to moderate
> the spam, let me know (I probably will not be doing any moderating myself).
>
>
> On Fri, Sep 5, 2014 at 6:14 PM, Alexey Zilber 
> wrote:
>
>> On Sat, Sep 6, 2014 at 7:09 AM, Willy Tarreau  wrote:
>>
>>> 
>>> Now please let me remind me something important : this list is provided
>>> for free to make it easier for developers and users to exchange together.
>>> It's managed on spare time, it's fast and free to subscribe just like
>>> it's
>>> fast and free to unsubscribe. Some users do indeed subscribe, participate
>>> to a thread then unsubscribe. There have been about 3 times more
>>> subscriptions than current subscribers, many of which coming back from
>>> time to time. So for people for whom this amount of spam is a terrible
>>> experience, there are a lot of options. However when you're on the
>>> service
>>> side of things, options to fight spam *always* come from extra burden
>>> dealing
>>> with false positives. So the situation is clearly far from being
>>> perfect, but
>>> it used to be reasonably well balanced for 7 years now. Only very
>>> recently
>>> we started to get subscribed to several lists and probably the address
>>> has
>>> better circulated to spammers resulting in an increase in the amount of
>>> spam.
>>> But I certainly won't spend as much time dealing with anti-spam problems
>>> as
>>> I already spent in this sterile thread.
>>>
>>> Willy
>>>
>>>
>>>
>> Willy,
>>
>>Please don't take our issues with the spam personally.   Everyone
>> appreciates the list and the help it's provided, so keep in mind people are
>> just voicing their opinions (and most of us have strong opinions) regarding
>> spam.
>>   Going over the previous threads, imho if you don't have Greylisting,
>> maybe that's the way to go?  While my opinion still stands that the only
>> real way to combat this spam is to make it a 'subscribe to post' list;  if
>> you're using Greylisting, why not build it so that unsubscribed users have
>> a weighted value, so users who post a lot are automatically whitelisted
>> (before passing their email through spamassasin or other such spam scanner).
>>
>> Thanks Willy!
>> -Alex
>>
>
>
>
> --
> Michael Johnson - MJ
>



-- 
Michael Johnson - MJ

Re: Spam to this list?

[Alexey Zilber]

On Sat, Sep 6, 2014 at 7:09 AM, Willy Tarreau  wrote:

> 
> Now please let me remind me something important : this list is provided
> for free to make it easier for developers and users to exchange together.
> It's managed on spare time, it's fast and free to subscribe just like it's
> fast and free to unsubscribe. Some users do indeed subscribe, participate
> to a thread then unsubscribe. There have been about 3 times more
> subscriptions than current subscribers, many of which coming back from
> time to time. So for people for whom this amount of spam is a terrible
> experience, there are a lot of options. However when you're on the service
> side of things, options to fight spam *always* come from extra burden
> dealing
> with false positives. So the situation is clearly far from being perfect,
> but
> it used to be reasonably well balanced for 7 years now. Only very recently
> we started to get subscribed to several lists and probably the address has
> better circulated to spammers resulting in an increase in the amount of
> spam.
> But I certainly won't spend as much time dealing with anti-spam problems as
> I already spent in this sterile thread.
>
> Willy
>
>
>
Willy,

   Please don't take our issues with the spam personally.   Everyone
appreciates the list and the help it's provided, so keep in mind people are
just voicing their opinions (and most of us have strong opinions) regarding
spam.
  Going over the previous threads, imho if you don't have Greylisting,
maybe that's the way to go?  While my opinion still stands that the only
real way to combat this spam is to make it a 'subscribe to post' list;  if
you're using Greylisting, why not build it so that unsubscribed users have
a weighted value, so users who post a lot are automatically whitelisted
(before passing their email through spamassasin or other such spam scanner).

Thanks Willy!
-Alex

Re: Spam to this list?

[Steven Haigh]

On 6/09/2014 9:09 AM, Willy Tarreau wrote:
> On Fri, Sep 05, 2014 at 04:08:11PM -0400, Patrick Hemmer wrote:
>> *From: *Cyril Bonté 
>> *Sent: * 2014-09-05 15:50:21 EDT
>> *To: *Patrick Hemmer , Willy Tarreau
>> , Ghislain 
>> *CC: *Mark Janssen , david rene comba lareu
>> , Colin Ingarfield ,
>> haproxy@formilux.org 
>> *Subject: *Re: Spam to this list?
>>
>>> Hi,
>>>
>>> Le 05/09/2014 20:39, Patrick Hemmer a écrit :
>>>> Obviously quite a few people care.
>>>> This is your list, and I respect that, but your opinion seems to be the
>>>> minority.
>>>
>>> Without facts, this is as true as if I argue that the majority doesn't
>>> care that much but are more annoyed by the amount of mails containing
>>> the subject "Spam to this list?".
>>>
>>>
>>
>> Ah, but your facts are in the discussion thread. I've seen very few
>> people supporting the current state of things.
> 
> Numbers here aren't on your side :
> 
> # cat subscribers.d/*|wc -l
> 830
> 
> 830 persons are currently subscribed to this list, 22 of which have posted
> in this thread, with some not even sharing your opinion. So that's about 98%
> which is hardly "very few" by my standards.

Oh come on. Trying to say that because you don't have 400+ replies
saying 'put spam filters on' that it doesn't matter is trivial is
almost I don't even know the word for it

> FWIW, I've noticed that there is actually *more* spam than what I do
> receive, simply because my trivial procmail filters catch about half
> of it. I'll see if I find a way to port them to postfix in order to
> reduce this amount for everyone to the level I'm seeing on my side.

I don't want to try and insult you here - but tools are around to take
care of these problems - and have been done by people much smarter than
you or I... The sad truth is that spammers exploit things like this
list... The archives increase their google rankings for spam and make
things harder for EVERYONE, not just this list.

> Now please let me remind me something important : this list is provided
> for free to make it easier for developers and users to exchange together.
> It's managed on spare time, it's fast and free to subscribe just like it's
> fast and free to unsubscribe. Some users do indeed subscribe, participate
> to a thread then unsubscribe. There have been about 3 times more
> subscriptions than current subscribers, many of which coming back from
> time to time. So for people for whom this amount of spam is a terrible
> experience, there are a lot of options. However when you're on the service
> side of things, options to fight spam *always* come from extra burden dealing
> with false positives. So the situation is clearly far from being perfect, but
> it used to be reasonably well balanced for 7 years now. Only very recently
> we started to get subscribed to several lists and probably the address has
> better circulated to spammers resulting in an increase in the amount of spam.
> But I certainly won't spend as much time dealing with anti-spam problems as
> I already spent in this sterile thread.

So you've lost at least half your subscriber base, and you can't see a
problem with this?

Sorry, but even including ALL posts in this thread over the past few
days, the amount of spam STILL outnumbers the amount of content going
through this list - something that is almost negligent in this day and
age...

So I guess what will it take before something happens? Someone to fork
the list off to somewhere else and fragment your community?

-- 
Steven Haigh

Email: net...@crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299



signature.asc
Description: OpenPGP digital signature

Re: Spam to this list?

[Willy Tarreau]

On Fri, Sep 05, 2014 at 04:08:11PM -0400, Patrick Hemmer wrote:
> *From: *Cyril Bonté 
> *Sent: * 2014-09-05 15:50:21 EDT
> *To: *Patrick Hemmer , Willy Tarreau
> , Ghislain 
> *CC: *Mark Janssen , david rene comba lareu
> , Colin Ingarfield ,
> haproxy@formilux.org 
> *Subject: *Re: Spam to this list?
> 
> > Hi,
> >
> > Le 05/09/2014 20:39, Patrick Hemmer a écrit :
> >> Obviously quite a few people care.
> >> This is your list, and I respect that, but your opinion seems to be the
> >> minority.
> >
> > Without facts, this is as true as if I argue that the majority doesn't
> > care that much but are more annoyed by the amount of mails containing
> > the subject "Spam to this list?".
> >
> >
> 
> Ah, but your facts are in the discussion thread. I've seen very few
> people supporting the current state of things.

Numbers here aren't on your side :

# cat subscribers.d/*|wc -l
830

830 persons are currently subscribed to this list, 22 of which have posted
in this thread, with some not even sharing your opinion. So that's about 98%
which is hardly "very few" by my standards.

FWIW, I've noticed that there is actually *more* spam than what I do
receive, simply because my trivial procmail filters catch about half
of it. I'll see if I find a way to port them to postfix in order to
reduce this amount for everyone to the level I'm seeing on my side.

Now please let me remind me something important : this list is provided
for free to make it easier for developers and users to exchange together.
It's managed on spare time, it's fast and free to subscribe just like it's
fast and free to unsubscribe. Some users do indeed subscribe, participate
to a thread then unsubscribe. There have been about 3 times more
subscriptions than current subscribers, many of which coming back from
time to time. So for people for whom this amount of spam is a terrible
experience, there are a lot of options. However when you're on the service
side of things, options to fight spam *always* come from extra burden dealing
with false positives. So the situation is clearly far from being perfect, but
it used to be reasonably well balanced for 7 years now. Only very recently
we started to get subscribed to several lists and probably the address has
better circulated to spammers resulting in an increase in the amount of spam.
But I certainly won't spend as much time dealing with anti-spam problems as
I already spent in this sterile thread.

Willy

Re: Spam to this list?

[Morgan Aldridge]

On Friday, September 5, 2014, Patrick Hemmer 
wrote:

>  *From: *Willy Tarreau 
> 
> *Sent: * 2014-09-05 11:19:22 EDT
> *To: *Ghislain 
> 
> *CC: *Mark Janssen 
> , david rene comba
> lareu 
> , Colin
> Ingarfield 
> ,
> haproxy@formilux.org
> 
> 
> 
> *Subject: *Re: Spam to this list?
>
>
> I probably received 5 more spams while writing this, and who cares!
>
>  Obviously quite a few people care.
> This is your list, and I respect that, but your opinion seems to be the
> minority.
>
> You've stated in the past that you don't like it when actions result in
> people unsubscribing from the list. How many people unsubscribe because
> they are tired of the spam?
>
> I know I barely pay as much attention to the mailing list as I used to
> because of the amount of spam. "Oh look, a message. SPAM. Oh look, a
> message. SPAM again..."
>

I have to cast my vote in favor of spam prevention methods  for this list
as I've come close to unsubscribe on several occasions due to the amount I
receive. I am very glad I hadn't while the discussion of haproxy 1.5 w/SSL
support was underway, but a surprisingly significant percentage of the spam
I receive comes from this list.

I too am a Gmail user, so see less to the inbox and while it's only a
couple keystrokes to file it away, I do frequently find valid messages in
my Junk folder that I have to reverse the process for. I have maintained
mail servers and mailing lists for companies until relatively recently, so
I fully understand your concern for increase maintenance efforts (and there
have already been numerous offerings of assistance there) and potential
loss of support & feedback, but most admins who are attempting to use
haproxy are very familiar with joining a mailing list to post. I dare say
that many, like myself, assume that requirement anyway.

It does seem to be poor netiquette to proliferate spam by only put in the
bare minimum effort. "Now, you know it's up to you whether or not you want
to just do the bare minimum..." But, really, it's about the compound amount
of lost productivity for us subscribers, so please keep that in mind while
your weighing the pros and cons.

Thanks for haproxy and the excellent support that you provide for it.



