Re: Spamassassin not catching spam (Follow-up)
On 27/03/2015 12:23, Noel Butler wrote: > On 26/03/2015 23:42, David F. Skoll wrote: > On Thu, 26 Mar 2015 14:37:08 +0100 > Reindl Harald wrote: > > i have to show nothing after for nearly a decade most german IT > magazines had articles about that topic written by law experts > The only link I found written by a German law expert said that > the it "may" apply to spam filtering if the recipient did not agree > beforehand to how the filter operates. > > I also suggest you ask a German law expert if rejecting with 5xx is > materially different than silently discarding when it comes > to "suppressing" data. Frankly, I cannot see the difference; the > law certainly doesn't say it's OK to suppress data as long > as you inform the originator of said data. > > But maybe you could link to some articles on the topic? > > Regards, > > David. I would rather see, not an article written in some mag, but the actual legislative law act that specifies this, any links to actual German law about this would be more welcome. It can (obviously) be written in German, I can understand a bit, and what i can't I have good friend who can (he is afterall, well, German), and failing his availability there's always google translate :) nevermind, I've got it, going to read it after lunch
Re: Spamassassin not catching spam (Follow-up)
On 26/03/2015 23:42, David F. Skoll wrote: > On Thu, 26 Mar 2015 14:37:08 +0100 > Reindl Harald wrote: > >> i have to show nothing after for nearly a decade most german IT >> magazines had articles about that topic written by law experts > > The only link I found written by a German law expert said that > the it "may" apply to spam filtering if the recipient did not agree > beforehand to how the filter operates. > > I also suggest you ask a German law expert if rejecting with 5xx is > materially different than silently discarding when it comes > to "suppressing" data. Frankly, I cannot see the difference; the > law certainly doesn't say it's OK to suppress data as long > as you inform the originator of said data. > > But maybe you could link to some articles on the topic? > > Regards, > > David. I would rather see, not an article written in some mag, but the actual legislative law act that specifies this, any links to actual German law about this would be more welcome. It can (obviously) be written in German, I can understand a bit, and what i can't I have good friend who can (he is afterall, well, German), and failing his availability there's always google translate :)
Re: Spamassassin not catching spam (Follow-up)
On 26/03/2015 23:34, David F. Skoll wrote: > Hi, > > A followup: > > 1) has anyone been convicted under 303a StGB for suppressing email during > spam filtering? I bet not :) Its likely a law introduced to stop anally retentive jerks from having hissy fits and deleting other peoples data, thats unlawful, stopping deliberate spam, can be preventing stresses upon the recipient, so could be argued as lawful destruction of data, we really need a German lawyer (a real lawyer - not keyboard internet lawyer) to interpret the German law. Germany has the strongest data protection laws in the world, but I hardly doubt they were written with the intent of protecting spammer or abusive scum. > 2) How is rejecting with a 5xx code any less of a "suppression" of the > data than silently discarding with a 2xx code? In either case, the > recipient does not receive the mail. The fact that the sender is *aware* > of the non-receipt is immaterial. Are they? We both know 99% of deliberate spam which is likely to high score, is sent by spoofed addresses :)
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 17:27:03 -0600 "@lbutlr" wrote: > > ]]] If action is taken in the delivery process, with the result > > that the ]]] message does not reach its goal, the e-mail is > > "suppressed". > > How does that not apply to a 5xx reject? > Because a reject happens before the delivery process even begins. No. The Heise article (if my memory serves) considers the delivery process to have begun as soon as the SMTP connection is established. Furthermore, a 5xx-Reject and 2xx-Discard after DATA happen at *EXACTLY* the same time, so you cannot say the delivery process "hasn't even begun" for the 5xx but has for the 2xx. The timing is identical. Regards, David.
Re: Spamassassin not catching spam (Follow-up)
On 26 Mar 2015, at 08:05 , David F. Skoll wrote: > > On Thu, 26 Mar 2015 14:54:07 +0100 > Robert Schetterer wrote: > >> Uff , why should i waste my time in telling you the untruth... > > I took a look at the Heise article and Google Translate says: > > ]]] If action is taken in the delivery process, with the result that the > ]]] message does not reach its goal, the e-mail is "suppressed". > > How does that not apply to a 5xx reject? Because a reject happens before the delivery process even begins. -- 'Everything will be all right. From History's point of view, that is. There really isn't any other.'
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On 26 Mar 2015, at 06:43 , David F. Skoll wrote: > On Thu, 26 Mar 2015 12:09:58 +0100 Reindl Harald > wrote: >> why in the world would a reject *before queue* trigger a backscatter >> or bounce on my side? > How do you do before-queue rejection of a message Reject it. > Solve that problem, and then I agree with you. And saying "well, don't > let different end-users have different settings" is not a solution. > Neither is "tempfail all recipients but the first so the message > is transmitted one time for each recipient.” Before-queue settings are liberal and designed to REJECT messages that are obviously broken or from known spammers. These are server settings and no, users can not opt out of postscreen, for example. They also cannot choose to receive .exe files, for example. After the message is accepted, then the message is processed much more rigorously and delivered to the user. The USER can discard mail if they want, but the SERVER never discards messages after they’ve been accepted. -- "He sees the good in every one. No one would ever take him for a clergyman." -- Lucy Honeychurch
Re: Spamassassin not catching spam (Follow-up)
On 26 Mar 2015, at 06:38 , David F. Skoll wrote: > On Thu, 26 Mar 2015 07:53:49 +0100 Reindl Harald > wrote: >> accepted means your SMTP sevrer responded with a 250 status code and >> not with a 4x temporary or 5x permanent error aka rejected the message > > No. Accepted means delivered to the end-user's mailbox. You do not get to make up your own definitions. Accepted: your server accepted the message Delivered: messages was sent to an LDA -- "If this is the best God can do, I'm not impressed."
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On 26/03/15 22:23, Tom Hendrikx wrote: Your single message was delivered by two different hosts, with a single recipient in each. This is actually very logical because the recipients don't share the same MX hosts or IP addresses. *nod* - I'd missed that fact when I glanced over this thread. However, Gmail splits all multiple recipient messages into separate deliveries regardless as to whether the all recipients are in the same domain or not. Ok, so the machine accepts both addresses, but rejects at end-of-data. Harald, if one of the used recipient addresses accepts all spam messages (all_spam_to), you should have one copy of the message, right? Could you share the result of my test with us? Yeah; my bet is that your test wasn't delivered at all. Imagine the confusion that would be caused if you delivered a copy of a message that you rejected to one of the recipients, the sender would get a bounce and think that neither was successful... Regards, Steve.
Re: Spamassassin not catching spam (Follow-up)
> On 25 Mar 2015, at 18:25 , David F. Skoll wrote: > > On Wed, 25 Mar 2015 16:08:34 -0600 > "@lbutlr" wrote: > >> There is a difference between ___block___ and ___silently discard___. > >> Blocking is fine, silently discarding is just evil and should be >> illegal everywhere. > > Nonsense. You are entitled to your opinion of course. > Silently discarding is sometimes the only sensible thing to do. If you are certain it is spam, reject it before you accept it. If you have accepted it, the file it somewhere where the recipient has a chance to get to it. > If you have users with different spam settings (or perhaps some who have > opted-out of spam-scanning completely), there's no sensible way to > handle a multi-recipient message. You either have to tempfail all > recipients after the first so you can process with each recipient's > settings during SMTP, which is horrible, or you have to generate DSNs > for the recipients who reject the message, which will get you > blacklisted as a backscatterer. How do you figure that? You deliver the message if it passes your border checks. If you think it’s spam after that, you can deliver it to the recipient’s spam folders where they are free to ignore it. You do NOT throw it away. >> You can reject who you want in Germany too, you just can___t delete a >> message that you___ve already accepted. > > What does "accepted" mean? Redirecting a message to /dev/null means you > didn't accept it. When your mailserver says “OK, I’ve received the message and am closing the transaction”, you’ve accepted it. > I used to be in the "never silently discard camp", but unfortunately the > email environment has become so hostile that I can no longer keep the > promise of the original SMTP that a message is either delivered or > the sender notified of non-delivery. Promising that in every single > case is, alas, no longer feasible. How does that follow? Don’t discard the message and there’s no problem. -- One tequila, two tequila, three tequila, floor.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 26-03-15 17:28, Steve Freegard wrote: > On 26/03/15 13:47, Reindl Harald wrote: > >> that below was *one* message with two different recipients >> >> X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 >> X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0 >> > > I hate to piss on your parade, but your example here is totally > flawed; this mail from from Gmail right? > >> X-Local-Envelope-From: >> X-Local-Envelope-To: Received: from >> mail-ig0-f171.google.com Message-ID: >> >> >> >> >> X-Local-Envelope-From: >> X-Local-Envelope-To: Received: from >> mail-ie0-f177.google.com Message-ID: >> > >> >> > Gmail splits multi-recipient mail into separate deliveries, so > whilst you sent a single message to multiple recipients at your > domain from Gmail, what the big Goog does is turn that into two > separate messages that are delivered separately. > > Whilst the messages have identical Message-ID headers - you missed > this bit: > >> Received: from mail-ig0-f171.google.com Received: from >> mail-ie0-f177.google.com > > Your single message was delivered by two different hosts, with a > single recipient in each. > This is actually very logical because the recipients don't share the same MX hosts or IP addresses. But as Harald shows in his logs that the mail ends up at the same machine, and I'm really interested how it actually works, I did some old-fashioned telnet: - 8<- $ telnet mail-gw.thelounge.net. 25 Trying 91.118.73.19... Connected to mail-gw.thelounge.net. Escape character is '^]'. 