Re: Apologies for spam - we will blacklist that account right away
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am not against grey-listing but one should think carefully when deploying it. I have threaded some of my comments below, I have also deleted some of the previous message. Harish Pillay wrote: snip Actually, intuitively, it seems to be putting a lot of stress to the servers. But if you look at what happens, each mail whose domain is not on the whitelist, gets an ack of sorts telling it to come back an unspecified time later. Genuine email servers that implement the SMTP protocol WILL retry (and generally do so for upto 5 days). The problem is that me as the receiver has to keep track of all the grey listed attempts. This load grows exponentially with the size of the user base. One user account can cause hundreds of delayed messages per day, the SMTP traffic is not the cause of the load, but all the data that has to be maintained and routinely checked that is associated with each message. snip So my advice would be to not use greylisting, as it pushes the problem to other parts of the internet and is effective only for a limited time (if anyone is using it). It pushes the problem to the source NOT the receiver. A very large percentage of these sources are spambots and is therefore perfectly acceptable to have the push back. Nope, it causes a significantly larger load on the receiver, and not the sender. The sender only has to queue the message to be resent, the receiver has to keep track of it all, for every user it serves. This database can grow quite large and cause some significant I/O overhead on a busy mail system. snip milter greylist that I use on my sendmail smtp servers use RBL lists and others in addition to greylist. So, it is not just one solution. I don't know of anyone who does not have multiple methods of fighting spam and virus emails. This is usually a good idea. If you dont have enough samples, be conservative. It is more a hassle to gain legitimate listmembers back, who you have been lost during subscription, as blocking fake accounts afterwards. Have an eye on your subscriptions. Too many new listmembers is certainly not a cause of marketing. I might have come a little off topic, but perhaps it helps someone. I apologize as well for my OT post. I am now getting back to my cookies, ice cream, cake and teas ;-) Thanks for the comments and challenges. You are welcome to take the suggestion and try it out. Nothing to loose I say. It has worked for me on the server I run (which serves a 20K userbase) and the machine is a lowly Cobalt Qube with 64MB RAM. It runs the latest sendmail and is also a webserver (low volume sites btw). 20 thousand person user base? I would not dream of serving 100 users with that hardware (the RAM is the scary part for me). To be fair I/we use encryption (SSL/TLS) by default, not to mention the virus scanning and various RBLs and filters that each message goes through. Also our greylist approach uses Mysql to store the sender/user/ip/timestamp info, so this is perhaps not an apples to apples comparison. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeN1iwRXgH3rKGfMRAqonAJ9QtqiHAwVnSpKOGBeobajH/1FpZgCgj4sU VhYQEVg9BS8oZfbu+CUUbjw= =Qmfs -END PGP SIGNATURE- ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
Le 13874ième jour après Epoch, GWMobile écrivait: Email should be instanteous and if the specs haven't been updated to call for that then the specs are outdated. ??? Why eMail *should* be instantaneous? I don't stay on groups with email delays because it is impossible to have a conversation. Try Jabber or IRC, if you need conversations. In ML we don't tell that conversations but threads. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
[we are getting way off topic here] On Dec 27, 2007 9:02 PM, GWMobile [EMAIL PROTECTED] wrote: I strongly disagree with you here. Email should be instanteous and if the specs haven't been updated to call for that then the specs are outdated. http://www.faqs.org/rfcs/rfc2821.html section 4.5.4.1 on Sending Strategy says: The general model for an SMTP client is one or more processes that periodically attempt to transmit outgoing mail. In a typical system, the program that composes a message has some method for requesting immediate attention for a new piece of outgoing mail, while mail that cannot be transmitted immediately MUST be queued and periodically retried by the sender. A mail queue entry will include not only the message itself but also the envelope information. The sender MUST delay retrying a particular destination after one attempt has failed. In general, the retry interval SHOULD be at least 30 minutes; however, more sophisticated and variable strategies will be beneficial when the SMTP client can determine the reason for non-delivery. Retries continue until the message is transmitted or the sender gives up; the give-up time generally needs to be at least 4-5 days. The parameters to the retry algorithm MUST be configurable. I don't stay on groups with email delays because it is impossible to have a conversation. It would more appropriate if the right tools were used for the right job. If you need to have instantaneous conversations, email was never meant for that. IRC and instant messaging is what you need. Email is great for threads of discussions that can be archieved, searched and worked on. However, if you think it is important that email be instantaneous like IRC, do please work on updating RFC2821. Regards. --- Harish Pillay [EMAIL PROTECTED] gpg id: 74609E3 fingerprint: F7F5 5CCD 25B9 FC25 303E 3DA2 0F80 27DB 7468 09E3 ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