-- 
Morgan
---
http://makkintosshu.com/
http://seriesparts.com/
http://rikuwoiku.com/
http://unna.org/

Re: Spam to this list?

[Morgan Aldridge]

On Friday, September 5, 2014, Patrick Hemmer 
wrote:

>  *From: *Willy Tarreau 
> 
> *Sent: * 2014-09-05 11:19:22 EDT
> *To: *Ghislain 
> 
> *CC: *Mark Janssen 
> , david rene comba
> lareu 
> , Colin
> Ingarfield 
> ,
> haproxy@formilux.org
> 
> 
> 
> *Subject: *Re: Spam to this list?
>
>
> I probably received 5 more spams while writing this, and who cares!
>
>  Obviously quite a few people care.
> This is your list, and I respect that, but your opinion seems to be the
> minority.
>
> You've stated in the past that you don't like it when actions result in
> people unsubscribing from the list. How many people unsubscribe because
> they are tired of the spam?
>
> I know I barely pay as much attention to the mailing list as I used to
> because of the amount of spam. "Oh look, a message. SPAM. Oh look, a
> message. SPAM again..."
>

I have to cast my vote in favor of spam prevention methods  for this list
as I've come close to unsubscribe on several occasions due to the amount I
receive. I am very glad I hadn't while the discussion of haproxy 1.5 w/SSL
support was underway, but a surprisingly significant percentage of the spam
I receive comes from this list.

I too am a Gmail user, so see less to the inbox and while it's only a
couple keystrokes to file it away, I do frequently find valid messages in
my Junk folder that I have to reverse the process for. I have maintained
mail servers and mailing lists for companies until relatively recently, so
I fully understand your concern for increase maintenance efforts (and there
have already been numerous offerings of assistance there) and potential
loss of support & feedback, but most admins who are attempting to use
haproxy are very familiar with joining a mailing list to post. I dare say
that many, like myself, assume that requirement anyway.

It does seem to be poor netiquette to proliferate spam by only put in the
bare minimum effort. "Now, you know it's up to you whether or not you want
to just do the bare minimum..." But, really, it's about the compound amount
of lost productivity for us subscribers, so please keep that in mind while
your weighing the pros and cons.

Thanks for haproxy and the excellent support that you provide for it.



-- 
Morgan
---
http://makkintosshu.com/
http://seriesparts.com/
http://rikuwoiku.com/
http://unna.org/

Re: Spam to this list?

[Michael Johnson - MJ]

I don't know how feasible this would be, but I have an idea that I think
would satisfy most people and could be rolled out in phases providing
better functionality as each phase is deployed.

1.  Set up a spam filter that simply tags messages with a special header if
it is thought to be spam.  This would allow people to set up a simple
filter if they want.

2. Allow people to choose to have the messages tagged as possible spam sent
to them or not.  At this point, client side filters are no longer needed.

3.  Watch for responses to messages tagged as spam.  If one is seen from a
list subscriber, unflag the message as spam and send to the original to
those who have opted out of receiving possible spam.

4.  Allow people who wish to be spam moderators the ability to tag things
as false positives/negatives.  This will improve the spam filtering over
time and valid messages could be forwarded along.

The downside is that there is probably a fair amount of work to be done to
make all of this happen.

One argument against this is that false positives prior to implementing
step 3 would only be seen by part of the the list.  But then that is
effectively the case right now for anyone who filters spam on their side.
 On Sep 5, 2014 12:52 PM, "Cyril Bonté"  wrote:

> Hi,
>
> Le 05/09/2014 20:39, Patrick Hemmer a écrit :
>
>> Obviously quite a few people care.
>> This is your list, and I respect that, but your opinion seems to be the
>> minority.
>>
>
> Without facts, this is as true as if I argue that the majority doesn't
> care that much but are more annoyed by the amount of mails containing the
> subject "Spam to this list?".
>
>
> --
> Cyril Bonté
>
>

Re: Spam to this list?

[Patrick Hemmer]

*From: *Cyril Bonté 
*Sent: * 2014-09-05 15:50:21 EDT
*To: *Patrick Hemmer , Willy Tarreau
, Ghislain 
*CC: *Mark Janssen , david rene comba lareu
, Colin Ingarfield ,
haproxy@formilux.org 
*Subject: *Re: Spam to this list?

> Hi,
>
> Le 05/09/2014 20:39, Patrick Hemmer a écrit :
>> Obviously quite a few people care.
>> This is your list, and I respect that, but your opinion seems to be the
>> minority.
>
> Without facts, this is as true as if I argue that the majority doesn't
> care that much but are more annoyed by the amount of mails containing
> the subject "Spam to this list?".
>
>

Ah, but your facts are in the discussion thread. I've seen very few
people supporting the current state of things. Yes it is possible there
are other people who haven't replied, but I think we can make a couple
deductions:
* Those who have strong feelings on the matter have already reported in
* Those who havent either:
   * don't have a strong opinion
   * feel their stance is sufficiently represented.
   * haven't checked their mail
In all cases, I think it would be reasonable to assume that the sample
set already provided would reflect the general trend of further
responses. Meaning that the majority opinion would remain the majority
opinion.

-Patrick

Re: Spam to this list?

[Cyril Bonté]

Hi,

Le 05/09/2014 20:39, Patrick Hemmer a écrit :

Obviously quite a few people care.
This is your list, and I respect that, but your opinion seems to be the
minority.


Without facts, this is as true as if I argue that the majority doesn't 
care that much but are more annoyed by the amount of mails containing 
the subject "Spam to this list?".



--
Cyril Bonté

Re: Spam to this list?

[Patrick Hemmer]

*From: *Willy Tarreau 
*Sent: * 2014-09-05 11:19:22 EDT
*To: *Ghislain 
*CC: *Mark Janssen , david rene comba lareu
, Colin Ingarfield ,
haproxy@formilux.org 
*Subject: *Re: Spam to this list?

> On Fri, Sep 05, 2014 at 04:32:55PM +0200, Ghislain wrote:
>> hi,
>>
>>   this is not spam but some bad behavior of a person  that is 
>> inscribing the mail of this mailing list to newsletter just to annoy 
>> people.
>>  This guy must be laughing like mad about how such a looser he is but 
>> no spam filter will prevent this, there is no filter against human 
>> stupidity that is legal in our country.
> That's precisely the point unfortunately :-/
>
> And the other annoying part are those recurring claims from people who
> know better than anyone else and who pretend that they can magically run
> a mail server with no spam. That's simply nonsense and utterly false. Or
> they have such aggressive filters that they can't even receive the complaints
> from their users when mails are eaten. Everyone can do that, it's enough
> to alias haproxy@formilux.org to /dev/null to get the same effect!
>
> But the goal of the ML is not to block the maximum amount of spam but to
> ensure optimal delivery to its subscribers. As soon as you add some level
> of filtering, you automatically get some increasing amount of false positive.
>
> We even had to drop one filter a few months ago because some gmail users
> could not post anymore.
>
> I'm open to suggestions, provided that :
>
>1) it doesn't add *any* burden on our side (scalability means that the
>   processing should be distributed, not centralized)
>
>2) it doesn't block any single valid e-mail, even from non-subscriber
Have it ever been tried enabling a spam filter in a dry-run mode? Run it
for a year, and just have it add a header indicating whether it would
have blocked the message. Then see if any legitimate messages would have
been blocked.

I also want to point out that the mailing list itself sometimes lands on
various blacklists because of the amount of spam coming from it. So now
users using mail providers subscribing to these blacklists are not just
not losing a few messages, they're losing every message.

>
>3) it doesn't require anyone to resubscribe nor change their ingress
>   filters to get the mails into the same box.
>
>4) it doesn't add extra delays to posts (eg: no grey-listing) because
>   that's really painful for people who post patches and are impatient
>   to see them reach the ML.
In the past you stated that you have grey-listing enable (
http://marc.info/?l=haproxy&m=139748200027362&w=2 ), and here you're
stating that you don't want it. Now I'm confused which is really the case.
If indeed grey-listing is not enabled, why not enable it for
non-subscribers? I'd bet that all the people sending patches are subscribed.
>
> I'm always amazed how people are anonyed with spam in 2014. Spam is part
> of the internet experience and is so ubiquitous that I think these people
> have been living under a rock. Probably those people consider that we
> should also run blood tests on people who want to jump into a bus to
> ensure that they don't come in with any minor disease in hope that all
> diseases will finally disappear. I'm instead in the camp of those who
> consider that training the population is the best resistance, and I think
> that all living being history already proved me right.
I would argue the opposite, this is 2014, we should have capable spam
handling technologies. And indeed we do!
The thing is that spam handling has to be handled on the original
recipient of the email (haproxy@formilux.org). Once the message has been
sent through a relay (the mailing list), many spam filtering
capabilities no longer work (DNSBL, greylisting, SPF, etc). Thus it is
the responsibility of the relay to do the filtering.

>
> I probably received 5 more spams while writing this, and who cares!
Obviously quite a few people care.
This is your list, and I respect that, but your opinion seems to be the
minority.

You've stated in the past that you don't like it when actions result in
people unsubscribing from the list. How many people unsubscribe because
they are tired of the spam?

I know I barely pay as much attention to the mailing list as I used to
because of the amount of spam. "Oh look, a message. SPAM. Oh look, a
message. SPAM again..."

-Patrick

Re: Spam to this list?

[Vincent Bernat]

 ❦  5 septembre 2014 20:38 +0300, Juho Mäkinen  :

> Restricting the list to subscribed user (subonlypost) is not a
> good thing either
>
> May I ask why this is not a good thing? I see no valid reason why not
> subscribed members should be allowed to post. The subscription already
> checks that the sender email is valid, thus should be a decent way to
> remove most of the spam with very little configuration and
> maintenance.
>
> I think all my other lists which I've subscribed require that you need
> to be subscribed so you can post. 

This can be cumbersome for someone wanting to just ask a question or
just send a patch. You need to subscribe, send your patch, then
unsubscribe. This can happen even when you are subscribed but used an
alternate email address for the patch (for example, your professional
email).

On the top of my head, the Linux kernel mailing-list (and other related
mailing-lists) doesn't require subscription.
-- 
Use library functions.
- The Elements of Programming Style (Kernighan & Plauger)

Re: Spam to this list?

[Juho Mäkinen]

On Fri, Sep 5, 2014 at 1:17 PM, Lukas Tribus  wrote:
>
> Restricting the list to subscribed user (subonlypost) is not a good
> thing either
>

May I ask why this is not a good thing? I see no valid reason why not
subscribed members should be allowed to post. The subscription already
checks that the sender email is valid, thus should be a decent way to
remove most of the spam with very little configuration and maintenance.

I think all my other lists which I've subscribed require that you need to
be subscribed so you can post.

 - Garo

Re: Spam to this list?

[Willy Tarreau]

On Fri, Sep 05, 2014 at 11:38:05PM +0800, Alexey Zilber wrote:
> I think most of us are getting soft being gmail users.   I haven't seen
> this amount of spam in my inbox today, probably in years.

Same here and shit happens from time to time. Sometimes I wake up in the
morning and find 50 spam in my box for no apparent reason. And so what ?
Just hit "t" on each of them, ";s" and save them to the spam box. That
takes about 12-15 seconds while my coffee heats up. Not the end of the
world.

> Personally, I
> would go with an automated sub/unsub list.  People who need help will
> usually take the effort to subscribe to a list, so I'm not sure what the
> advantage is of having an open list.