220-mail-gw.thelounge.net ESMTP Spamfirewall (Enforcing SMTP-Compliance, PTR/HELO/RBL-Checks, SPF-Policies and Sender-Verification) 220 mail-gw.thelounge.net ESMTP Spamfirewall (Enforcing SMTP-Compliance, PTR/HELO/RBL-Checks, SPF-Policies and Sender-Verification) helo valerie.whyscream.net 250 mail-gw.thelounge.net mail from: 250 2.1.0 Ok rcpt to: 250 2.1.5 Ok rcpt to: 250 2.1.5 Ok data 354 End data with . Subject: test message for spamassassin user mailing list This is the gtube: . 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR tech-support first, time: Mar 26 23:06:06, client: 89.105.204.244, server: mail-gw.thelounge.net, contact: +4315953999 quit 221 2.0.0 Bye Connection closed by foreign host. - 8<- Ok, so the machine accepts both addresses, but rejects at end-of-data. Harald, if one of the used recipient addresses accepts all spam messages (all_spam_to), you should have one copy of the message, right? Could you share the result of my test with us? Kind regards, Tom -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVFIbYAAoJEJPfMZ19VO/1n3IP+waEs4/mbCA0PP9VB4oHmEGL GTvGom+7Qmr1OknbNSHVnKdcN5+zSkNQEcd2poGBH/iU36I1aWlLNUfpstH0XeFI iY1JognVE67LSqHA6Y1Q0bGdDrJSLg8QeYB961n7biBDnWphfUwOevC9F2cP/10k KaLHg+MRlMUF/1MHqZlDJqhF0XM0dPapKReBAmQ4/PiCZnQ/xHG05qY37ruL/xz0 xBjWU2Dfkri6lC3MAH+p1X/2YyLVx9pi+rUzMUXiYJbR6ihKFHarOrd0Z9hEacPr 0Eyaryv89qPRUpV2cuPudpFOb3Twk2mXXH6IFQKSFyKBM33WyC/iCkKVrTYR28Sp J5pg2O8V1PSsnkjHZzj1sEA/GeKOTNGyl6jh1XC2ofctKmGrXtOxrIg2ubImHRzK sIfKizbjRP5/NJum/y0xTYGo+huT1wIxBS0ntSaHtCHS6gwMovHCHR8T84UdVO+S Q/xDu8+2mpt5h4XNqcOQMePoyL2hSW/Yywh78+jFuUmesLrornsk8pz6TdgIb7Lq aDxQ8xnuoUyBASnzTjfGhhuKmiIGCzv0dEMu1NAuL7X/w/P1dRjYx79bIHzWLYR0 wkj3vCeqxmAbOzujNY3zsh9LKUfNDcqY7Bj2hPgM1QSDQRVGegkF1bR4bNo0OpG2 tdE13QR2C1SrW2UYrsD5 =C7pe -END PGP SIGNATURE-
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 10:12:22 -0500 (CDT) Dave Funk wrote: If they are compatible you respond with a 250, if not with a 452 (or other 45* type reply). On 26.03.15 11:52, David F. Skoll wrote: We looked at doing this. There are some serious downsides: 1) Some senders (for example, mailing list tools) send to quite a number of recipients at once. 30 or even 100 is not out of the question. If all of them have different policies, the last recipient is going to wait a very long time indeed to receive his or her email. FYI: all SMTP RFCs yet require accepting at least 100 recipients at once. (I don't want to discuss this, just to note...) in such case, either spam is refused with sane defaults, or mail is accepted and should be handles as accepted (e.g. delivered to spam folder). 2) Some marginal SMTP software (old versions of Novell Groupwise, I think? Can't recall exactly) does not handle 4xx responses to RCPT: very well. It basically converts them to 5xx. that is very old (and very broken) SMTP software, and since 4xx code can result because of different issues, I don't think we should take this into account 3) You have no control over the retry interval or retention time on the SMTP client. It's not unimaginable that some messages simply won't get delivered because the SMTP client gives up. Some SMTP clients use an exponential backoff algorithm rather than a constant retry interval, and that can be disastrous in this situation. clients with exponential backoff interval should be safe here... the others might not :-) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 11:55:27 -0400 Michael Orlitzky wrote: If one of your customer domains has non-default settings, give them their own IP address and a separate MX record pointing to that address. On 26.03.15 12:54, David F. Skoll wrote: We filter more than 8000 domains. That is not feasible. That's in fact not feasible because even recipients in the same domain may have different settings and rules (and different BAYES database) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org)
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 11:55:27 -0400 Michael Orlitzky wrote: > If one of your customer domains has non-default settings, give them > their own IP address and a separate MX record pointing to that > address. We filter more than 8000 domains. That is not feasible. Regards, David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On 26/03/15 13:47, Reindl Harald wrote: that below was *one* message with two different recipients X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0 I hate to piss on your parade, but your example here is totally flawed; this mail from from Gmail right? X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ig0-f171.google.com Message-ID: X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ie0-f177.google.com Message-ID: Gmail splits multi-recipient mail into separate deliveries, so whilst you sent a single message to multiple recipients at your domain from Gmail, what the big Goog does is turn that into two separate messages that are delivered separately. Whilst the messages have identical Message-ID headers - you missed this bit: > Received: from mail-ig0-f171.google.com > Received: from mail-ie0-f177.google.com Your single message was delivered by two different hosts, with a single recipient in each. If you actually got a real message to multiple recipients in one SMTP transaction, you can't accept one and reject the other once you've entered the DATA phase because your decision becomes binary at that point: either accept, defer or reject the message for *all* recipients as David points out. Regards, Steve.
Re: German law 303a (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 16:39 schrieb David F. Skoll: > I find this discussion intriguing. The German law cited earlier also > forbids you from changing data (original German word "verändert" --- > did I get that right?) > > It seems to me this could make subject tagging illegal. In fact, a rigid > interpretation could make SMTP illegal since you add a Received: header > at each hop, and that's certainly modifying the data being transmitted. > > I believe this is a case of non-technical legislators completely failing > to forsee the logical consequences of their law. :) > > Regards, > > David. > Common legal accepted practice is silent discard mail is forbidden, tagging mail is allowed reject mail is allowed anyway, exception is virus mail as averting of a danger. If its your personal mail you can do what you want. As mail provider you may get contracted to filter. But be sure to have good legal advice if your filter does silent discard. Thats best practice for over 10 years now. And yes laws may miracle included everywhere, there are tons of them in the US i will never understand too *g Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On 03/26/2015 08:43 AM, David F. Skoll wrote: > On Thu, 26 Mar 2015 12:09:58 +0100 > Reindl Harald wrote: > >> why in the world would a reject *before queue* trigger a backscatter >> or bounce on my side? > > How do you do before-queue rejection of a message that is... > > 1) Directed to multiple recipients... > > 2) Some of which have different spam thresholds or have even opted-out? > > Solve that problem, and then I agree with you. And saying "well, don't > let different end-users have different settings" is not a solution. > Neither is "tempfail all recipients but the first so the message > is transmitted one time for each recipient." > If one of your customer domains has non-default settings, give them their own IP address and a separate MX record pointing to that address. Then if a multi-recipient message is addressed to someone in that domain, the sending MTA will split the message before sending it (because it's headed to a different server, as far as the MTA knows). Your pre-queue filter can then switch settings depending on the IP address, and should satisfy your criteria above. Obviously it's a little annoying to set up an MX for every such domain, but you can charge a little PITA fee for domains that want special treatment.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 10:12:22 -0500 (CDT) Dave Funk wrote: > If they are compatible you respond with a 250, if not with a 452 (or > other 45* type reply). We looked at doing this. There are some serious downsides: 1) Some senders (for example, mailing list tools) send to quite a number of recipients at once. 30 or even 100 is not out of the question. If all of them have different policies, the last recipient is going to wait a very long time indeed to receive his or her email. 2) Some marginal SMTP software (old versions of Novell Groupwise, I think? Can't recall exactly) does not handle 4xx responses to RCPT: very well. It basically converts them to 5xx. 3) You have no control over the retry interval or retention time on the SMTP client. It's not unimaginable that some messages simply won't get delivered because the SMTP client gives up. Some SMTP clients use an exponential backoff algorithm rather than a constant retry interval, and that can be disastrous in this situation. > Note that Gmail is already doing something like this (the "multiple > destinations not supported in one transaction" status). You can possibly get away with it on a per-domain rather than per-recipient basis because you're unlikely to have a single message coming in for more than a handful of different domains. Even so, it's risky IMO. Regards, David.
Re: German law 303a (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 16:39 schrieb David F. Skoll: I find this discussion intriguing. The German law cited earlier also forbids you from changing data (original German word "verändert" --- did I get that right?) It seems to me this could make subject tagging illegal. In fact, a rigid interpretation could make SMTP illegal since you add a Received: header at each hop, and that's certainly modifying the data being transmitted. I believe this is a case of non-technical legislators completely failing to forsee the logical consequences of their law. :) that may all be true and like won't matter most of the time it starts to matter if you silent discard a important message and some large party with a good laywer pretends he lost xxx $ money because of the not happened resend or contact over a dfiierent medium in the assumption the mail was delivered yes i am aware that one could pretend not got a mail anyways, but in that case you can prove at least the delivery to the mailbox with your logs, if your last log entry is "discarded" you are out of luck signature.asc Description: OpenPGP digital signature
German law 303a (was Re: Spamassassin not catching spam (Follow-up))
I find this discussion intriguing. The German law cited earlier also forbids you from changing data (original German word "verändert" --- did I get that right?) It seems to me this could make subject tagging illegal. In fact, a rigid interpretation could make SMTP illegal since you add a Received: header at each hop, and that's certainly modifying the data being transmitted. I believe this is a case of non-technical legislators completely failing to forsee the logical consequences of their law. :) Regards, David.
Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 11:23 AM, Robert Schetterer wrote: Am 26.03.2015 um 16:03 schrieb Kevin A. McGrail: On 3/26/2015 9:54 AM, Robert Schetterer wrote: so again , there are exceptions, but in general you are not allowed to silent discard mail in germany. Unless there are MASSIVE translation issues, the answer is exactly what DFS proposed: consent from the users of the system. From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html Solution to the dilemma A solution to this problem is the consent of the recipient to delete the e-mails that must be present in advance. In this case, the application of the above paragraphs is excluded, legally it is called a "factual negative consent". Is that translation accurate? As i wrote you "may" be contracted and allowed to filter and discard mail by/for a customer. But you better should have a good legal office in case of trouble Most people here avoid such potentially struggle, cause they are not very hardly needed. The common way is not to do silent discard mail. So I am assuming that means the translation is accurate. I think that's a key point that we are saying, we do this to protect our users and with their full consent. Should a firewall let attacks through if it's a DDoS on your email servers because there could be legitimate mail? What right and responsibility do you have to protect your users and network? Overall, from what I've seen, the legal woes have the proper exemptions that if you have a good legal adviser, a good technical team and you are willing to fight conformity, there is an opportunity to improve on the competition! Regards, KAM
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 16:19 schrieb Kevin A. McGrail: On 3/26/2015 11:11 AM, Robert Schetterer wrote: what he describes is not backscatter, cause the mail is rejected during smtp imcome stage, wich means the server simply didnt take the mail during the running smtp session, This argument to me assumes that their isn't a server in the middle of the relay. Not everything is edge to edge, point A to B. Lots of backscatter comes from attacking secondary MX's and well, in case it is not edge-to-edge (backup MX and so on) you need to make sure that the backup MX has the same filter quality as the primary and in any case use a different port without restricitions for deliver that mails to the primary later to say it short: the whole mail environment needs to be desigend from the start to a) reject a message or b) after answer with 2xx deliver it to minimize backscatters *and* provide reliable mailflow just because you 5xx doesn't mean it doesn't cause backscatter only if the sending environment is configured wrong, but in any case *you* are not triggering the backscatter and if we argue that way we also would need to stop using RBL's which rejects a majority of all incoming spam signature.asc Description: OpenPGP digital signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 16:19 schrieb Kevin A. McGrail: > On 3/26/2015 11:11 AM, Robert Schetterer wrote: >> what he describes is not backscatter, cause the mail is rejected during >> smtp imcome stage, wich means the server simply didnt take the mail >> during the running smtp session, > This argument to me assumes that their isn't a server in the middle of > the relay. Not everything is edge to edge, point A to B. Lots of > backscatter comes from attacking secondary MX's and just because you 5xx > doesn't mean it doesn't cause backscatter. > > Regards, > KAM whats the problem, you only need to take care of your mailservers are working the right way, for sure gateways make things more difficult but not unsolvable Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 16:03 schrieb Kevin A. McGrail: > On 3/26/2015 9:54 AM, Robert Schetterer wrote: >> so again , there are exceptions, but in general you are not allowed >> to silent discard mail in germany. > Unless there are MASSIVE translation issues, the answer is exactly what > DFS proposed: consent from the users of the system. > > From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html > > > Solution to the dilemma > > A solution to this problem is the consent of the recipient to delete the > e-mails that must be present in advance. In this case, the application > of the above paragraphs is excluded, legally it is called a "factual > negative consent". > > > Is that translation accurate? As i wrote you "may" be contracted and allowed to filter and discard mail by/for a customer. But you better should have a good legal office in case of trouble Most people here avoid such potentially struggle, cause they are not very hardly needed. The common way is not to do silent discard mail. And yes ,US people mostly dont understand that culture thing *g > > Regards, > KAM Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On 3/26/2015 11:11 AM, Robert Schetterer wrote: what he describes is not backscatter, cause the mail is rejected during smtp imcome stage, wich means the server simply didnt take the mail during the running smtp session, This argument to me assumes that their isn't a server in the middle of the relay. Not everything is edge to edge, point A to B. Lots of backscatter comes from attacking secondary MX's and just because you 5xx doesn't mean it doesn't cause backscatter. Regards, KAM
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015, Kris Deugau wrote:
David F. Skoll wrote:
On Thu, 26 Mar 2015 15:05:06 +0100
Reindl Harald wrote:
* spamass-milter -r 8.0
* messages above 8.0 are *rejected*
Silently? Or do you generate an NDR? I'm genuinely curious as to how you:
1) Accept mail for some recipients
2) Reject mail for others
3) Without generating backscatter
4) Given that the messages are sent in the same SMTP session with
multiple RCPTs and only one DATA.
For those of you still a little puzzled, here's an example of what David
is asking about. In the following SMTP transaction, how to you reject
the message for receip1, while accepting the message for recip2?
$ telnet mx.example.org 25
<< 220 example.org, talk to me
helo sending.server
<< 250 Hello, friend!
mail from:imma.spam...@example.com
<< 250 OK, send this to who?
rcpt to:rec...@example.org
<< 250 OK
rcpt to:rec...@example.org
<< 250 OK
DATA
<< 354 Now for the message
.
At this point you have one message, scoring > 8 points. Recipient 1
absolutely requires all mail to be delivered to their Inbox, with a
Subject tag in the case of mail considered spam. Recipient 2 wants mail
scoring > 8 points to be rejected.
What SMTP response to you send? You can only send one response, since
you only have one message, but you have two recipients with conflicting
filter policies.
At that stage you're stuck, there is no way out of that box.
To achieve the desired results you need business logic in your pre-queue
/ milter filter to do a triage during the 'rcpt' stage.
You need a database of recipient classes to indicate whether the recipient
is a spam-lover or a spam-hater.
At the first recipient you look up that address and set a state variable
for that session (call it love-hate). As each additional recipient comes in
you compare his class against the love-hate setting for the current
session. If they are compatible you respond with a 250, if not with a 452
(or other 45* type reply). This way the sender is responsible for queuing
those recipients and trying again in another SMTP session.
Then all the recipients in one session can be treated equally WRT the
handling of reject/accept based upon some future state (EG spammyness
of the message).
That logic can be extended to more than just spam love/hate status,
just need some kind of business logic that sets the compatibility
matrix at the beginning of a session and 452's any recipient that
isn't compatible.
Note that Gmail is already doing something like this (the "multiple
destinations not supported in one transaction" status).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 15:55 schrieb Reindl Harald: > > Am 26.03.2015 um 15:52 schrieb Antony Stone: >> On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote: >> >>> Delivery to the following recipient failed permanently: >>> >>>ad...@rhsoft.net >>> >>> Technical details of permanent failure: >>> Google tried to deliver your message, but it was rejected by the server >>> for the recipient domain rhsoft.net by mail-gw.thelounge.net. >>> [91.118.73.19]. >>> >>> The error that the other server returned was: >>> 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR >>> tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177, >>> server: mail-gw.thelounge.net, contact: >>> +4315953999 >> >> Surely this message is backscatter, though? >> >> It's being sent to the (apparent) sender, in response to a message >> which you >> know is identified as spam > > NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message" > that is NOT the apparent sender - it IS the sender > > it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject > a backscatter would have been when my mailserver hd sent the bounce > Harald is very unfriendly sometimes , but he is right what he describes is not backscatter, cause the mail is rejected during smtp imcome stage, wich means the server simply didnt take the mail during the running smtp session, milter are running as before-queue ! typical milters are spamass-milter, clamav-milter amavis-milter youre right it may not optimal with more recipients "sometimes" but good enough in real world, also you may combine it with any other after-queue content filter backscatter would mean accept the mail and bounce it back later to i.e a forged sender study http://www.postfix.org/MILTER_README.html http://www.postfix.org/FILTER_README.html http://www.postfix.org/BACKSCATTER_README.html Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 9:54 AM, Robert Schetterer wrote: so again , there are exceptions, but in general you are not allowed to silent discard mail in germany. Unless there are MASSIVE translation issues, the answer is exactly what DFS proposed: consent from the users of the system. From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html Solution to the dilemma A solution to this problem is the consent of the recipient to delete the e-mails that must be present in advance. In this case, the application of the above paragraphs is excluded, legally it is called a "factual negative consent". Is that translation accurate? Regards, KAM
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 15:57:14 +0100 Robert Schetterer wrote: > David, reject means your server dont take a mail, the sender > mailserver may bounce it back, after some time , its not your job to > take care of that. Yes, I'm pretty sure I understand the difference between reject and discard. What I cannot understand is why you (seem to?) think that "rejecting" mail because of unwanted content is legal, but "discarding" it is not. I post again the English translation of the Heise article; perhaps the original German is cleared, but anyway: ]]] If action is taken in the delivery process, with the result that the ]]] message does not reach its goal, the e-mail is "suppressed". So purely with respect to the law, how is "reject" different from "discard"? In either case, "action is taken" such that "the message does not reach its goal". Regards, David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 15:58 schrieb Antony Stone: On Thursday 26 March 2015 at 15:55:52 (EU time), Reindl Harald wrote: Am 26.03.2015 um 15:52 schrieb Antony Stone: Surely this message is backscatter, though? It's being sent to the (apparent) sender, in response to a message which you know is identified as spam NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message" that is NOT the apparent sender - it IS the sender it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject a backscatter would have been when my mailserver hd sent the bounce Okay, thanks for the clarification - but there's no need to shout it is after talking wasted hours about the difference of * reject * accept and discard * accept and send a bounce and my mail even contained the logs while a reject *by definition* can't be a backscatter which is the whole purpose of reject the SMTP session instead issue a 2xx status code Mar 26 15:22:51 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: milter-reject: END-OF-MESSAGE from mail-ie0-f177.google.com[209.85.223.177]: 5.7.1 Blocked by Spamfilter; from= to= proto=ESMTP helo= signature.asc Description: OpenPGP digital signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 15:45:07 +0100 Reindl Harald wrote: > boah postfix responds with a "postfix/cleanup[21827]: 3lCS043tlCz1l: > milter-reject: END-OF-MESSAGE" to the delivering client and the > server on the other side generates a bounce containing the reject > message So then the sender thinks that neither address was delivered, when in fact one copy was. I suppose that is a "solution" to the problem I posed, though IMO not a good one. :) Regards, David. signature.asc Description: PGP signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thursday 26 March 2015 at 15:55:52 (EU time), Reindl Harald wrote: > Am 26.03.2015 um 15:52 schrieb Antony Stone: > > > Surely this message is backscatter, though? > > > > It's being sent to the (apparent) sender, in response to a message which > > you know is identified as spam > > NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message" > that is NOT the apparent sender - it IS the sender > > it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject > a backscatter would have been when my mailserver hd sent the bounce Okay, thanks for the clarification - but there's no need to shout. Antony. -- Never automate fully anything that does not have a manual override capability. Never design anything that cannot work under degraded conditions in emergency. Please reply to the list; please *don't* CC me.