After reading about the greylist which apparently bounces everyones email for a while, I would suggest no unless you are going to whitelist all current subscribers and make it only greylist new emailers. On Wed, 26 Dec 2007 12:41 am, Michael Shiloh wrote: Thanks Harish, I'll forward your suggestion to our IT person. Regards, Michael Harish Pillay wrote: May I make a suggestion to whoever is running this mailing list to add the greylist technique to it as well? I have had milter-greylist running on my main email servers for over 12 months now, and the amount of spam reaching my users/mailing lists has gone down to almost zero. Thanks. [1]http://hcpnet.free.fr/milter-greylist/ [2]http://harishpillay.livejournal.com/2007/01/17/ --- Harish Pillay [EMAIL PROTECTED] gpg id: 74609E3 fingerprint: F7F5 5CCD 25B9 FC25 303E 3DA2 0F80 27DB 7468 09E3 ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community www.GlobalBoiling.com for daily images about hurricanes, globalwarming and the melting poles. www.ElectricQuakes.com daily solar and earthquake images. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
Harish Pillay wrote: May I make a suggestion to whoever is running this mailing list to add the greylist technique to it as well? I have had milter-greylist running on my main email servers for over 12 months now, and the amount of spam reaching my users/mailing lists has gone down to almost zero. I know greylisting works and is stopping spam very effective (for now). However this behaviour puts high volume mailservers in a lot of stress. Also I am experiencing, that spammers are adapting to greylisting and are connecting multiple times to mailservers. Supposedly in order to pass greylisting. Thus, the administrators of these high volume mailservers have to get rid of several thousands incoming connections per minute from a single spammer (think of a botnet DDoS you) and delayed outgoing connections for your customers. You therefore have a higher deferr rate outgoing (doubling outgoing connections) and therefore have a bigger mailqueue, additionally you have more incoming connections (spam) blocking your available TCP ports permanently only for the cause to reject them. So my advice would be to not use greylisting, as it pushes the problem to other parts of the internet and is effective only for a limited time (if anyone is using it). My thought is, that it would be much more effective to block subscription by sophisticated captchas (take care of XSS vulnerabilities ) . Also it might be effective to block subscriptions by using lists of compromised hosts like CBL (http://cbl.abuseat.org). Try to identify which IPs are causing trouble and do match them with several blacklists. The lists do not always work in the same way as it does for others. Sometimes also only a mix of several lists are working. http://karmasphere.com/ might help you there. If you dont have enough samples, be conservative. It is more a hassle to gain legitimate listmembers back, who you have been lost during subscription, as blocking fake accounts afterwards. Have an eye on your subscriptions. Too many new listmembers is certainly not a cause of marketing. I might have come a little off topic, but perhaps it helps someone. I am now getting back to my cookies, ice cream, cake and teas ;-) Cheers Thomas ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
After reading about the greylist which apparently bounces everyones email for a while, I would suggest no unless you are going to whitelist all current subscribers and make it only greylist new emailers. Yes, that is true. What I have done on the servers I run - which serves a userbase of about 20k, is to add the obvious ones to a whitelist. LIke gmail.com, hotmail.com and big name companies like sony.com, ibm.com redhat.com, sun.com, oracle.com. I had it with spammers who were sending email from botnets that when I got this setup going late last year, the email I got was from the 20k users who were now wondering why is it that they don't have much in their spam folders and they did not need to spend 10-30 minutes each morning clearing spam that ended up in their inboxes. I have been running it for now 12 months, and in my whitelist of my greylist config file, I have about 20 domains autowhitelisted. All others will be randomly delayed and autowhitelisted if they show up. My real world experience has been that no email that was legitimate EVER got missed out. Perhaps I should mention here for completeness that, I had to spend some minimal time reinforcing the idea that email is NOT instantaneous and that one has to expect delays. The SMTP protocol amply explains this principle. We have gotten spoilt thinking that email is immediate, when it is best efforts. So, all things considered, the technique works well with spam bots (who get paid by the # of mail SENT and not by tje # RECEIVED). Harish ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