Probably because you've never got any of your posts rejected by a list
you used to reply to when someone CCed you.

>  It's like having an open smtp relay.

It's a bit exagerated.

> I think at the very least implementing DNSBL might help (at least for the
> spam received today) if you decide not to go the subscription route...

We already *do* have some DNSBL, and one of them had to be removed because
the bastards^Wnice guys who maintain them wanted to show the world their
strong muscles and to blacklist gmail, so valid subscribers started to get
bothered and to send me the messages they wanted me to relay. Not the most
efficient way to make people participate to a mailing list if you want my
opinion...

The problem in this world is not people trying to annoy others, it's people
trying to help those who don't seek help. In the sake of making the world
better, they constrain people to follow their new rules without having any
clue what these people need in the first place.

Willy

Re: Spam to this list?

[Willy Tarreau]

Hi Sasha,

On Fri, Sep 05, 2014 at 10:15:34AM -0600, Sasha Pachev wrote:
> Back in the old days we did this with the MySQL list - if the message
> does not contain a set of "magic" keywords that would frequently
> appear in a legitimate message, we reply to the poster telling him to
> include those. He could just reply and the message would go through. I
> do not recall that we checked first to see if the poster was
> subscribed, but we should have.

While that could have worked in the old days where users only used to
send messages by hand, now people also use git send-email to send a
series. For example, Simon uses that to propose his work to be integrated
and that's the proper way to work. So this method risks to block one or
two messages in a series, and that's really problematic because it requires
manual handling of something usually totally automated (ie: mail subject is
taken directly from the Git commit).

> So in that spirit but with some improvements one solution could be:
> 
> - if the poster is subscribed or is on the white list of posters (we
> can generate this by examining if he had posted before, received a
> reply, and then replied to the thread again - to exclude
> auto-responders to spam) let the message through
> - if not send him back some kind of a challenge
> 
> Maybe to avoid auto-reply bots, the challenge could be intelligent,
> e.g randomly generate a short Perl script or a C program and ask the
> user to respond with the output.

That's already too much for a user wanting to report a bug. We don't want
to discourage users from posting. When I discuss with end users, many, I
really mean *many* tell me "I faced an issue with X or Y, I'm not sure, etc".
I say "please post your bug to the ML so that we can work on it". They almost
never do it. This is not specific to this list, people do exactly the same
with the kernel mailing list. Most people are shy with mailing lists, and
many newcomers have to be almost raped to accept to post a message. The
smallest stopper you put in front of them and they'll give up. I already
checked in the past, and more than half of the 800+ permanent subscribers
have never posted.

> Of course, a spam bot author could
> rather easily create special logic to figure out that output, but
> chances are he is not going to bother. But if he does, we can punish
> him by adding the logic to detect his address and in that special case
> send the code that takes control of his system, gathers info on all of
> his spam systems, and shuts down all of them if he forgets that he
> needs to execute the code we send him in a chrooted jail or some other
> safe environment.

I'd see it differently : if he wants to automate that, let's have him
post his crap to feed gmail spam boxes once in a while, and not bother
legitimate users with unneeded controls.

Willy

Re: Spam to this list?

[Sasha Pachev]

Back in the old days we did this with the MySQL list - if the message
does not contain a set of "magic" keywords that would frequently
appear in a legitimate message, we reply to the poster telling him to
include those. He could just reply and the message would go through. I
do not recall that we checked first to see if the poster was
subscribed, but we should have.

So in that spirit but with some improvements one solution could be:

- if the poster is subscribed or is on the white list of posters (we
can generate this by examining if he had posted before, received a
reply, and then replied to the thread again - to exclude
auto-responders to spam) let the message through
- if not send him back some kind of a challenge

Maybe to avoid auto-reply bots, the challenge could be intelligent,
e.g randomly generate a short Perl script or a C program and ask the
user to respond with the output. Of course, a spam bot author could
rather easily create special logic to figure out that output, but
chances are he is not going to bother. But if he does, we can punish
him by adding the logic to detect his address and in that special case
send the code that takes control of his system, gathers info on all of
his spam systems, and shuts down all of them if he forgets that he
needs to execute the code we send him in a chrooted jail or some other
safe environment.

Re: Spam to this list?

[Alexey Zilber]

I think most of us are getting soft being gmail users.   I haven't seen
this amount of spam in my inbox today, probably in years.   Personally, I
would go with an automated sub/unsub list.  People who need help will
usually take the effort to subscribe to a list, so I'm not sure what the
advantage is of having an open list.  It's like having an open smtp relay.
  I think at the very least implementing DNSBL might help (at least for the
spam received today) if you decide not to go the subscription route...

-Alex


On Fri, Sep 5, 2014 at 11:19 PM, Willy Tarreau  wrote:

> On Fri, Sep 05, 2014 at 04:32:55PM +0200, Ghislain wrote:
> > hi,
> >
> >   this is not spam but some bad behavior of a person  that is
> > inscribing the mail of this mailing list to newsletter just to annoy
> > people.
> >  This guy must be laughing like mad about how such a looser he is but
> > no spam filter will prevent this, there is no filter against human
> > stupidity that is legal in our country.
>
> That's precisely the point unfortunately :-/
>
> And the other annoying part are those recurring claims from people who
> know better than anyone else and who pretend that they can magically run
> a mail server with no spam. That's simply nonsense and utterly false. Or
> they have such aggressive filters that they can't even receive the
> complaints
> from their users when mails are eaten. Everyone can do that, it's enough
> to alias haproxy@formilux.org to /dev/null to get the same effect!
>
> But the goal of the ML is not to block the maximum amount of spam but to
> ensure optimal delivery to its subscribers. As soon as you add some level
> of filtering, you automatically get some increasing amount of false
> positive.
>
> We even had to drop one filter a few months ago because some gmail users
> could not post anymore.
>
> I'm open to suggestions, provided that :
>
>1) it doesn't add *any* burden on our side (scalability means that the
>   processing should be distributed, not centralized)
>
>2) it doesn't block any single valid e-mail, even from non-subscriber
>
>3) it doesn't require anyone to resubscribe nor change their ingress
>   filters to get the mails into the same box.
>
>4) it doesn't add extra delays to posts (eg: no grey-listing) because
>   that's really painful for people who post patches and are impatient
>   to see them reach the ML.
>
> I'm always amazed how people are anonyed with spam in 2014. Spam is part
> of the internet experience and is so ubiquitous that I think these people
> have been living under a rock. Probably those people consider that we
> should also run blood tests on people who want to jump into a bus to
> ensure that they don't come in with any minor disease in hope that all
> diseases will finally disappear. I'm instead in the camp of those who
> consider that training the population is the best resistance, and I think
> that all living being history already proved me right.
>
> I probably received 5 more spams while writing this, and who cares!
>
> Best regards,
> Willy
>
>
>

Re: Spam to this list?

[Willy Tarreau]

On Fri, Sep 05, 2014 at 04:32:55PM +0200, Ghislain wrote:
> hi,
> 
>   this is not spam but some bad behavior of a person  that is 
> inscribing the mail of this mailing list to newsletter just to annoy 
> people.
>  This guy must be laughing like mad about how such a looser he is but 
> no spam filter will prevent this, there is no filter against human 
> stupidity that is legal in our country.

That's precisely the point unfortunately :-/

And the other annoying part are those recurring claims from people who
know better than anyone else and who pretend that they can magically run
a mail server with no spam. That's simply nonsense and utterly false. Or
they have such aggressive filters that they can't even receive the complaints
from their users when mails are eaten. Everyone can do that, it's enough
to alias haproxy@formilux.org to /dev/null to get the same effect!

But the goal of the ML is not to block the maximum amount of spam but to
ensure optimal delivery to its subscribers. As soon as you add some level
of filtering, you automatically get some increasing amount of false positive.

We even had to drop one filter a few months ago because some gmail users
could not post anymore.

I'm open to suggestions, provided that :

   1) it doesn't add *any* burden on our side (scalability means that the
  processing should be distributed, not centralized)

   2) it doesn't block any single valid e-mail, even from non-subscriber

   3) it doesn't require anyone to resubscribe nor change their ingress
  filters to get the mails into the same box.

   4) it doesn't add extra delays to posts (eg: no grey-listing) because
  that's really painful for people who post patches and are impatient
  to see them reach the ML.

I'm always amazed how people are anonyed with spam in 2014. Spam is part
of the internet experience and is so ubiquitous that I think these people
have been living under a rock. Probably those people consider that we
should also run blood tests on people who want to jump into a bus to
ensure that they don't come in with any minor disease in hope that all
diseases will finally disappear. I'm instead in the camp of those who
consider that training the population is the best resistance, and I think
that all living being history already proved me right.

I probably received 5 more spams while writing this, and who cares!

Best regards,
Willy

Re: Spam to this list?

[Ghislain]

hi,

  this is not spam but some bad behavior of a person  that is 
inscribing the mail of this mailing list to newsletter just to annoy 
people.
 This guy must be laughing like mad about how such a looser he is but 
no spam filter will prevent this, there is no filter against human 
stupidity that is legal in our country.


regards,
Ghislain.

Re: Spam to this list?

[Steven Haigh]

On 6/09/2014 12:00 AM, Andy Walker wrote:
> If you're going to come up with a ridiculous analogy, you might as well
> get it right. For your analogy to work, you would also have to keep in
> mind that the people that are being shot at have actually signed up to
> be shot at, just like you signed up to be on the mailing list.

I signed up to a mailing list for haproxy - not to be a spam sink. I
can't believe that in this day and age people actually make excuses for
this...

> It wouldn't be a simple task for Willy to take over moderating a mailing
> list, and with all of the work he does on HAProxy, I think some of you
> could be a bit more appreciative of everything he does. I'm sure if
> someone were to volunteer to help tackle this problem, that he'd be more
> than willing to consider alternate options.

Yes, yes it is a simple task. I run many mailing lists - both private
and public - and NONE get spam through to them. Previously, it was
mentioned that the subscriber to poster count was a massively different
ratio - and with all the spam that flows via here, I don't have any
problem believing that - but I do wonder what it would be like if action
was actually taken to not be a spam sink.

I am actually taking some effort to bring the topic up... If I didn't
think the list was valuable, I'd have just unsubscribed weeks ago...