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 15:05 schrieb David F. Skoll: > On Thu, 26 Mar 2015 14:54:07 +0100 > Robert Schetterer wrote: > >> Uff , why should i waste my time in telling you the untruth... > > I took a look at the Heise article and Google Translate says: > > ]]] If action is taken in the delivery process, with the result that the > ]]] message does not reach its goal, the e-mail is "suppressed". > > How does that not apply to a 5xx reject? > > I looked at Joerg Heidrich's site briefly, but couldn't find anything > specifically addressing this topic. Similarly on the sys4.de site. > > Regards, > > David. > David, reject means your server dont take a mail, the sender mailserver may bounce it back, after some time , its not your job to take care of that. Silent discard mail means you take a mail and destroy it ( cause you feel free to do it), the sender and/or recipient has no chance to notice what ever happend to that mail. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 15:52 schrieb Antony Stone: On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote: Delivery to the following recipient failed permanently: ad...@rhsoft.net Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain rhsoft.net by mail-gw.thelounge.net. [91.118.73.19]. The error that the other server returned was: 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177, server: mail-gw.thelounge.net, contact: +4315953999 Surely this message is backscatter, though? It's being sent to the (apparent) sender, in response to a message which you know is identified as spam NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message" that is NOT the apparent sender - it IS the sender it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject a backscatter would have been when my mailserver hd sent the bounce signature.asc Description: OpenPGP digital signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote: > Delivery to the following recipient failed permanently: > > ad...@rhsoft.net > > Technical details of permanent failure: > Google tried to deliver your message, but it was rejected by the server > for the recipient domain rhsoft.net by mail-gw.thelounge.net. > [91.118.73.19]. > > The error that the other server returned was: > 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR > tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177, > server: mail-gw.thelounge.net, contact: > +4315953999 Surely this message is backscatter, though? It's being sent to the (apparent) sender, in response to a message which you know is identified as spam. Antony. -- "Linux is going to be part of the future. It's going to be like Unix was." - Peter Moore, Asia-Pacific general manager, Microsoft Please reply to the list; please *don't* CC me.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 15:08 schrieb David F. Skoll: On Thu, 26 Mar 2015 15:05:06 +0100 Reindl Harald wrote: * spamass-milter -r 8.0 * messages above 8.0 are *rejected* Silently? Or do you generate an NDR? I'm genuinely curious as to how you: i explained it multiple times, look at the logs at bottom From: Harald Reindl To: TL Reindl Harald Cc: ad...@rhsoft.net 1) Accept mail for some recipients postfix hands different copies to the milter otherwise the won't have different Envelope-Headers 2) Reject mail for others postfix hands different copies to the milter otherwise the won't have different Envelope-Headers 3) Without generating backscatter why should postfix generate a backscatter? the connection to the delivering client is open, that's the purpose of a milter, postfix answers with a reject 4) Given that the messages are sent in the same SMTP session with multiple RCPTs and only one DATA. boah postfix responds with a "postfix/cleanup[21827]: 3lCS043tlCz1l: milter-reject: END-OF-MESSAGE" to the delivering client and the server on the other side generates a bounce containing the reject message the only question i ask myself is why i waste my time with so much ignorance and provocation on the other side Don't call people names, please. It's a waste of bandwidth. I think I've been pretty polite and I also believe I have pretty good sysadmin/email credentials one message is to the adrress i am using here is delivered, the other to ad...@rhsoft.net got rejected by the milter and even the bounce from gmail contains the correct one Mar 26 15:22:48 mail-gw postfix/smtpd[21928]: 3lCT6w0F9Fz20: client=mail-ig0-f179.google.com[209.85.213.179] Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: message-id= Mar 26 15:22:48 mail-gw spamd[5735]: spamd: processing message for sa-milt:189 Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20: message-id= Mar 26 15:22:48 mail-gw spamd[5736]: spamd: processing message for sa-milt:189 _ [root@mail-gw:~]$ cat maillog | grep 3lCT6v6FXRz1y Mar 26 15:22:47 mail-gw postfix/smtpd[21940]: 3lCT6v6FXRz1y: client=mail-ie0-f177.google.com[209.85.223.177] Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: message-id= Mar 26 15:22:51 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: milter-reject: END-OF-MESSAGE from mail-ie0-f177.google.com[209.85.223.177]: 5.7.1 Blocked by Spamfilter; from= to= proto=ESMTP helo= [root@mail-gw:~]$ cat maillog | grep 3lCT6w0F9Fz20 Mar 26 15:22:48 mail-gw postfix/smtpd[21928]: 3lCT6w0F9Fz20: client=mail-ig0-f179.google.com[209.85.213.179] Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20: message-id= Mar 26 15:22:53 mail-gw postfix/qmgr[7240]: 3lCT6w0F9Fz20: from=, size=2144, nrcpt=1 (queue active) Mar 26 15:22:53 mail-gw postfix/smtp[22684]: 3lCT6w0F9Fz20: to=, relay=10.0.0.15[10.0.0.15]:10027, delay=5.7, delays=5.6/0/0.04/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3lCT715134z36) Mar 26 15:22:53 mail-gw postfix/qmgr[7240]: 3lCT6w0F9Fz20: removed _ [root@mail-gw:~]$ cat maillog | grep CAAcbkvN7BpCmrEkgfiMZBbxi51Exp5428Vnv4YQuaH6g=l7...@mail.gmail.com Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: message-id= Mar 26 15:22:48 mail-gw spamd[5735]: spamd: processing message for sa-milt:189 Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20: message-id= Mar 26 15:22:48 mail-gw spamd[5736]: spamd: processing message for sa-milt:189 Mar 26 15:22:51 mail-gw spamd[5735]: spamd: result: Y 10 - BAYES_50,CUST_DNSWL_4,CUST_DNSWL_5,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H2,SPF_PASS,SUBJ_ALL_CAPS,TVD_SPACE_RATIO,URIBL_BLACK scantime=3.2,size=2076,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=19453,mid=,bayes=0.499601,autolearn=disabled Mar 26 15:22:53 mail-gw spamd[5736]: spamd: result: . 4 - BAYES_50,CUST_DNSWL_4,CUST_DNSWL_5,CUST_MOST_SPAM_TO,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS,SUBJ_ALL_CAPS,TVD_SPACE_RATIO,URIBL_BLACK scantime=5.3,size=2095,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=19455,mid=,bayes=0.499644,autolearn=disabled _ Delivery to the following recipient failed permanently: ad...@rhsoft.net Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain rhsoft.net by mail-gw.thelounge.net. [91.118.73.19]. The error that the other server returned was: 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177, server: mail-gw.thelounge.net, contact: +4315953999 - Original message - DKIM-Signature: v=1; a=rsa-sha256
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
David F. Skoll wrote: > On Thu, 26 Mar 2015 15:05:06 +0100 > Reindl Harald wrote: > >> * spamass-milter -r 8.0 >> * messages above 8.0 are *rejected* > > Silently? Or do you generate an NDR? I'm genuinely curious as to how you: > > 1) Accept mail for some recipients > > 2) Reject mail for others > > 3) Without generating backscatter > > 4) Given that the messages are sent in the same SMTP session with >multiple RCPTs and only one DATA. For those of you still a little puzzled, here's an example of what David is asking about. In the following SMTP transaction, how to you reject the message for receip1, while accepting the message for recip2? $ telnet mx.example.org 25 << 220 example.org, talk to me >> helo sending.server << 250 Hello, friend! >> mail from:imma.spam...@example.com << 250 OK, send this to who? >> rcpt to:rec...@example.org << 250 OK >> rcpt to:rec...@example.org << 250 OK >> DATA << 354 Now for the message >> >> . At this point you have one message, scoring > 8 points. Recipient 1 absolutely requires all mail to be delivered to their Inbox, with a Subject tag in the case of mail considered spam. Recipient 2 wants mail scoring > 8 points to be rejected. What SMTP response to you send? You can only send one response, since you only have one message, but you have two recipients with conflicting filter policies. -kgd
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 15:05:06 +0100 Reindl Harald wrote: > * spamass-milter -r 8.0 > * messages above 8.0 are *rejected* Silently? Or do you generate an NDR? I'm genuinely curious as to how you: 1) Accept mail for some recipients 2) Reject mail for others 3) Without generating backscatter 4) Given that the messages are sent in the same SMTP session with multiple RCPTs and only one DATA. > the only question i ask myself is why i waste my time with so much > ignorance and provocation on the other side Don't call people names, please. It's a waste of bandwidth. I think I've been pretty polite and I also believe I have pretty good sysadmin/email credentials. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:54:07 +0100 Robert Schetterer wrote: > Uff , why should i waste my time in telling you the untruth... I took a look at the Heise article and Google Translate says: ]]] If action is taken in the delivery process, with the result that the ]]] message does not reach its goal, the e-mail is "suppressed". How does that not apply to a 5xx reject? I looked at Joerg Heidrich's site briefly, but couldn't find anything specifically addressing this topic. Similarly on the sys4.de site. Regards, David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 14:57 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:47:16 +0100 Reindl Harald wrote: i proved you that i can assign differnt scores to a single message with more than one recipients *per recipient* Assigning scores is passive. What do you do with the scored messages? If all your users are content to use tagging only, and never discard messages that are tagged highly, then yes... you've solved a limited version of the problem. In the real world, users are not willing to accept that. They just want spam *gone*. They don't even want to see or deal with it in any way the scores are *not* passive * spamass-milter -r 8.0 * messages above 8.0 are *rejected* * as i have proven spamass-milter get a own copy of multi-rcpt messages for each, hands that single messages to spamc and decides based on the header if that message is rejected * so the one copy with 9.5 points is rejected * the copy with 6.0 points got tagged * the copy to a user in "all_spam_to" is not because the negative score the only thing i need to do is put users/domains into the suiteable groups to apply a different scoring - that's it - done, it works if you would have read my first response *completly* you would have understodd that instead start a mail flood and make bad blood everywhere the only question i ask myself is why i waste my time with so much ignorance and provocation on the other side signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:53:26 +0100 Reindl Harald wrote: > he is not allowed to silent throw away a letter, but if he can't > deliver it it's sent back "can't" deliver is different from "won't" deliver. If you reject a message because you don't like its content, it's not because you "can't" deliver it. It's because you don't want to deliver it. Analogy: Suppose the post office decided to send back mail whose content it decided it didn't like. Would that be OK? > if you still don't accept the difference go out and call a laywer as > others did years ago. Please post links to legal opinions, case law... anything at all that I can read and study. Neither of us is a lawyer, so our opinions are worth little. Regards, David. signature.asc Description: PGP signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 14:47:16 +0100 Reindl Harald wrote: > i proved you that i can assign differnt scores to a single message > with more than one recipients *per recipient* Assigning scores is passive. What do you do with the scored messages? If all your users are content to use tagging only, and never discard messages that are tagged highly, then yes... you've solved a limited version of the problem. In the real world, users are not willing to accept that. They just want spam *gone*. They don't even want to see or deal with it in any way. > > Then you're breaking German law > OK, you really just provocate, otherwise you would not bring that > when we talk about rejects and not discarding I'm not provoking, truly. I'm genuinely curious why you think a 5xx reject is legal according to the law you cited whereas a 2xx discard is not. I really cannot see the logic for that assumption; in either case you are "suppressing" data. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 14:36 schrieb David F. Skoll: > On Thu, 26 Mar 2015 14:29:01 +0100 > Robert Schetterer wrote: > >> As i wrote, there maybe exceptions, but in general >> youre not allowed to silent discard any mail ( unless its your own , >> or its a virus ) > > Well, seeing as we have customers in the EU, I really would like to see > the text of the directive as well as any case law you can cite regarding > spam filtering. Do you have a link? > > Regards, > > David. > Uff , why should i waste my time in telling you the untruth... http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html Heise/CT is one of the biggest It magazines in Germany http://www.recht-im-internet.de/ Joerg Heidrich is one of the most famos It lawers in Germany co founder https://sys4.de so again , there are exceptions, but in general you are not allowed to silent discard mail in germany. I never ever thought to do so , or didnt found another tec way to avoid it. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 14:43 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:39:52 +0100 Reindl Harald wrote: * you write a mail * your server get a 5xx reject from the destination * your server generates a NDR and informs you * you write a mail * your server get a 200 repsonse * the destination silent discards you *really* don't see the difference? Not with respect to to the German law, which forbids "suppressing" data. In either case, you have "suppressed" the data. The law certainly does NOT say "It's OK to suppress data if you inform the originator." surely, it's handeled the same way as for a postmaster in the real world he is not allowed to silent throw away a letter, but if he can't deliver it it's sent back - exactly the same happens with a rejcted message - a NDR from the sending server to his user with "undeliverable message returned to sender" if you still don't accept the difference go out and call a laywer as others did years ago. signature.asc Description: OpenPGP digital signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 14:37 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:33:08 +0100 Reindl Harald wrote: boah - spamass-milter *rejects* above 8.0 points based on the header What if one of the recipients is opted-out and has categorically stated that he/she wants to receive every piece of email? is your intention to provocate me until i call you names or what's the purpose of strip out all relevant parts of my repsones? i proved you that i can assign differnt scores to a single message with more than one recipients *per recipient* and so i can place a domain or rcpt into "all_spam_to" and assign "score USER_IN_ALL_SPAM_TO -1000" and so the score for messages to that user hardly reach 8.0 points that below was *one* message with two different recipients X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0 > Then you're breaking German law OK, you really just provocate, otherwise you would not bring that when we talk about rejects and not discarding signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:39:52 +0100 Reindl Harald wrote: > * you write a mail > * your server get a 5xx reject from the destination > * your server generates a NDR and informs you > * you write a mail > * your server get a 200 repsonse > * the destination silent discards > you *really* don't see the difference? Not with respect to to the German law, which forbids "suppressing" data. In either case, you have "suppressed" the data. The law certainly does NOT say "It's OK to suppress data if you inform the originator." Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:37:08 +0100 Reindl Harald wrote: > i have to show nothing after for nearly a decade most german IT > magazines had articles about that topic written by law experts The only link I found written by a German law expert said that the it "may" apply to spam filtering if the recipient did not agree beforehand to how the filter operates. I also suggest you ask a German law expert if rejecting with 5xx is materially different than silently discarding when it comes to "suppressing" data. Frankly, I cannot see the difference; the law certainly doesn't say it's OK to suppress data as long as you inform the originator of said data. But maybe you could link to some articles on the topic? Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 14:34 schrieb David F. Skoll: 2) How is rejecting with a 5xx code any less of a "suppression" of the data than silently discarding with a 2xx code? * you write a mail * your server get a 5xx reject from the destination * your server generates a NDR and informs you * you write a mail * your server get a 200 repsonse * the destination silent discards you *really* don't see the difference? in the first case if the mail is important i retry, chose a different subject or even take the phone and call the other side to find out *why* it was rejected in the second one i assume the other side just ignored my message signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 9:19 AM, Reindl Harald wrote: Am 26.03.2015 um 14:13 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:02:19 +0100 Robert Schetterer wrote: Silent discard mail is mostly forbidden in the EU, Is it? Could you perhaps point me to the EU directive stating this? I'm sure there must be lots of qualifications in germany 2 years jail § 303a StGB - Datenveränderung (1) Wer rechtswidrig Daten (§ 202a Abs. 2) löscht, unterdrückt, unbrauchbar macht oder verändert, wird mit Freiheitsstrafe bis zu zwei Jahren oder mit Geldstrafe bestraft That's just the penalty clause, it doesn't define what's considered unlawful deletion of data.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 14:33:08 +0100 Reindl Harald wrote: > boah - spamass-milter *rejects* above 8.0 points based on the header What if one of the recipients is opted-out and has categorically stated that he/she wants to receive every piece of email? Then you're breaking German law. > basicly you pretend there is no solution while you just close your > eyes and ignore it I'm pretty sure there's no solution. You haven't given us one; rather, you've changed the terms of the problem until it is solveable. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 14:30 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:19:09 +0100 Reindl Harald wrote: Is it? Could you perhaps point me to the EU directive stating this? I'm sure there must be lots of qualifications in germany 2 years jail It says: "Whoever unlawfully deletes, modifies, suppresses..." You have to show that silently discarding spam (assuming you've informed the users you do this up-front) is "unlawful". That's not clear from the links I was able to find i have to show nothing after for nearly a decade most german IT magazines had articles about that topic written by law experts signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:29:01 +0100 Robert Schetterer wrote: > As i wrote, there maybe exceptions, but in general > youre not allowed to silent discard any mail ( unless its your own , > or its a virus ) Well, seeing as we have customers in the EU, I really would like to see the text of the directive as well as any case law you can cite regarding spam filtering. Do you have a link? Regards, David.