> 
> On Fri, Sep 5, 2014 at 8:52 AM, Steven Haigh  > wrote:
> 
> On 5/09/2014 11:46 PM, Kobus Bensch wrote:
> > On 05/09/2014 11:17, Lukas Tribus wrote:
> >>> On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh  > wrote:
>  Hi guys,
> 
>  I've noticed that this list seems to get more spam than I've ever
>  experienced before on any mailing list.
> 
>  Is there anyone administrating this list? Is spamassassin used on
>  the list?
> 
>  --
>  Steven Haigh
> >>> Hi Steven,
> >>>
> >>> It's a common asked question:
> >>>
> 
> https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam
> >>>
> >>>
> >>> Baptiste
> >>
> >> I know that people have strong opinions about this which is why
> previous
> >> discussions have been a bit "tense", but I think we will have to
> discuss
> >> this again sooner or later.
> >>
> >> I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
> >> post),
> >> and the trend in the last weeks shows that this is getting worse.
> >>
> >>
> >> Now, having a some antispam solution in front of the ML requires
> >> maintenance
> >> and will inevitably lead to false positives, thats probably not what
> >> we want
> >> or have the resources to do.
> >>
> >> Restricting the list to subscribed user (subonlypost) is not a
> good thing
> >> either, however if the alternative is that important topics (from
> both
> >> subscribed and not subscribed users) are buried in tens of SPAM
> threads
> >> every day, I think its a small price to pay.
> >>
> >> just my two cents,
> >>
> > Here is my 2 cents. The amount of spam I receive through this list is
> > far, and I mean FAR outweighed by the valuable information that I get
> > from posts as they currently come in. Besides, any spam I get, is
> > handled by our MTA/Spam server anyway. So I think I received around 5 in
> > the last 10 days. The one or 2 emails that do come through, or that I
> > dont get, is dealt with pretty swiftly with either a lightning click of
> > the Delete button, or a restore from spam. whichever be required for the
> > appropriate action.
> 
> I should also be able to walk around town shooting at people Its
> easy enough for people to buy a bullet proof vest... If they don't have
> one, its their problem...
> 
> Its the wrong way to look at it... Why waste thousands of CPU cycles
> across thousands of machines worldwide because we're too stubborn to fix
> the problem at the source?
> 
> --
> Steven Haigh
> 
> Email: net...@crc.id.au 
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
> 
> 

-- 
Steven Haigh

Email: net...@crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299



signature.asc
Description: OpenPGP digital signature

Re: Spam to this list?

[Kobus Bensch]

I with agree Andy Walker.

I am also willing to help in any way, whether that be SPAM system admin, 
or whatever.



On 05/09/2014 15:00, Andy Walker wrote:
If you're going to come up with a ridiculous analogy, you might as 
well get it right. For your analogy to work, you would also have to 
keep in mind that the people that are being shot at have actually 
signed up to be shot at, just like you signed up to be on the mailing 
list.


It wouldn't be a simple task for Willy to take over moderating a 
mailing list, and with all of the work he does on HAProxy, I think 
some of you could be a bit more appreciative of everything he does. 
I'm sure if someone were to volunteer to help tackle this problem, 
that he'd be more than willing to consider alternate options.



--
Andy Walker
System Administrator
FBS - creators of flexmls
3415 39th St S
Fargo, ND  58104
701-235-7300


On Fri, Sep 5, 2014 at 8:52 AM, Steven Haigh > wrote:


On 5/09/2014 11:46 PM, Kobus Bensch wrote:
> On 05/09/2014 11:17, Lukas Tribus wrote:
>>> On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh mailto:net...@crc.id.au>> wrote:
 Hi guys,

 I've noticed that this list seems to get more spam than I've ever
 experienced before on any mailing list.

 Is there anyone administrating this list? Is spamassassin used on
 the list?

 --
 Steven Haigh
>>> Hi Steven,
>>>
>>> It's a common asked question:
>>>
https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam
>>>
>>>
>>> Baptiste
>>
>> I know that people have strong opinions about this which is why
previous
>> discussions have been a bit "tense", but I think we will have
to discuss
>> this again sooner or later.
>>
>> I got 16 SPAM mails through the ML in the last 12 hours (and 3
valid
>> post),
>> and the trend in the last weeks shows that this is getting worse.
>>
>>
>> Now, having a some antispam solution in front of the ML requires
>> maintenance
>> and will inevitably lead to false positives, thats probably not
what
>> we want
>> or have the resources to do.
>>
>> Restricting the list to subscribed user (subonlypost) is not a
good thing
>> either, however if the alternative is that important topics
(from both
>> subscribed and not subscribed users) are buried in tens of SPAM
threads
>> every day, I think its a small price to pay.
>>
>> just my two cents,
>>
> Here is my 2 cents. The amount of spam I receive through this list is
> far, and I mean FAR outweighed by the valuable information that
I get
> from posts as they currently come in. Besides, any spam I get, is
> handled by our MTA/Spam server anyway. So I think I received
around 5 in
> the last 10 days. The one or 2 emails that do come through, or
that I
> dont get, is dealt with pretty swiftly with either a lightning
click of
> the Delete button, or a restore from spam. whichever be required
for the
> appropriate action.

I should also be able to walk around town shooting at people Its
easy enough for people to buy a bullet proof vest... If they don't
have
one, its their problem...

Its the wrong way to look at it... Why waste thousands of CPU cycles
across thousands of machines worldwide because we're too stubborn
to fix
the problem at the source?

--
Steven Haigh

Email: net...@crc.id.au 
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299




--
Kobus Bensch Trustpay Global LTD email signature Kobus Bensch
Senior Systems Administrator
Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2 7YD
DDI:  0207 871 3958
Tel:  0207 871 3890
Email: kobus.ben...@trustpayglobal.com 



--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: Spam to this list?

[Andy Walker]

If you're going to come up with a ridiculous analogy, you might as well get
it right. For your analogy to work, you would also have to keep in mind
that the people that are being shot at have actually signed up to be shot
at, just like you signed up to be on the mailing list.

It wouldn't be a simple task for Willy to take over moderating a mailing
list, and with all of the work he does on HAProxy, I think some of you
could be a bit more appreciative of everything he does. I'm sure if someone
were to volunteer to help tackle this problem, that he'd be more than
willing to consider alternate options.


--
Andy Walker
System Administrator
FBS - creators of flexmls
3415 39th St S
Fargo, ND  58104
701-235-7300


On Fri, Sep 5, 2014 at 8:52 AM, Steven Haigh  wrote:

> On 5/09/2014 11:46 PM, Kobus Bensch wrote:
> > On 05/09/2014 11:17, Lukas Tribus wrote:
> >>> On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh  wrote:
>  Hi guys,
> 
>  I've noticed that this list seems to get more spam than I've ever
>  experienced before on any mailing list.
> 
>  Is there anyone administrating this list? Is spamassassin used on
>  the list?
> 
>  --
>  Steven Haigh
> >>> Hi Steven,
> >>>
> >>> It's a common asked question:
> >>>
> https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam
> >>>
> >>>
> >>> Baptiste
> >>
> >> I know that people have strong opinions about this which is why previous
> >> discussions have been a bit "tense", but I think we will have to discuss
> >> this again sooner or later.
> >>
> >> I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
> >> post),
> >> and the trend in the last weeks shows that this is getting worse.
> >>
> >>
> >> Now, having a some antispam solution in front of the ML requires
> >> maintenance
> >> and will inevitably lead to false positives, thats probably not what
> >> we want
> >> or have the resources to do.
> >>
> >> Restricting the list to subscribed user (subonlypost) is not a good
> thing
> >> either, however if the alternative is that important topics (from both
> >> subscribed and not subscribed users) are buried in tens of SPAM threads
> >> every day, I think its a small price to pay.
> >>
> >> just my two cents,
> >>
> > Here is my 2 cents. The amount of spam I receive through this list is
> > far, and I mean FAR outweighed by the valuable information that I get
> > from posts as they currently come in. Besides, any spam I get, is
> > handled by our MTA/Spam server anyway. So I think I received around 5 in
> > the last 10 days. The one or 2 emails that do come through, or that I
> > dont get, is dealt with pretty swiftly with either a lightning click of
> > the Delete button, or a restore from spam. whichever be required for the
> > appropriate action.
>
> I should also be able to walk around town shooting at people Its
> easy enough for people to buy a bullet proof vest... If they don't have
> one, its their problem...
>
> Its the wrong way to look at it... Why waste thousands of CPU cycles
> across thousands of machines worldwide because we're too stubborn to fix
> the problem at the source?
>
> --
> Steven Haigh
>
> Email: net...@crc.id.au
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
>
>

Re: Spam to this list?

[Kobus Bensch]

I am sorry, but I have to intervene here with a comment.

Point 5 is totally unfair. These guys are not here to run a mail server, 
but to provide us with an excellent piece of software to do a very good 
job in our environment.


Like I said in a previous email and as Sébastien WENSKE said, maybe try 
and manage it yourself.



On 05/09/2014 14:07, Steven Haigh wrote:

Sorry, this is a stupid suggestion.

1) The spam still makes it onto the list archives - See:
http://marc.info/?l=haproxy&r=1&b=201409&w=2

2) It dilutes the mailing list content by creating a massive drop in
signal to noise (24+ spam messages in the past day?!?)

3) It causes the reputation as a mail sender of the haproxy mailing
lists to be greatly reduced - meaning eventually hosts will reject mail
from the list - legit or not.

4) This is a problem that has been 'solved' on other mailing lists for
at least a decade.

5) It gives the impression to people wanting to use haproxy that the
admin team don't know what they're doing. I've gotten more spam from
this single list in the last 24 hours than I have from the total of ALL
my other mailing lists in the past few months.

If you aren't going to do proper spam filtering, AT LEAST do moderation
of non-member posts. This single action will just about cure the spam
problem.

Its starting to become a joke.

On 5/09/2014 9:46 PM, Sébastien WENSKE wrote:

DIY: install your own anti-spam system :)

I use Amavis, it works well:
https://plus.google.com/+S%C3%A9bastienWENSKE/posts/T6CiUedUZzG

  


Regards,

Sebastien

  


*De :*Kevin Maziere [mailto:ke...@kbrwadventure.com]
*Envoyé :* vendredi 5 septembre 2014 13:16
*À :* Nicolas Grilly
*Cc :* Lukas Tribus; Baptiste; Steven Haigh; haproxy
*Objet :* Re: Spam to this list?

  

  

  


2014-09-05 12:28 GMT+02:00 Nicolas Grilly mailto:nico...@vocationcity.com>>:

I have no advice on what to do, but I'm a regular reader of the ML and I
receive almost no spam from the ML because it is filtered in a very
efficient way by the Gmail spam filter (I use Gmail).

That can't be a  global solution 
  


 On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus mailto:luky...@hotmail.com>> wrote:

 I know that people have strong opinions about this which is why previous
 discussions have been a bit "tense", but I think we will have to discuss
 this again sooner or later.

 I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
 post),
 and the trend in the last weeks shows that this is getting worse.


 Now, having a some antispam solution in front of the ML requires
 maintenance
 and will inevitably lead to false positives, thats probably not what
 we want
 or have the resources to do.

 Restricting the list to subscribed user (subonlypost) is not a good
 thing
 either, however if the alternative is that important topics (from both
 subscribed and not subscribed users) are buried in tens of SPAM threads
 every day, I think its a small price to pay.

  

  

  



--
Kobus Bensch Trustpay Global LTD email signature Kobus Bensch
Senior Systems Administrator
Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2 7YD
DDI:  0207 871 3958
Tel:  0207 871 3890
Email: kobus.ben...@trustpayglobal.com 
<mailto:kobus.ben...@trustpayglobal.com>


--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: Spam to this list?

[Steven Haigh]

On 5/09/2014 11:46 PM, Kobus Bensch wrote:
> On 05/09/2014 11:17, Lukas Tribus wrote:
>>> On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh  wrote:
 Hi guys,

 I've noticed that this list seems to get more spam than I've ever
 experienced before on any mailing list.

 Is there anyone administrating this list? Is spamassassin used on
 the list?