Re: Spamassassin not catching spam (Follow-up)
Hi, A followup: 1) has anyone been convicted under 303a StGB for suppressing email during spam filtering? 2) How is rejecting with a 5xx code any less of a "suppression" of the data than silently discarding with a 2xx code? In either case, the recipient does not receive the mail. The fact that the sender is *aware* of the non-receipt is immaterial. I doubt you could escape conviction by calling someone up and saying "I'm going to delete your sensitive data", deleting it, and then claiming "well, he knew I deleted it." Regards, David. signature.asc Description: PGP signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 14:27 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:14:10 +0100 Reindl Harald wrote: That is a non-solution. You are assuming all users have the same criteria for what is or isn't spammy content. you stopped premature reading my repsonse - WHY? look again at the "X-Spam-Status" header below a single mail sent from gmail to 2 addresses i own That works for tagging. What do you do with highly-spammy mail? You discard it, or you don't read it which amounts to the same thing. boah - spamass-milter *rejects* above 8.0 points based on the header and as you can see the mail with 2 different RCPT got passed *twice* to the milter, hence both copies got a different header and so finally the milter can reject one while pass the other *because* both have different scores in the header responsible for that decision Most of our users do not use or want tagging. They want good mail delivered, somewhat spammy mail quarantined for human review, and very spammy mail discarded, no questions asked. Basically, there is no solution to the problem I posed and yet you ignore that fact basicly you pretend there is no solution while you just close your eyes and ignore it signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:19:09 +0100 Reindl Harald wrote: > > Is it? Could you perhaps point me to the EU directive stating this? > > I'm sure there must be lots of qualifications > in germany 2 years jail It says: "Whoever unlawfully deletes, modifies, suppresses..." You have to show that silently discarding spam (assuming you've informed the users you do this up-front) is "unlawful". That's not clear from the links I was able to find. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 14:13 schrieb David F. Skoll: > On Thu, 26 Mar 2015 14:02:19 +0100 > Robert Schetterer wrote: > >> Silent discard mail is mostly forbidden in the EU, > > Is it? Could you perhaps point me to the EU directive stating this? > I'm sure there must be lots of qualifications. As i wrote, there maybe exceptions, but in general youre not allowed to silent discard any mail ( unless its your own , or its a virus ) Different countries , different cultures, its not a secret that in the US its not done that strict. No need to flame. The best advice in any case is avoid silent discard mail, there should be better options anytime anyplace. > > Regards, > > David. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 14:14:10 +0100 Reindl Harald wrote: > > That is a non-solution. You are assuming all users have the same > > criteria for what is or isn't spammy content. > you stopped premature reading my repsonse - WHY? > look again at the "X-Spam-Status" header below > a single mail sent from gmail to 2 addresses i own That works for tagging. What do you do with highly-spammy mail? You discard it, or you don't read it which amounts to the same thing. Most of our users do not use or want tagging. They want good mail delivered, somewhat spammy mail quarantined for human review, and very spammy mail discarded, no questions asked. Basically, there is no solution to the problem I posed and yet you ignore that fact. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 14:13 schrieb David F. Skoll: On Thu, 26 Mar 2015 14:02:19 +0100 Robert Schetterer wrote: Silent discard mail is mostly forbidden in the EU, Is it? Could you perhaps point me to the EU directive stating this? I'm sure there must be lots of qualifications in germany 2 years jail § 303a StGB - Datenveränderung (1) Wer rechtswidrig Daten (§ 202a Abs. 2) löscht, unterdrückt, unbrauchbar macht oder verändert, wird mit Freiheitsstrafe bis zu zwei Jahren oder mit Geldstrafe bestraft signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thursday 26 March 2015 at 14:02:19 (EU time), Robert Schetterer wrote: > Silent discard mail is mostly forbidden in the EU, but > someone may do so with its own mail. Does anyone here have any references to actual legislation, stating this? I've seen several comments about this in this thread, from people in various parts of the world, and it would be good to see what some actual laws say in specific jurisdictions. Thanks, Antony. -- A user interface is like a joke. If you have to explain it, it didn't work. Please reply to the list; please *don't* CC me.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 14:04 schrieb David F. Skoll: On Thu, 26 Mar 2015 13:54:45 +0100 Reindl Harald wrote: 1) Directed to multiple recipients... the content is the same, reject it or not That is a non-solution. You are assuming all users have the same criteria for what is or isn't spammy content. you stopped premature reading my repsonse - WHY? look again at the "X-Spam-Status" header below a single mail sent from gmail to 2 addresses i own X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ig0-f171.google.com Message-ID: X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ie0-f177.google.com Message-ID: and in fact both messages got a different score because my coampany address is in "MOST_SPAM" and my private one in "MANY_SPAM" X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0 the same way you reject a mail with a invalid recipient and two valid ones Very clever... except you cannot do any content scanning until you've already accepted all of the RCPT: commands. and how does that matter? there is a reason that typical bounce messages contains "to one or more recipients" - and the bounce of the delivering server just contains the response of the destination - nothing new Care to try solving again? You solve the problem of different content-scanning rules for different recipients, with no possibility of backscatter, no silent discards, and no delays due to tempfailing, and you'll make a fortune it is solved, you just don't get it signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 14:02:19 +0100 Robert Schetterer wrote: > Silent discard mail is mostly forbidden in the EU, Is it? Could you perhaps point me to the EU directive stating this? I'm sure there must be lots of qualifications. Regards, David.
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 13:54:45 +0100 Reindl Harald wrote: > > 1) Directed to multiple recipients... > the content is the same, reject it or not That is a non-solution. You are assuming all users have the same criteria for what is or isn't spammy content. > the same way you reject a mail with a invalid recipient and two valid > ones Very clever... except you cannot do any content scanning until you've already accepted all of the RCPT: commands. Care to try solving again? You solve the problem of different content-scanning rules for different recipients, with no possibility of backscatter, no silent discards, and no delays due to tempfailing, and you'll make a fortune. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 13:40 schrieb David F. Skoll: > On Thu, 26 Mar 2015 11:36:36 +0100 > Reindl Harald wrote: > >> What make you think you have the right to put a mail for a different >> person to /dev/null without reject it proper and so sender nor RCPT >> are aware? > > People who sign up for our service do so knowing that we sometimes > silently discard spam. If they don't agree, then they don't have to > use our service. > > Regards, > > David. > Silent discard mail is mostly forbidden in the EU, but someone may do so with its own mail. Policy differ with virus mails, but not for spam. There maybe exceptions, if your customer explicit contracted and allowed you to discard his mail ( i am no lawer ). Best way is reject on smtp income level tagging the rest, differ handling "may" lead to legal trouble..., also typical quarantaine "may" lead to equal legal trouble. Using silent discard for avoiding backscatter reasons is bad design and should not be needed. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 13:54 schrieb Reindl Harald: Solve that problem, and then I agree with you. And saying "well, don't let different end-users have different settings" is not a solution. Neither is "tempfail all recipients but the first so the message is transmitted one time for each recipient." the same way you reject a mail with a invalid recipient and two valid ones - as you can see below spamass-milter anyways get a seperate copy for scanning to change the overall score based on envelopes (from as well as too) based on http://comments.gmane.org/gmane.mail.postfix.user/193456 X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ig0-f171.google.com Message-ID: X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ie0-f177.google.com Message-ID: and in fact both messages got a different score because my coampany address is in "MOST_SPAM" and my private one in "MANY_SPAM" X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0 signature.asc Description: OpenPGP digital signature
Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
Am 26.03.2015 um 13:43 schrieb David F. Skoll: On Thu, 26 Mar 2015 12:09:58 +0100 Reindl Harald wrote: why in the world would a reject *before queue* trigger a backscatter or bounce on my side? How do you do before-queue rejection of a message that is... 1) Directed to multiple recipients... the content is the same, reject it or not 2) Some of which have different spam thresholds or have even opted-out? Solve that problem, and then I agree with you. And saying "well, don't let different end-users have different settings" is not a solution. Neither is "tempfail all recipients but the first so the message is transmitted one time for each recipient." the same way you reject a mail with a invalid recipient and two valid ones - as you can see below spamass-milter anyways get a seperate copy for scanning to change the overall score based on envelopes (from as well as too) based on http://comments.gmane.org/gmane.mail.postfix.user/193456 X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ig0-f171.google.com Message-ID: X-Local-Envelope-From: X-Local-Envelope-To: Received: from mail-ie0-f177.google.com Message-ID: signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On 3/26/15, David F. Skoll wrote: > On Thu, 26 Mar 2015 11:36:36 +0100 > Reindl Harald wrote: > >> What make you think you have the right to put a mail for a different >> person to /dev/null without reject it proper and so sender nor RCPT >> are aware? > > People who sign up for our service do so knowing that we sometimes > silently discard spam. If they don't agree, then they don't have to > use our service. > Exactly, and I've never found anyone to leave over it, most people appreciate not getting spam, they dont give a rats how we stop it getting to them, so long as we stop it.