 -- 
 Steven Haigh
>>> Hi Steven,
>>>
>>> It's a common asked question:
>>> https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam
>>>
>>>
>>> Baptiste
>>
>> I know that people have strong opinions about this which is why previous
>> discussions have been a bit "tense", but I think we will have to discuss
>> this again sooner or later.
>>
>> I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
>> post),
>> and the trend in the last weeks shows that this is getting worse.
>>
>>
>> Now, having a some antispam solution in front of the ML requires
>> maintenance
>> and will inevitably lead to false positives, thats probably not what
>> we want
>> or have the resources to do.
>>
>> Restricting the list to subscribed user (subonlypost) is not a good thing
>> either, however if the alternative is that important topics (from both
>> subscribed and not subscribed users) are buried in tens of SPAM threads
>> every day, I think its a small price to pay.
>>
>> just my two cents,
>>  
> Here is my 2 cents. The amount of spam I receive through this list is
> far, and I mean FAR outweighed by the valuable information that I get
> from posts as they currently come in. Besides, any spam I get, is
> handled by our MTA/Spam server anyway. So I think I received around 5 in
> the last 10 days. The one or 2 emails that do come through, or that I
> dont get, is dealt with pretty swiftly with either a lightning click of
> the Delete button, or a restore from spam. whichever be required for the
> appropriate action.

I should also be able to walk around town shooting at people Its
easy enough for people to buy a bullet proof vest... If they don't have
one, its their problem...

Its the wrong way to look at it... Why waste thousands of CPU cycles
across thousands of machines worldwide because we're too stubborn to fix
the problem at the source?

-- 
Steven Haigh

Email: net...@crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299



signature.asc
Description: OpenPGP digital signature

Re: Spam to this list?

[Kobus Bensch]

On 05/09/2014 11:17, Lukas Tribus wrote:

On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh  wrote:

Hi guys,

I've noticed that this list seems to get more spam than I've ever
experienced before on any mailing list.

Is there anyone administrating this list? Is spamassassin used on the list?

--
Steven Haigh

Hi Steven,

It's a common asked question:
https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam

Baptiste


I know that people have strong opinions about this which is why previous
discussions have been a bit "tense", but I think we will have to discuss
this again sooner or later.

I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid post),
and the trend in the last weeks shows that this is getting worse.


Now, having a some antispam solution in front of the ML requires maintenance
and will inevitably lead to false positives, thats probably not what we want
or have the resources to do.

Restricting the list to subscribed user (subonlypost) is not a good thing
either, however if the alternative is that important topics (from both
subscribed and not subscribed users) are buried in tens of SPAM threads
every day, I think its a small price to pay.




just my two cents,


lukas


Here is my 2 cents. The amount of spam I receive through this list is 
far, and I mean FAR outweighed by the valuable information that I get 
from posts as they currently come in. Besides, any spam I get, is 
handled by our MTA/Spam server anyway. So I think I received around 5 in 
the last 10 days. The one or 2 emails that do come through, or that I 
dont get, is dealt with pretty swiftly with either a lightning click of 
the Delete button, or a restore from spam. whichever be required for the 
appropriate action.



--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: Spam to this list?

[Mark Janssen]

I'm also reading this on gmail... but many spams are not caught by gmail
here... (10+ last day)

If not implementing anti-spam we could perhaps go to a moderated system

- Subscribed users pass moderation automatically
- Non-subscribed users need to be moderated, and will be added to the
allowed-posting list
- Spam can be blocked and blacklisted immediately
- No spam will enter the archives, no spam will be sent to the subscribers.

I'm willing to co-moderate the list... if we have a hand full of people
doing this, we can make sure that posts by non-subscribers are approved
relatively quickly

Any chance of getting this done?



On Fri, Sep 5, 2014 at 3:33 PM, david rene comba lareu <
shadow.of.sou...@gmail.com> wrote:

> I totally agree with this. Please, set up some anti-spam measure to the
> list.
>
> 2014-09-05 10:15 GMT-03:00 Colin Ingarfield :
> > On 09/05/2014 08:07 AM, Steven Haigh wrote:
> >>
> >> Sorry, this is a stupid suggestion.
> >>
> >> 1) The spam still makes it onto the list archives - See:
> >> http://marc.info/?l=haproxy&r=1&b=201409&w=2
> >>
> >> 2) It dilutes the mailing list content by creating a massive drop in
> >> signal to noise (24+ spam messages in the past day?!?)
> >>
> >> 3) It causes the reputation as a mail sender of the haproxy mailing
> >> lists to be greatly reduced - meaning eventually hosts will reject mail
> >> from the list - legit or not.
> >>
> >> 4) This is a problem that has been 'solved' on other mailing lists for
> >> at least a decade.
> >>
> >> 5) It gives the impression to people wanting to use haproxy that the
> >> admin team don't know what they're doing. I've gotten more spam from
> >> this single list in the last 24 hours than I have from the total of ALL
> >> my other mailing lists in the past few months.
> >>
> >> If you aren't going to do proper spam filtering, AT LEAST do moderation
> >> of non-member posts. This single action will just about cure the spam
> >> problem.
> >>
> >> Its starting to become a joke.
> >
> >
> > I agree w/ every point here.  I do run my own spam filter (spamassassin)
> and
> > it works very well.  But it mostly trusts email that has a valid DKIM
> > signature.  Since the spam from list does have valid DKIM sigs it makes
> it
> > through my filter easily.
> >
> > To fix this I'd have to make special spam rules just for this list to
> ignore
> > DKIM signatures.  That of course defeats the purpose of them in the first
> > place.
> >
> > Please either filter the spam or require some kind of registration before
> > posting to the list.
> >
> > Thank you,
> > Colin Ingarfield
> >
>
>


-- 
Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

Re: Spam to this list?

[Alexandre]

Thank you, all is said.

Alex.

On 05/09/14 15:07, Steven Haigh wrote:

Sorry, this is a stupid suggestion.

1) The spam still makes it onto the list archives - See:
http://marc.info/?l=haproxy&r=1&b=201409&w=2

2) It dilutes the mailing list content by creating a massive drop in
signal to noise (24+ spam messages in the past day?!?)

3) It causes the reputation as a mail sender of the haproxy mailing
lists to be greatly reduced - meaning eventually hosts will reject mail
from the list - legit or not.

4) This is a problem that has been 'solved' on other mailing lists for
at least a decade.

5) It gives the impression to people wanting to use haproxy that the
admin team don't know what they're doing. I've gotten more spam from
this single list in the last 24 hours than I have from the total of ALL
my other mailing lists in the past few months.

If you aren't going to do proper spam filtering, AT LEAST do moderation
of non-member posts. This single action will just about cure the spam
problem.

Its starting to become a joke.

On 5/09/2014 9:46 PM, Sébastien WENSKE wrote:

DIY: install your own anti-spam system :)

I use Amavis, it works well:
https://plus.google.com/+S%C3%A9bastienWENSKE/posts/T6CiUedUZzG



Regards,

Sebastien



*De :*Kevin Maziere [mailto:ke...@kbrwadventure.com]
*Envoyé :* vendredi 5 septembre 2014 13:16
*À :* Nicolas Grilly
*Cc :* Lukas Tribus; Baptiste; Steven Haigh; haproxy
*Objet :* Re: Spam to this list?







2014-09-05 12:28 GMT+02:00 Nicolas Grilly mailto:nico...@vocationcity.com>>:

I have no advice on what to do, but I'm a regular reader of the ML and I
receive almost no spam from the ML because it is filtered in a very
efficient way by the Gmail spam filter (I use Gmail).

That can't be a  global solution 


 On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus mailto:luky...@hotmail.com>> wrote:

 I know that people have strong opinions about this which is why previous
 discussions have been a bit "tense", but I think we will have to discuss
 this again sooner or later.

 I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
 post),
 and the trend in the last weeks shows that this is getting worse.


 Now, having a some antispam solution in front of the ML requires
 maintenance
 and will inevitably lead to false positives, thats probably not what
 we want
 or have the resources to do.

 Restricting the list to subscribed user (subonlypost) is not a good
 thing
 either, however if the alternative is that important topics (from both
 subscribed and not subscribed users) are buried in tens of SPAM threads
 every day, I think its a small price to pay.

Re: Spam to this list?

[Michael Holmes]

I agree as well.

Regards,
Michael

On Sep 5, 2014, at 9:33 AM, david rene comba lareu  
wrote:

> I totally agree with this. Please, set up some anti-spam measure to the list.
> 
> 2014-09-05 10:15 GMT-03:00 Colin Ingarfield :
>> On 09/05/2014 08:07 AM, Steven Haigh wrote:
>>> 
>>> Sorry, this is a stupid suggestion.
>>> 
>>> 1) The spam still makes it onto the list archives - See:
>>> http://marc.info/?l=haproxy&r=1&b=201409&w=2
>>> 
>>> 2) It dilutes the mailing list content by creating a massive drop in
>>> signal to noise (24+ spam messages in the past day?!?)
>>> 
>>> 3) It causes the reputation as a mail sender of the haproxy mailing
>>> lists to be greatly reduced - meaning eventually hosts will reject mail
>>> from the list - legit or not.
>>> 
>>> 4) This is a problem that has been 'solved' on other mailing lists for
>>> at least a decade.
>>> 
>>> 5) It gives the impression to people wanting to use haproxy that the
>>> admin team don't know what they're doing. I've gotten more spam from
>>> this single list in the last 24 hours than I have from the total of ALL
>>> my other mailing lists in the past few months.
>>> 
>>> If you aren't going to do proper spam filtering, AT LEAST do moderation
>>> of non-member posts. This single action will just about cure the spam
>>> problem.
>>> 
>>> Its starting to become a joke.
>> 
>> 
>> I agree w/ every point here.  I do run my own spam filter (spamassassin) and
>> it works very well.  But it mostly trusts email that has a valid DKIM
>> signature.  Since the spam from list does have valid DKIM sigs it makes it
>> through my filter easily.
>> 
>> To fix this I'd have to make special spam rules just for this list to ignore
>> DKIM signatures.  That of course defeats the purpose of them in the first
>> place.
>> 
>> Please either filter the spam or require some kind of registration before
>> posting to the list.
>> 
>> Thank you,
>> Colin Ingarfield
>> 
> 

Re: Spam to this list?

[david rene comba lareu]

I totally agree with this. Please, set up some anti-spam measure to the list.

2014-09-05 10:15 GMT-03:00 Colin Ingarfield :
> On 09/05/2014 08:07 AM, Steven Haigh wrote:
>>
>> Sorry, this is a stupid suggestion.
>>
>> 1) The spam still makes it onto the list archives - See:
>> http://marc.info/?l=haproxy&r=1&b=201409&w=2
>>
>> 2) It dilutes the mailing list content by creating a massive drop in
>> signal to noise (24+ spam messages in the past day?!?)
>>
>> 3) It causes the reputation as a mail sender of the haproxy mailing
>> lists to be greatly reduced - meaning eventually hosts will reject mail
>> from the list - legit or not.
>>
>> 4) This is a problem that has been 'solved' on other mailing lists for
>> at least a decade.
>>
>> 5) It gives the impression to people wanting to use haproxy that the
>> admin team don't know what they're doing. I've gotten more spam from
>> this single list in the last 24 hours than I have from the total of ALL
>> my other mailing lists in the past few months.
>>
>> If you aren't going to do proper spam filtering, AT LEAST do moderation
>> of non-member posts. This single action will just about cure the spam
>> problem.
>>
>> Its starting to become a joke.
>
>
> I agree w/ every point here.  I do run my own spam filter (spamassassin) and
> it works very well.  But it mostly trusts email that has a valid DKIM
> signature.  Since the spam from list does have valid DKIM sigs it makes it
> through my filter easily.
>
> To fix this I'd have to make special spam rules just for this list to ignore
> DKIM signatures.  That of course defeats the purpose of them in the first
> place.
>
> Please either filter the spam or require some kind of registration before
> posting to the list.
>
> Thank you,
> Colin Ingarfield
>

Re: Spam to this list?

[Colin Ingarfield]

On 09/05/2014 08:07 AM, Steven Haigh wrote:

Sorry, this is a stupid suggestion.

1) The spam still makes it onto the list archives - See:
http://marc.info/?l=haproxy&r=1&b=201409&w=2

2) It dilutes the mailing list content by creating a massive drop in
signal to noise (24+ spam messages in the past day?!?)

3) It causes the reputation as a mail sender of the haproxy mailing
lists to be greatly reduced - meaning eventually hosts will reject mail
from the list - legit or not.

4) This is a problem that has been 'solved' on other mailing lists for
at least a decade.

5) It gives the impression to people wanting to use haproxy that the
admin team don't know what they're doing. I've gotten more spam from
this single list in the last 24 hours than I have from the total of ALL
my other mailing lists in the past few months.

If you aren't going to do proper spam filtering, AT LEAST do moderation
of non-member posts. This single action will just about cure the spam
problem.

Its starting to become a joke.


I agree w/ every point here.  I do run my own spam filter (spamassassin) 
and it works very well.  But it mostly trusts email that has a valid 
DKIM signature.  Since the spam from list does have valid DKIM sigs it 
makes it through my filter easily.


To fix this I'd have to make special spam rules just for this list to 
ignore DKIM signatures.  That of course defeats the purpose of them in 
the first place.


Please either filter the spam or require some kind of registration 
before posting to the list.


Thank you,
Colin Ingarfield

Re: Spam to this list?

[Steven Haigh]

Sorry, this is a stupid suggestion.

1) The spam still makes it onto the list archives - See:
http://marc.info/?l=haproxy&r=1&b=201409&w=2

2) It dilutes the mailing list content by creating a massive drop in
signal to noise (24+ spam messages in the past day?!?)

3) It causes the reputation as a mail sender of the haproxy mailing
lists to be greatly reduced - meaning eventually hosts will reject mail
from the list - legit or not.

4) This is a problem that has been 'solved' on other mailing lists for
at least a decade.

5) It gives the impression to people wanting to use haproxy that the
admin team don't know what they're doing. I've gotten more spam from
this single list in the last 24 hours than I have from the total of ALL
my other mailing lists in the past few months.

If you aren't going to do proper spam filtering, AT LEAST do moderation
of non-member posts. This single action will just about cure the spam
problem.

Its starting to become a joke.

On 5/09/2014 9:46 PM, Sébastien WENSKE wrote:
> DIY: install your own anti-spam system :)
> 
> I use Amavis, it works well:
> https://plus.google.com/+S%C3%A9bastienWENSKE/posts/T6CiUedUZzG
> 
>  
> 
> Regards,
> 
> Sebastien
> 
>  
> 
> *De :*Kevin Maziere [mailto:ke...@kbrwadventure.com]
> *Envoyé :* vendredi 5 septembre 2014 13:16
> *À :* Nicolas Grilly
> *Cc :* Lukas Tribus; Baptiste; Steven Haigh; haproxy
> *Objet :* Re: Spam to this list?
> 
>  
> 
>  
> 
>  
> 
> 2014-09-05 12:28 GMT+02:00 Nicolas Grilly  <mailto:nico...@vocationcity.com>>:
> 
> I have no advice on what to do, but I'm a regular reader of the ML and I
> receive almost no spam from the ML because it is filtered in a very
> efficient way by the Gmail spam filter (I use Gmail).
> 
> That can't be a  global solution 
>  
> 
> On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus  <mailto:luky...@hotmail.com>> wrote:
> 
> I know that people have strong opinions about this which is why previous
> discussions have been a bit "tense", but I think we will have to discuss
> this again sooner or later.
> 
> I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
> post),
> and the trend in the last weeks shows that this is getting worse.
> 
> 
> Now, having a some antispam solution in front of the ML requires
> maintenance
> and will inevitably lead to false positives, thats probably not what
> we want
> or have the resources to do.
> 
> Restricting the list to subscribed user (subonlypost) is not a good
> thing
> either, however if the alternative is that important topics (from both
> subscribed and not subscribed users) are buried in tens of SPAM threads
> every day, I think its a small price to pay.
> 
>  
> 
>  
> 
>  
> 

-- 
Steven Haigh

Email: net...@crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299



signature.asc
Description: OpenPGP digital signature

RE: Spam to this list?

[Sébastien WENSKE]

DIY: install your own anti-spam system :)
I use Amavis, it works well: 
https://plus.google.com/+S%C3%A9bastienWENSKE/posts/T6CiUedUZzG

Regards,
Sebastien

De : Kevin Maziere [mailto:ke...@kbrwadventure.com]
Envoyé : vendredi 5 septembre 2014 13:16
À : Nicolas Grilly
Cc : Lukas Tribus; Baptiste; Steven Haigh; haproxy
Objet : Re: Spam to this list?



2014-09-05 12:28 GMT+02:00 Nicolas Grilly 
mailto:nico...@vocationcity.com>>:
I have no advice on what to do, but I'm a regular reader of the ML and I 
receive almost no spam from the ML because it is filtered in a very efficient 
way by the Gmail spam filter (I use Gmail).
That can't be a  global solution 

On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus 
mailto:luky...@hotmail.com>> wrote:
I know that people have strong opinions about this which is why previous
discussions have been a bit "tense", but I think we will have to discuss
this again sooner or later.

I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid post),
and the trend in the last weeks shows that this is getting worse.


Now, having a some antispam solution in front of the ML requires maintenance
and will inevitably lead to false positives, thats probably not what we want
or have the resources to do.

Restricting the list to subscribed user (subonlypost) is not a good thing
either, however if the alternative is that important topics (from both
subscribed and not subscribed users) are buried in tens of SPAM threads
every day, I think its a small price to pay.

Re: Spam to this list?

[Kevin Maziere]

2014-09-05 12:28 GMT+02:00 Nicolas Grilly :

> I have no advice on what to do, but I'm a regular reader of the ML and I
> receive almost no spam from the ML because it is filtered in a very
> efficient way by the Gmail spam filter (I use Gmail).
>
> That can't be a  global solution 


> On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus  wrote:
>
>> I know that people have strong opinions about this which is why previous
>> discussions have been a bit "tense", but I think we will have to discuss
>> this again sooner or later.
>>
>> I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid
>> post),
>> and the trend in the last weeks shows that this is getting worse.
>>
>>
>> Now, having a some antispam solution in front of the ML requires
>> maintenance
>> and will inevitably lead to false positives, thats probably not what we
>> want
>> or have the resources to do.
>>
>> Restricting the list to subscribed user (subonlypost) is not a good thing
>> either, however if the alternative is that important topics (from both
>> subscribed and not subscribed users) are buried in tens of SPAM threads
>> every day, I think its a small price to pay.
>>
>
>
>

Re: Spam to this list?

[Nicolas Grilly]

I have no advice on what to do, but I'm a regular reader of the ML and I
receive almost no spam from the ML because it is filtered in a very
efficient way by the Gmail spam filter (I use Gmail).

On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus  wrote:

> I know that people have strong opinions about this which is why previous
> discussions have been a bit "tense", but I think we will have to discuss
> this again sooner or later.
>
> I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid post),
> and the trend in the last weeks shows that this is getting worse.
>
>
> Now, having a some antispam solution in front of the ML requires
> maintenance
> and will inevitably lead to false positives, thats probably not what we
> want
> or have the resources to do.
>
> Restricting the list to subscribed user (subonlypost) is not a good thing
> either, however if the alternative is that important topics (from both
> subscribed and not subscribed users) are buried in tens of SPAM threads
> every day, I think its a small price to pay.
>

RE: Spam to this list?

[Lukas Tribus]

> On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh  wrote:
>> Hi guys,
>>
>> I've noticed that this list seems to get more spam than I've ever
>> experienced before on any mailing list.
>>
>> Is there anyone administrating this list? Is spamassassin used on the list?
>>
>> --
>> Steven Haigh
>
> Hi Steven,
>
> It's a common asked question:
> https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam
>
> Baptiste


I know that people have strong opinions about this which is why previous
discussions have been a bit "tense", but I think we will have to discuss
this again sooner or later.

I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid post),
and the trend in the last weeks shows that this is getting worse.


Now, having a some antispam solution in front of the ML requires maintenance
and will inevitably lead to false positives, thats probably not what we want
or have the resources to do.

Restricting the list to subscribed user (subonlypost) is not a good thing
either, however if the alternative is that important topics (from both
subscribed and not subscribed users) are buried in tens of SPAM threads
every day, I think its a small price to pay.




just my two cents,


lukas

  

Re: Spam to this list?

[Baptiste]

On Thu, Sep 4, 2014 at 3:51 AM, Steven Haigh  wrote:
> Hi guys,
>
> I've noticed that this list seems to get more spam than I've ever
> experienced before on any mailing list.
>
> Is there anyone administrating this list? Is spamassassin used on the list?
>
> --
> Steven Haigh
>
> Email: net...@crc.id.au
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
>

Hi Steven,

It's a common asked question:
https://www.google.fr/search?q=haproy+formilux+spam&oq=haproy+formilux+spam

Baptiste

Re: Spam

[Simon Dick]

I couldn't care less about the spam that comes through, the bit that
annoys me is the mailing list emails when gmail doesn't accept spam
and the software complains messages are bouncing :)

On 15 April 2014 00:23, Steven Le Roux  wrote:
> Ok let's do the math.
>
> search(in:spam in:lists-haproxy before:2014/04/15 after:2014/04/01)
> => 50 spam for the last 2 weeks.
>
> This is not what I call "astounding".
>
> I didn't even noticed their was spam :) I had to look them for.
>
> You can set up your MTA/MUA and you won't see anything or use
> gmail/ymail/whatevermail
>
> On Mon, Apr 14, 2014 at 7:21 PM, Malcolm Turnbull
>  wrote:
>> I love these little political spats :-).
>> Just wanted to see how long we could make the thread.
>>
>> +1 for Willy.
>>
>> Initially I must admit I thought the non-subscribe was odd...
>> But after years of happy use I finally get the reasoning, its not the
>> list that is the problem but the spammers - deal with spam in the
>> usual fashion (at the client end).
>> In my case Google does it for me 3,500 spams in the last 30 days 
>> apparently
>>
>> Ps. HAProxy is and always will be the best open source load balancing
>> proxy solution - Thanks very much.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On 14 April 2014 18:07, Juan  Jimenez  wrote:
>>>
>>> On 4/14/14, 12:00 PM, "Willy Tarreau"  wrote:
>>>
On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
> I'd like to say something as a user of the software and and avid
> follower of each conversation via this list. The few spam messages that
> do come through IS NO ISSUE. Unless it is so bad it is wearing your
> delete key out. Seriously, there are other things to complain about.

Thank you for confirming my beliefs Kobus :-)

Willy
>>>
>>> That¹s anecdotal evidence. LOL!
>>>
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Malcolm Turnbull.
>>
>> Loadbalancer.org Ltd.
>> Phone: +44 (0)870 443 8779
>> http://www.loadbalancer.org/
>>
>
>
>
> --
> Steven Le Roux
> Jabber-ID : ste...@jabber.fr
> 0x39494CCB 
> 2FF7 226B 552E 4709 03F0  6281 72D7 A010 3949 4CCB
>

Re: Spam

[Steven Le Roux]

Ok let's do the math.

search(in:spam in:lists-haproxy before:2014/04/15 after:2014/04/01)
=> 50 spam for the last 2 weeks.