Re: Spamassassin not catching spam (Follow-up)
On 3/26/15, Reindl Harald wrote: > > Am 26.03.2015 um 13:10 schrieb Nick Edwards: >> On 3/26/15, Reindl Harald wrote: bots have not learned from 55x messages EVER they dont care, they never have they never will, they will resend their shit 50 times a second without hesitation anyone whos been a mail admin for more than 5 years knows this >>> >>> in the time you wrote that paragraph you could have opened the >>> attachment, the curve of RBL rejects moved dramatically down while the >>> number of daily delivered mail is unchanged >> >> RBL blocks are still very significant around here, dont presume that >> we see what you see, same as I'd never presume you'd see what we see, >> I can say that with fact because the regions hitting our hamburg >> servers are nothing like what hits our hong kong servers, and vice >> versa > > a last reply to that thread: > > the point was not RBL's and whatz you see where, the point was that > after switch to unconditionally reject instead drop the number of > *delivery attempts* dramatically went down > > and since it is the same userbase, the same network and the same > mailflow it's not a matter of what you and i see different - it is a > matter of what i see different just by stop silent discard > i'm confused, its not a mater of what we see different but then you say it is matter of what you see different, I think unknowingly you agreed with me. Dont think we have not looked at reject, we looked at that years ago, never changed, just like we never saw graylisting as beneficial, most the bastards still resend so we dropped that too, all it did was delay legitimate mail. Either way, the way you run your network suites you, and the way we run ours suites us. Just dont go round calling other organisations method shit or dumb or silly or stupid because you disagree with how we successfully choose to run our networks, we could turn around and say the same about how you run yours, but we dont because we know and understand "each to our own"
Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))
On Thu, 26 Mar 2015 12:09:58 +0100 Reindl Harald wrote: > why in the world would a reject *before queue* trigger a backscatter > or bounce on my side? How do you do before-queue rejection of a message that is... 1) Directed to multiple recipients... 2) Some of which have different spam thresholds or have even opted-out? Solve that problem, and then I agree with you. And saying "well, don't let different end-users have different settings" is not a solution. Neither is "tempfail all recipients but the first so the message is transmitted one time for each recipient." Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 11:36:36 +0100 Reindl Harald wrote: > What make you think you have the right to put a mail for a different > person to /dev/null without reject it proper and so sender nor RCPT > are aware? People who sign up for our service do so knowing that we sometimes silently discard spam. If they don't agree, then they don't have to use our service. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
On Thu, 26 Mar 2015 07:53:49 +0100 Reindl Harald wrote: > accepted means your SMTP sevrer responded with a 250 status code and > not with a 4x temporary or 5x permanent error aka rejected the message No. Accepted means delivered to the end-user's mailbox. As an analogy: I do not believe the postal system requires acknowledgement of every single letter that ends up being delivered. If you want delivery notification, you need to pay more for it. In the electronic world, if you want to be sure you've made contact with someone, you call them up. That is not how SMTP was designed. But that is today's reality and it's tilting at windmills to fight it. Regards, David. signature.asc Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 13:10 schrieb Nick Edwards: On 3/26/15, Reindl Harald wrote: bots have not learned from 55x messages EVER they dont care, they never have they never will, they will resend their shit 50 times a second without hesitation anyone whos been a mail admin for more than 5 years knows this in the time you wrote that paragraph you could have opened the attachment, the curve of RBL rejects moved dramatically down while the number of daily delivered mail is unchanged RBL blocks are still very significant around here, dont presume that we see what you see, same as I'd never presume you'd see what we see, I can say that with fact because the regions hitting our hamburg servers are nothing like what hits our hong kong servers, and vice versa a last reply to that thread: the point was not RBL's and whatz you see where, the point was that after switch to unconditionally reject instead drop the number of *delivery attempts* dramatically went down and since it is the same userbase, the same network and the same mailflow it's not a matter of what you and i see different - it is a matter of what i see different just by stop silent discard signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On 3/26/15, Reindl Harald wrote: > > Am 25.03.2015 um 14:56 schrieb Nick Edwards: >>> if i need to take the phone and ask the admin if a mail was discarded or >>> just not delivered at the moment the mailservice is shit >> >> get into the real world, and there you go again someone does different >> than reindl does so they must be shit. jesus christ you have a lame >> outlook on life, get used to the fact because someone does something >> different than you, doesnt mean its bad. > > you should get into the real world > > if iw rite a mail and don't get a bounce i have to expect it was > delivered, if mail delivery is not trustable it is shit - not because > you are doing it different than me - but because your mailservice is > some sort of lottery > BINGO! Thats exactly what mail delivery has been for nearing 25 years. An Enormous number of service providers in the western world will discard spam messages we do nothing special or out of the ordinary, the lottery game is for the spammers, they have no idea if anyone read their trash or not, if your message is not spam it would be delivered. we have 3.8 million users, so I think we would know pretty quickly if we were doing it wrong. you will just have to accept the world doesnt follow your handbook or wishes. >>> a reject at SMTP level in case of spam don't produce bounces anywhere, >>> but the bot may interpret as "that RCPT don't accept mail" - with a >> >> bots have not learned from 55x messages EVER they dont care, they >> never have they never will, they will resend their shit 50 times a >> second without hesitation anyone whos been a mail admin for more than >> 5 years knows this > > in the time you wrote that paragraph you could have opened the > attachment, the curve of RBL rejects moved dramatically down while the > number of daily delivered mail is unchanged > RBL blocks are still very significant around here, dont presume that we see what you see, same as I'd never presume you'd see what we see, I can say that with fact because the regions hitting our hamburg servers are nothing like what hits our hong kong servers, and vice versa. >
Re: Spamassassin not catching spam (Follow-up)
Kevin, On 26/03/15 11:18, Kevin A. McGrail wrote: On 3/26/2015 7:09 AM, Reindl Harald wrote: why in the world would a reject *before queue* trigger a backscatter or bounce on my side? To me, your recommend action makes you only worried about your tiny star in the universe of mail servers and ignores the community responsibility you have as an IT administrator. *Your* actions are contributing to backscatter and you have a *choice* to handle it differently *without malicious intent* to make the computing world a better place. I don't care if your server does or doesn't end up actually sending the DSN. For example, in the scenario where server A sends a virus to your server B, my opinion is that I have a duty to act to protect the public at large and go "this is a virus, send a dsn 200 and silently discard". In any case, it does not appear you are going to change my opinion so stop beating a dead horse, agree to disagree and let's move on. Whilst I don't agree with Harald about the complete ban on silent discards; there is a time and place for any and all means at our disposal as e-mail administrators provided some common sense is applied, however I really don't agree with your viewpoint about rejections here: > For example, in the scenario where server A sends a virus to your server > B, my opinion is that I have a duty to act to protect the public at > large and go "this is a virus, send a dsn 200 and silently discard". In this case if server B rejects the message outright, then it is server A's responsibility to create a DSN/MDN and that absolutely doesn't make server B at fault at all, there is no 'community responsibility' to discard it whatsoever. The biggest common cause for backscatter is all of the e-mail admins that have systems that don't reject invalid recipients at SMTP time but instead accept all recipients and then cause the MTA to bounce the message back to the return-path when the delivery fails. It's these folks and their vendors that have a community responsibility to clean up their act. Kind regards, Steve.
Re: Spamassassin not catching spam (Follow-up)
>From: Reindl Harald >been there short ago by receive 600 backscatters about messages i never sent Hmmm. Maybe someone on this list was trying to send you a strong hint. For the record, that wasn't me but it did sound like a good idea to prove a point about backscatter.
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 12:18 schrieb Kevin A. McGrail: For example, in the scenario where server A sends a virus to your server B, my opinion is that I have a duty to act to protect the public at large and go "this is a virus, send a dsn 200 and silently discard" and send the DSN to the forged sender - that's not "ignores the community responsibility you have as an IT administrator" - you have the duty to block that message, respond with a pretty clear text that it was rejected because malware (in the best case *which* malware) and the delivering MTA will send the bounce to his user if the delivering machine is not a MTA but a botnet using forged senders it won't send a NDR to the victim - the receiving MTA producing NDR's would send to the victim of the forged envelope been there short ago by receive 600 backscatters about messages i never sent signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On Thursday 26 March 2015 at 12:18:03 (EU time), Kevin A. McGrail wrote: > stop beating a dead horse, agree to disagree and let's move on. Thanks :) Antony. -- I want to build a machine that will be proud of me. - Danny Hillis, creator of The Connection Machine Please reply to the list; please *don't* CC me.
Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 7:09 AM, Reindl Harald wrote: why in the world would a reject *before queue* trigger a backscatter or bounce on my side? To me, your recommend action makes you only worried about your tiny star in the universe of mail servers and ignores the community responsibility you have as an IT administrator. *Your* actions are contributing to backscatter and you have a *choice* to handle it differently *without malicious intent* to make the computing world a better place. I don't care if your server does or doesn't end up actually sending the DSN. For example, in the scenario where server A sends a virus to your server B, my opinion is that I have a duty to act to protect the public at large and go "this is a virus, send a dsn 200 and silently discard". In any case, it does not appear you are going to change my opinion so stop beating a dead horse, agree to disagree and let's move on. Regards, KAM
Re: Spamassassin not catching spam (Follow-up)
Hello David, Thursday, March 26, 2015, 10:56:36 AM, you wrote: DJ> I have never had customer ask to release a message that scored 2x DJ> above our block threshold or had a virus so these are definitely safe to silent DJ> discard as long as local laws allow it. Quite, and we can and do vary the /dev/null score according to the destination mailbox. -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpfByuGEnsgp.pgp Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 11:58 schrieb Kevin A. McGrail: On 3/26/2015 6:20 AM, Reindl Harald wrote: and everybody acting that way for mails which are not only his own should refrain from maintain a mailserver because he is playing lottery with other peolles communication You are inherently entitled to your opinion but we will have to agree to disagree because I believe the exact opposite that if you are not capable of knowing the cases to properly silently discard email than you have no business running a mailserver because you'll do more harm than good to the overall ecosystem. At a very minimum, you should fully understand the impact of backscatter as well as the extremely viable vector for spamming/spreading malware through the use of forged headers to relay payloads through NDRs/DSNs why in the world would a reject *before queue* trigger a backscatter or bounce on my side? the whole purpose is to *not* produce bounces *nor* silent discard - the sending MTA is repsonsible for bounces to *his* users after a reject and a bot just ignores the reject if you are talk about "have no business running a mailserver" and "you'll do more harm than good" you should know that signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 11:56 schrieb David Jones: From: Reindl Harald And that is a silent discard. You are accepting responsibility for the email, telling no one anything more and discarding it with out DSN/NDR and everybody acting that way for mails which are not only his own should refrain from maintain a mailserver because he is playing lottery with other peolles communication I filter for over 100,000 mailboxes with MailScanner so silent discards happen all the time with no issues from our customers. It's going to be different for each environment so it's not a hard rule the environment don't matter, silent discard of wrong classified mails is harm you are doing to users and not to machines - i was affected by such a behavior because talking about PTR filtering in a mail-thread and some of the hostname domains where on URI blacklists i tell you waht my reaction as responsible admin was: * a existing and payed service contract until end of 2016 * within 2 weeks day and night replaced and de-commisioned the appliance not because my personal false positives, just because i can't take responsibility and give customers qualified answers in case of a gambling machine as MX If you have other protections setup around SA like RBLs to reject, honeypot MXes that tempfail, etc., then SA only has to scan a small percentage of your messages. This equates to a very small percentage of silent discards for obvious spam which keeps you from being part of the backscatter problem. A large percentage of mail that makes it to my SA is clean mail. I do have the occasional false positive but we quarantine everything and can release it as needed. I have never had customer ask to release a message that scored 2x above our block threshold or had a virus so these are definitely safe to silent discard as long as local laws allow it. "so silent discards happen" and "false positive but we quarantine everything and can release it" at the same time? yes with RBL scoring, honeypot MX and so on only a very small percentage of mail touchs SA at all - that's why it scales also with a large user number to make the filtering before queue signature.asc Description: OpenPGP digital signature
Laws on Quarantine, Discard, Archive, Queuing, etc. was Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 6:56 AM, David Jones wrote: I do have the occasional false positive but we quarantine everything and can release it as needed. I have never had customer ask to release a message that scored 2x above our block threshold or had a virus so these are definitely safe to silent discard as long as local laws allow it. Out of interest, anyone ever run afoul of things like the EU Data Protection Directive (http://en.wikipedia.org/wiki/Data_Protection_Directive) and similar laws with email quarantine, archive and queuing? Anyone have any specific laws that have caused legal issues? regards, KAM
Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 6:20 AM, Reindl Harald wrote: and everybody acting that way for mails which are not only his own should refrain from maintain a mailserver because he is playing lottery with other peolles communication You are inherently entitled to your opinion but we will have to agree to disagree because I believe the exact opposite that if you are not capable of knowing the cases to properly silently discard email than you have no business running a mailserver because you'll do more harm than good to the overall ecosystem. At a very minimum, you should fully understand the impact of backscatter as well as the extremely viable vector for spamming/spreading malware through the use of forged headers to relay payloads through NDRs/DSNs. While this behavior was helpful to identify compromised machines perhaps a decade ago, the techniques have long since switched to malicious behavior. Your decision and advocacy for others to follow this path makes you a complicit bystander to how the bad guys work. And I can present facts, RFCs, best practices, logs, legal analysis, experts on the matter, etc. All you've stated is some amorphous laws (unquoted) based apparently in a country where I don't live. Additionally, you will not convince me to change with a stance akin to politicians being infallible and that the law shouldn't be changed. If you live in a place with such a law, you should lobby to improve the law. I live in Virginia in the US and on the face, you might saw, OMG, KAM is breaking the law https://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-152.4 for Computer Trespass. However you will notice the clause at the top that requires "malicious intent". My intent is not malicious. My intent is to protect the public at large. If you run a mail server that is sending DSNs/NDRs for everything, you might want to at least start and consider how you handle forged and malicious emails. My strong recommendation is that you consider silent discard of items that have extremely low FPs as a start such as items identified as having a malicious payload by ClamAV with default rules. I also suggest you read http://www.pccc.com/base.cgim?template=sage_code_of_ethics I call it the IT ten commandments and believe strongly that if you follow it in your work, you will find yourself rising to the upper echelon of IT admins. regards, KAM
Re: Spamassassin not catching spam (Follow-up)
> >From: Reindl Harald >Sent: Thursday, March 26, 2015 5:20 AM >To: users@spamassassin.apache.org >Subject: Re: Spamassassin not catching spam (Follow-up) >Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail: >> On 3/26/2015 2:53 AM, Reindl Harald wrote: >>> >>> Am 26.03.2015 um 01:25 schrieb David F. Skoll: On Wed, 25 Mar 2015 16:08:34 -0600 "@lbutlr" wrote: > You can reject who you want in Germany too, you just can___t delete a > message that you___ve already accepted. What does "accepted" mean? Redirecting a message to /dev/null means you didn't accept it >>> >>> accepted means your SMTP sevrer responded with a 250 status code and >>> not with a 4x temporary or 5x permanent error aka rejected the message >>> >>> don't get me wrong but that's absolute basics >> >> And that is a silent discard. You are accepting responsibility for the >> email, telling no one anything more and discarding it with out DSN/NDR >and everybody acting that way for mails which are not only his own >should refrain from maintain a mailserver because he is playing lottery >with other peolles communication I filter for over 100,000 mailboxes with MailScanner so silent discards happen all the time with no issues from our customers. It's going to be different for each environment so it's not a hard rule. If you have other protections setup around SA like RBLs to reject, honeypot MXes that tempfail, etc., then SA only has to scan a small percentage of your messages. This equates to a very small percentage of silent discards for obvious spam which keeps you from being part of the backscatter problem. A large percentage of mail that makes it to my SA is clean mail. I do have the occasional false positive but we quarantine everything and can release it as needed. I have never had customer ask to release a message that scored 2x above our block threshold or had a virus so these are definitely safe to silent discard as long as local laws allow it. Dave
Re: Spamassassin not catching spam (Follow-up)
On Thursday 26 March 2015 at 11:36:36 (EU time), Reindl Harald wrote: > Am 26.03.2015 um 11:27 schrieb Niamh Holding: > > Hello Reindl, > > > > Thursday, March 26, 2015, 10:20:15 AM, you wrote: > > > > What make you think you have the right to tell me what's appropriate in > > our setup? > > > > Arrogant or what? > > What make you think you have the right to put a mail for a different > person to /dev/null without reject it proper and so sender nor RCPT are > aware? > > Arrogant or what? On Thursday 26 March 2015 at 11:32:42 (EU time), Axb wrote: > PLEASE move this off topic noise/troll traffic to alt.test Seconded. Antony. -- "The future is already here. It's just not evenly distributed yet." - William Gibson
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 11:27 schrieb Niamh Holding: Hello Reindl, Thursday, March 26, 2015, 10:20:15 AM, you wrote: RH> and everybody acting that way for mails which are not only his own RH> should refrain from maintain a mailserver because he is playing lottery RH> with other peolles communication What make you think you have the right to tell me what's appropriate in our setup? Arrogant or what? What make you think you have the right to put a mail for a different person to /dev/null without reject it proper and so sender nor RCPT are aware? Arrogant or what? signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On 03/26/2015 11:27 AM, Niamh Holding wrote: Hello Reindl, Thursday, March 26, 2015, 10:20:15 AM, you wrote: RH> and everybody acting that way for mails which are not only his own RH> should refrain from maintain a mailserver because he is playing lottery RH> with other peolles communication What make you think you have the right to tell me what's appropriate in our setup? Arrogant or what? PLEASE move this off topic noise/troll traffic to alt.test
Re: Spamassassin not catching spam (Follow-up)
Hello Reindl, Thursday, March 26, 2015, 10:20:15 AM, you wrote: RH> and everybody acting that way for mails which are not only his own RH> should refrain from maintain a mailserver because he is playing lottery RH> with other peolles communication What make you think you have the right to tell me what's appropriate in our setup? Arrogant or what? -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgp9YFh4qdhzY.pgp Description: PGP signature
Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail: On 3/26/2015 2:53 AM, Reindl Harald wrote: Am 26.03.2015 um 01:25 schrieb David F. Skoll: On Wed, 25 Mar 2015 16:08:34 -0600 "@lbutlr" wrote: You can reject who you want in Germany too, you just can___t delete a message that you___ve already accepted. What does "accepted" mean? Redirecting a message to /dev/null means you didn't accept it accepted means your SMTP sevrer responded with a 250 status code and not with a 4x temporary or 5x permanent error aka rejected the message don't get me wrong but that's absolute basics And that is a silent discard. You are accepting responsibility for the email, telling no one anything more and discarding it with out DSN/NDR and everybody acting that way for mails which are not only his own should refrain from maintain a mailserver because he is playing lottery with other peolles communication signature.asc Description: OpenPGP digital signature
Re: Spamassassin not catching spam (Follow-up)
On 3/26/2015 2:53 AM, Reindl Harald wrote: Am 26.03.2015 um 01:25 schrieb David F. Skoll: On Wed, 25 Mar 2015 16:08:34 -0600 "@lbutlr" wrote: You can reject who you want in Germany too, you just can___t delete a message that you___ve already accepted. What does "accepted" mean? Redirecting a message to /dev/null means you didn't accept it accepted means your SMTP sevrer responded with a 250 status code and not with a 4x temporary or 5x permanent error aka rejected the message don't get me wrong but that's absolute basics And that is a silent discard. You are accepting responsibility for the email, telling no one anything more and discarding it with out DSN/NDR. Regards, KAM