This is not what I call "astounding".

I didn't even noticed their was spam :) I had to look them for.

You can set up your MTA/MUA and you won't see anything or use
gmail/ymail/whatevermail

On Mon, Apr 14, 2014 at 7:21 PM, Malcolm Turnbull
 wrote:
> I love these little political spats :-).
> Just wanted to see how long we could make the thread.
>
> +1 for Willy.
>
> Initially I must admit I thought the non-subscribe was odd...
> But after years of happy use I finally get the reasoning, its not the
> list that is the problem but the spammers - deal with spam in the
> usual fashion (at the client end).
> In my case Google does it for me 3,500 spams in the last 30 days 
> apparently
>
> Ps. HAProxy is and always will be the best open source load balancing
> proxy solution - Thanks very much.
>
>
>
>
>
>
>
>
>
>
>
>
> On 14 April 2014 18:07, Juan  Jimenez  wrote:
>>
>> On 4/14/14, 12:00 PM, "Willy Tarreau"  wrote:
>>
>>>On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
 I'd like to say something as a user of the software and and avid
 follower of each conversation via this list. The few spam messages that
 do come through IS NO ISSUE. Unless it is so bad it is wearing your
 delete key out. Seriously, there are other things to complain about.
>>>
>>>Thank you for confirming my beliefs Kobus :-)
>>>
>>>Willy
>>
>> That¹s anecdotal evidence. LOL!
>>
>>
>
>
>
> --
> Regards,
>
> Malcolm Turnbull.
>
> Loadbalancer.org Ltd.
> Phone: +44 (0)870 443 8779
> http://www.loadbalancer.org/
>



-- 
Steven Le Roux
Jabber-ID : ste...@jabber.fr
0x39494CCB 
2FF7 226B 552E 4709 03F0  6281 72D7 A010 3949 4CCB

Re: Spam

[Malcolm Turnbull]

I love these little political spats :-).
Just wanted to see how long we could make the thread.

+1 for Willy.

Initially I must admit I thought the non-subscribe was odd...
But after years of happy use I finally get the reasoning, its not the
list that is the problem but the spammers - deal with spam in the
usual fashion (at the client end).
In my case Google does it for me 3,500 spams in the last 30 days apparently

Ps. HAProxy is and always will be the best open source load balancing
proxy solution - Thanks very much.












On 14 April 2014 18:07, Juan  Jimenez  wrote:
>
> On 4/14/14, 12:00 PM, "Willy Tarreau"  wrote:
>
>>On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
>>> I'd like to say something as a user of the software and and avid
>>> follower of each conversation via this list. The few spam messages that
>>> do come through IS NO ISSUE. Unless it is so bad it is wearing your
>>> delete key out. Seriously, there are other things to complain about.
>>
>>Thank you for confirming my beliefs Kobus :-)
>>
>>Willy
>
> That¹s anecdotal evidence. LOL!
>
>



-- 
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/

Re: Spam

[Juan Jimenez]

On 4/14/14, 12:00 PM, "Willy Tarreau"  wrote:

>On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
>> I'd like to say something as a user of the software and and avid
>> follower of each conversation via this list. The few spam messages that
>> do come through IS NO ISSUE. Unless it is so bad it is wearing your
>> delete key out. Seriously, there are other things to complain about.
>
>Thank you for confirming my beliefs Kobus :-)
>
>Willy

That¹s anecdotal evidence. LOL!

Re: Spam

[William Lewis]

+1

Keep up the good work Willy

On 14 Apr 2014, at 17:00, Willy Tarreau  wrote:

> On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
>> I'd like to say something as a user of the software and and avid 
>> follower of each conversation via this list. The few spam messages that 
>> do come through IS NO ISSUE. Unless it is so bad it is wearing your 
>> delete key out. Seriously, there are other things to complain about.
> 
> Thank you for confirming my beliefs Kobus :-)
> 
> Willy
> 
> 

Re: Spam

[Willy Tarreau]

On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
> I'd like to say something as a user of the software and and avid 
> follower of each conversation via this list. The few spam messages that 
> do come through IS NO ISSUE. Unless it is so bad it is wearing your 
> delete key out. Seriously, there are other things to complain about.

Thank you for confirming my beliefs Kobus :-)

Willy

Re: Spam

[Kobus Bensch]

I'd like to say something as a user of the software and and avid 
follower of each conversation via this list. The few spam messages that 
do come through IS NO ISSUE. Unless it is so bad it is wearing your 
delete key out. Seriously, there are other things to complain about.

On 14/04/2014 16:11, Willy Tarreau wrote:

On Mon, Apr 14, 2014 at 02:59:48PM +, Juan  Jimenez wrote:

I will mention a couple of points and leave it at that. I靶e been
operating mailing lists for decades, I get zero spam on the ones I own by
taking simple measures to prevent it, and the subscribe/unsubscribe is so
painless than no one complains about it.

For sure, they'd have to subscribe in order to complain. Just like I
never complained to anybody about the few of my e-mails that got dropped
in the past to a few mailing lists. You see that you're going to help
someone, your e-mail is rejected and you simply think "go to hell with
your filters and keep your list closed". And these mails were lost and
so what ?


If someone wants to read and not
participate, I allow that as well by making the threads public. If they
want to ask questions and participate, I require them to subscribe because
I respect the rights of those who do accept a little bit of work in
exchange for getting value from the list.

It's exactly the problem : you don't consider those who contribute just
for the sake of helping and not getting back any value from a list. We
have some like this on this list BTW. Some of them were not subscribers
during their first e-mails and finally subscribed. That's exactly what
your filtering method prevents and I disagree with that.

If we had 100 spams a day, we could possibly change something, but at
the moment, the only reason for noticing spam is that there's low traffic
on the list.

BTW, what drives people out of the list is not spam but actually discussions.
I can say that every time there are 1 or 2 threads which last for a few
e-mails, I'm getting 2 or 3 unsubscription emails. I can predict for sure
that it will happen this evening due to this thread.

So that proves one thing :
   - spam make people complain
   - useful discussions about the work make people leave

Let's keep people complaining, while they complain they don't leave :-)

Willy





--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: Spam

[Willy Tarreau]

On Mon, Apr 14, 2014 at 02:59:48PM +, Juan  Jimenez wrote:
> I will mention a couple of points and leave it at that. I¹ve been
> operating mailing lists for decades, I get zero spam on the ones I own by
> taking simple measures to prevent it, and the subscribe/unsubscribe is so
> painless than no one complains about it.

For sure, they'd have to subscribe in order to complain. Just like I
never complained to anybody about the few of my e-mails that got dropped
in the past to a few mailing lists. You see that you're going to help
someone, your e-mail is rejected and you simply think "go to hell with
your filters and keep your list closed". And these mails were lost and
so what ?

> If someone wants to read and not
> participate, I allow that as well by making the threads public. If they
> want to ask questions and participate, I require them to subscribe because
> I respect the rights of those who do accept a little bit of work in
> exchange for getting value from the list.

It's exactly the problem : you don't consider those who contribute just
for the sake of helping and not getting back any value from a list. We
have some like this on this list BTW. Some of them were not subscribers
during their first e-mails and finally subscribed. That's exactly what
your filtering method prevents and I disagree with that.

If we had 100 spams a day, we could possibly change something, but at
the moment, the only reason for noticing spam is that there's low traffic
on the list.

BTW, what drives people out of the list is not spam but actually discussions.
I can say that every time there are 1 or 2 threads which last for a few
e-mails, I'm getting 2 or 3 unsubscription emails. I can predict for sure
that it will happen this evening due to this thread.

So that proves one thing :
  - spam make people complain
  - useful discussions about the work make people leave

Let's keep people complaining, while they complain they don't leave :-)

Willy

Re: Spam

[Juan Jimenez]

On 4/14/14, 10:31 AM, "Willy Tarreau"  wrote:

>On Mon, Apr 14, 2014 at 02:02:46PM +, Juan  Jimenez wrote:
>> Like most people who subscribe, I do so because I
>> want to follow the discussions on the product and have more than a
>>passing
>> interest in it, especially since the current dev version addresses
>>things
>> that are needed to be useful in the configuration we are supporting.
>> Subscribe/Unsubscribe is a simple process in virtually all mailing lists
>> now. Like I said, this is 2014?
>
>Yes, and 2014 means what ? spam everywhere has become standard. OK.
>And subscribing/unsubscribing is painful and impolite for people who are
>CCed and try to respond and get rejected. It happened to me a few times
>on other lists and I simply dropped the mail I tried to send because I
>wasn't going to subscribe for this.
>
>Also, we're in 2014. You're not forced to read the discussions via the
>list, there are marc.info and gmane as well.
>
>Willy
>

I will mention a couple of points and leave it at that. I¹ve been
operating mailing lists for decades, I get zero spam on the ones I own by
taking simple measures to prevent it, and the subscribe/unsubscribe is so
painless than no one complains about it. If someone wants to read and not
participate, I allow that as well by making the threads public. If they
want to ask questions and participate, I require them to subscribe because
I respect the rights of those who do accept a little bit of work in
exchange for getting value from the list.

Juan

Re: Spam

[Pedro Mata-Mouros]

Jeffrey, Ian, Patrick, et al,

I feel some of your pain, but I also really feel that I want Willy 
concentrating on this amazing piece of open source, free software that is 
crucial to my job.

Often times with open source projects (myself included in the past) we get 
frustrated at the wrong person/thing.

Please consider putting this into some perspective. I’ve been a subscriber of 
this list I think for over 5 years now. The value it provides to me is really 
immense. Just the other day I was saying to one of my devops guys that this 
should be the only mailing list he should make sure he subscribed to.

I don’t mind getting the occasional spam email, when I know that this is not a 
paid service and when I know that Willy and the rest of the awesome 
contributors have lives of their own and probably even better things to do than 
start managing mailing list software and mail servers and so on.

I understand your feelings but please either respect that the author and 
contributors don’t really have the resources (time/money) to improve this 
really minor thing, or take a step forward and offer yourselves to fix the 
issue.

This is a community, it’s rude to demand without offering back.

Pedro.

On 14 Apr 2014, at 15:26, Jeffrey 'jf' Lim  wrote:

> On Mon, Apr 14, 2014 at 9:25 PM, Willy Tarreau  wrote:
>> On Mon, Apr 14, 2014 at 09:03:44AM -0400, Patrick Hemmer wrote:
>>> While I strongly disagree, I can respect your reasoning. But perhaps
>>> there are solutions other than restricting non-subscribers. I can think
>>> of these few without much thought:
>>> 1) add grey listing (http://en.wikipedia.org/wiki/Greylisting).
>> 
>> We already have some greylisting which is why we have "only" a little
>> bit of spam.
>> 
>>> 2) add a header indicating whether the sender is subscribed to the
>>> mailing list. Then anyone who wants to remain on the list can add a
>>> filter to auto-delete mail when the sender isn't on the list. I don't
>>> know the numbers, but I'd bet the valid non-subscriber mail is rare.
>> 
>> Among 2000 participants, we have 700 permanent subscribers, which means
>> that other ones unsubscribe after a few exchanges. Some people (including
>> myself) also have multiple addresses and will post from work or home
>> using a different one while they don't want to be subscribed multiple
>> times.
>> 
>>> 3) Add a spamhaus IP blacklist. While I doubt this would block any
>>> legitimate mail, it is possible. So I expect this to be met with the
>>> same resistance as only allowing subscribers.
>> 
>> We're currently using one such crappy BLs, which was the reason people
>> from gmail were recently denied posting. So we had to relax them. The
>> problem with blacklists is that they're maintained by people who quickly
>> get addicted to the great power they have by being able to decide who is
>> allowed to send mail and who isn't allowed. It quickly turns a technical
>> tool into a political one.
>> 
>> I don't have a magic solution to this. The real point is that a mailing
>> list always comes with some spam and any mailbox also comes with some
>> spam anyway. So as long as the mailing list only adds a few percent of
>> spam to the one you already have, I really think it's not worth blocking
>> legitimate users to try to save this.
>> 
>> Willy
>> 
> 
> (Note: I'm replying to all, because I dont know who is legitimately
> subscribed to the list. Probably all of you are? in which case I am
> going to assume that your mail client should be set up to de-duplicate
> messages already)
> 
> How about a 4th "magic" solution? (And yes, this will involve some
> magic, specifically on the part of the mailing list) Allow for people
> brought in to a conversation to be automatically subscribed (so that
> way they dont lose messages if somebody neglects to do a "reply all")
> to that (and only to that) specific thread. No work at all necessary
> on their part (ie. no subscription and unsubscription). It'll involve
> tracking a bit more data (specifically adding specific recipients to
> specific mail threads). The only question is, how often does this
> happen (people get added to a conversation). And if this extra data
> proves to be a problem, it can always be expunged after some
> determined interval. Magic tracking! (just like sticky sessions, haha)
> 
> -jf
> 

Re: Spam

[Jeffrey 'jf' Lim]

On Mon, Apr 14, 2014 at 9:25 PM, Willy Tarreau  wrote:
> On Mon, Apr 14, 2014 at 09:03:44AM -0400, Patrick Hemmer wrote:
>> While I strongly disagree, I can respect your reasoning. But perhaps
>> there are solutions other than restricting non-subscribers. I can think
>> of these few without much thought:
>> 1) add grey listing (http://en.wikipedia.org/wiki/Greylisting).
>
> We already have some greylisting which is why we have "only" a little
> bit of spam.
>
>> 2) add a header indicating whether the sender is subscribed to the
>> mailing list. Then anyone who wants to remain on the list can add a
>> filter to auto-delete mail when the sender isn't on the list. I don't
>> know the numbers, but I'd bet the valid non-subscriber mail is rare.
>
> Among 2000 participants, we have 700 permanent subscribers, which means
> that other ones unsubscribe after a few exchanges. Some people (including
> myself) also have multiple addresses and will post from work or home
> using a different one while they don't want to be subscribed multiple
> times.
>
>> 3) Add a spamhaus IP blacklist. While I doubt this would block any
>> legitimate mail, it is possible. So I expect this to be met with the
>> same resistance as only allowing subscribers.
>
> We're currently using one such crappy BLs, which was the reason people
> from gmail were recently denied posting. So we had to relax them. The
> problem with blacklists is that they're maintained by people who quickly
> get addicted to the great power they have by being able to decide who is
> allowed to send mail and who isn't allowed. It quickly turns a technical
> tool into a political one.
>
> I don't have a magic solution to this. The real point is that a mailing
> list always comes with some spam and any mailbox also comes with some
> spam anyway. So as long as the mailing list only adds a few percent of
> spam to the one you already have, I really think it's not worth blocking
> legitimate users to try to save this.
>
> Willy
>

(Note: I'm replying to all, because I dont know who is legitimately
subscribed to the list. Probably all of you are? in which case I am
going to assume that your mail client should be set up to de-duplicate
messages already)

How about a 4th "magic" solution? (And yes, this will involve some
magic, specifically on the part of the mailing list) Allow for people
brought in to a conversation to be automatically subscribed (so that
way they dont lose messages if somebody neglects to do a "reply all")
to that (and only to that) specific thread. No work at all necessary
on their part (ie. no subscription and unsubscription). It'll involve
tracking a bit more data (specifically adding specific recipients to
specific mail threads). The only question is, how often does this
happen (people get added to a conversation). And if this extra data
proves to be a problem, it can always be expunged after some
determined interval. Magic tracking! (just like sticky sessions, haha)

-jf

Re: Spam

[Willy Tarreau]

On Mon, Apr 14, 2014 at 02:02:46PM +, Juan  Jimenez wrote:
> Like most people who subscribe, I do so because I
> want to follow the discussions on the product and have more than a passing
> interest in it, especially since the current dev version addresses things
> that are needed to be useful in the configuration we are supporting.
> Subscribe/Unsubscribe is a simple process in virtually all mailing lists
> now. Like I said, this is 2014?

Yes, and 2014 means what ? spam everywhere has become standard. OK.
And subscribing/unsubscribing is painful and impolite for people who are
CCed and try to respond and get rejected. It happened to me a few times
on other lists and I simply dropped the mail I tried to send because I
wasn't going to subscribe for this.

Also, we're in 2014. You're not forced to read the discussions via the
list, there are marc.info and gmane as well.

Willy

Re: Spam

[Juan Jimenez]

On 4/14/14, 8:30 AM, "Willy Tarreau"  wrote:


>On Fri, Apr 11, 2014 at 06:14:09PM -0700, Ian Scott wrote:
>> On 04/07/2014 07:47 AM, Juan Jimenez wrote:
>> >Is there a reason this list allows anyone to post messages? The amount
>>of
>> >spam on this list is astounding. This is 2014, folks. The methods to
>> >prevent this became good practice long, long ago.
>> 
>> I agree, this is pretty ridiculous. The list should be only open to
>> posting from subscribers.
>
>What is ridiculous are lists which send messages back to people who are
>brought to a conversation and which force them to subscribe before posting
>a response to kindly offer assistance to help someone.
>
>This list, as a number of other opensource projects lists, is open, which
>means that *nobody* is forced to subscribe to contribute. If you don't
>subscribe, you don't receive any spam.
>
>So I strongly urge you to unsubscribe to save 20 or so spams a week you
>can
>get here. I'm used to get something between 10 and 100 a day on other
>higher
>volume lists and it's not a problem, so surely dealing with 20 a week is
>OK.
> 
>Willy

Actually, no, it¹s not. Like most people who subscribe, I do so because I
want to follow the discussions on the product and have more than a passing
interest in it, especially since the current dev version addresses things
that are needed to be useful in the configuration we are supporting.
Subscribe/Unsubscribe is a simple process in virtually all mailing lists
now. Like I said, this is 2014Š

Juan

Re: Spam

[Willy Tarreau]

On Mon, Apr 14, 2014 at 09:03:44AM -0400, Patrick Hemmer wrote:
> While I strongly disagree, I can respect your reasoning. But perhaps
> there are solutions other than restricting non-subscribers. I can think
> of these few without much thought:
> 1) add grey listing (http://en.wikipedia.org/wiki/Greylisting).

We already have some greylisting which is why we have "only" a little
bit of spam.

> 2) add a header indicating whether the sender is subscribed to the
> mailing list. Then anyone who wants to remain on the list can add a
> filter to auto-delete mail when the sender isn't on the list. I don't
> know the numbers, but I'd bet the valid non-subscriber mail is rare.

Among 2000 participants, we have 700 permanent subscribers, which means
that other ones unsubscribe after a few exchanges. Some people (including
myself) also have multiple addresses and will post from work or home
using a different one while they don't want to be subscribed multiple
times.

> 3) Add a spamhaus IP blacklist. While I doubt this would block any
> legitimate mail, it is possible. So I expect this to be met with the
> same resistance as only allowing subscribers.

We're currently using one such crappy BLs, which was the reason people
from gmail were recently denied posting. So we had to relax them. The
problem with blacklists is that they're maintained by people who quickly
get addicted to the great power they have by being able to decide who is
allowed to send mail and who isn't allowed. It quickly turns a technical
tool into a political one.

I don't have a magic solution to this. The real point is that a mailing
list always comes with some spam and any mailbox also comes with some
spam anyway. So as long as the mailing list only adds a few percent of
spam to the one you already have, I really think it's not worth blocking
legitimate users to try to save this.

Willy

Re: Spam

[Patrick Hemmer]

*From: *Willy Tarreau 
*Sent: * 2014-04-14 08:30:39 E
*To: *Ian Scott 
*CC: *haproxy@formilux.org
*Subject: *Re: Spam

> On Fri, Apr 11, 2014 at 06:14:09PM -0700, Ian Scott wrote:
>> On 04/07/2014 07:47 AM, Juan Jimenez wrote:
>>> Is there a reason this list allows anyone to post messages? The amount of
>>> spam on this list is astounding. This is 2014, folks. The methods to
>>> prevent this became good practice long, long ago.
>> I agree, this is pretty ridiculous. The list should be only open to 
>> posting from subscribers.
> What is ridiculous are lists which send messages back to people who are
> brought to a conversation and which force them to subscribe before posting
> a response to kindly offer assistance to help someone.
>
> This list, as a number of other opensource projects lists, is open, which
> means that *nobody* is forced to subscribe to contribute. If you don't
> subscribe, you don't receive any spam.
>
> So I strongly urge you to unsubscribe to save 20 or so spams a week you can
> get here. I'm used to get something between 10 and 100 a day on other higher
> volume lists and it's not a problem, so surely dealing with 20 a week is OK.
>  
> Willy

While I strongly disagree, I can respect your reasoning. But perhaps
there are solutions other than restricting non-subscribers. I can think
of these few without much thought:
1) add grey listing (http://en.wikipedia.org/wiki/Greylisting).
2) add a header indicating whether the sender is subscribed to the
mailing list. Then anyone who wants to remain on the list can add a
filter to auto-delete mail when the sender isn't on the list. I don't
know the numbers, but I'd bet the valid non-subscriber mail is rare.
3) Add a spamhaus IP blacklist. While I doubt this would block any
legitimate mail, it is possible. So I expect this to be met with the
same resistance as only allowing subscribers.

Anyway, that's all I'm going to say on this subject.


-Patrick

Re: Spam

[Willy Tarreau]

On Fri, Apr 11, 2014 at 06:14:09PM -0700, Ian Scott wrote:
> On 04/07/2014 07:47 AM, Juan Jimenez wrote:
> >Is there a reason this list allows anyone to post messages? The amount of
> >spam on this list is astounding. This is 2014, folks. The methods to
> >prevent this became good practice long, long ago.
> 
> I agree, this is pretty ridiculous. The list should be only open to 
> posting from subscribers.

What is ridiculous are lists which send messages back to people who are
brought to a conversation and which force them to subscribe before posting
a response to kindly offer assistance to help someone.

This list, as a number of other opensource projects lists, is open, which
means that *nobody* is forced to subscribe to contribute. If you don't
subscribe, you don't receive any spam.

So I strongly urge you to unsubscribe to save 20 or so spams a week you can
get here. I'm used to get something between 10 and 100 a day on other higher
volume lists and it's not a problem, so surely dealing with 20 a week is OK.
 
Willy

Re: Spam

[Ian Scott]

On 04/07/2014 07:47 AM, Juan Jimenez wrote:

Is there a reason this list allows anyone to post messages? The amount of
spam on this list is astounding. This is 2014, folks. The methods to
prevent this became good practice long, long ago.


I agree, this is pretty ridiculous. The list should be only open to 
posting from subscribers.


Ian