May I make a suggestion to whoever is running this mailing list to add the greylist technique to it as well? I have had milter-greylist running on my main email servers for over 12 months now, and the amount of spam reaching my users/mailing lists has gone down to almost zero. I know greylisting works and is stopping spam very effective (for now). However this behaviour puts high volume mailservers in a lot of stress. Also I am experiencing, that spammers are adapting to greylisting and are connecting multiple times to mailservers. Supposedly in order to pass greylisting. Thus, the administrators of these high volume mailservers have to get rid of several thousands incoming connections per minute from a single spammer (think of a botnet DDoS you) and delayed outgoing connections for your customers. You therefore have a higher deferr rate outgoing (doubling outgoing connections) and therefore have a bigger mailqueue, additionally you have more incoming connections (spam) blocking your available TCP ports permanently only for the cause to reject them. Actually, intuitively, it seems to be putting a lot of stress to the servers. But if you look at what happens, each mail whose domain is not on the whitelist, gets an ack of sorts telling it to come back an unspecified time later. Genuine email servers that implement the SMTP protocol WILL retry (and generally do so for upto 5 days). When a mail is received and is not on the whitelist AND not on a previously seen list, a triple gets stored on the server - the sender ID, recipient ID and sender's IP#. That's it. That incoming SMTP get acked and closed off. If it was a genuine SMTP server, it will retry and when it does AFTER some timeout period (which is not known to both ends), and the receiving SMTP server matches the triple (sender ID, recipient ID and sender IP#), then that mail is accepted and processed. If it came back within the timeout period, it will be rejected. It is true that some legitimate SMTP servers WILL retry almost immediately, but that load is and behaviour is OK for it is usually not spambots. So my advice would be to not use greylisting, as it pushes the problem to other parts of the internet and is effective only for a limited time (if anyone is using it). It pushes the problem to the source NOT the receiver. A very large percentage of these sources are spambots and is therefore perfectly acceptable to have the push back. My thought is, that it would be much more effective to block subscription by sophisticated captchas (take care of XSS vulnerabilities ) . Also it might be effective to block subscriptions by using lists of compromised hosts like CBL (http://cbl.abuseat.org). Try to identify which IPs are causing trouble and do match them with several blacklists. The lists do not always work in the same way as it does for others. Sometimes also only a mix of several lists are working. http://karmasphere.com/ might help you there. milter greylist that I use on my sendmail smtp servers use RBL lists and others in addition to greylist. So, it is not just one solution. If you dont have enough samples, be conservative. It is more a hassle to gain legitimate listmembers back, who you have been lost during subscription, as blocking fake accounts afterwards. Have an eye on your subscriptions. Too many new listmembers is certainly not a cause of marketing. I might have come a little off topic, but perhaps it helps someone. I am now getting back to my cookies, ice cream, cake and teas ;-) Thanks for the comments and challenges. You are welcome to take the suggestion and try it out. Nothing to loose I say. It has worked for me on the server I run (which serves a 20K userbase) and the machine is a lowly Cobalt Qube with 64MB RAM. It runs the latest sendmail and is also a webserver (low volume sites btw). Harish ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Apologies for spam - we will blacklist that account right away
As most of you will surely guess, that email about magazine subscriptions was spam. We take your privacy very seriously and will take the necessary steps to prevent this poster from using our list again. Again, our apologies. Michael Shiloh ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
thanks Michael i got excited when i saw the subject only one more weeks thought maybe something special was happening, but no. i was a little dubious about the pluralisation of 'week' though. happy Christmas! On 25/12/2007, Michael Shiloh [EMAIL PROTECTED] wrote: As most of you will surely guess, that email about magazine subscriptions was spam. We take your privacy very seriously and will take the necessary steps to prevent this poster from using our list again. Again, our apologies. Michael Shiloh ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community -- Tel: 00447809457487 Email: [EMAIL PROTECTED] www: http://www.happyjames.co.uk ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
On Tue, 25 Dec 2007 23:09:52 +0100, Michael Shiloh [EMAIL PROTECTED] wrote: As most of you will surely guess, that email about magazine subscriptions was spam. We take your privacy very seriously and will take the necessary steps to prevent this poster from using our list again. Well, looking at the headers of that message, it scored a jackpot on SpamAssassin, I wonder why it still got through. -- Alexey Feldgendler [EMAIL PROTECTED] [ICQ: 115226275] http://feldgendler.livejournal.com ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
May I make a suggestion to whoever is running this mailing list to add the greylist technique to it as well? I have had milter-greylist running on my main email servers for over 12 months now, and the amount of spam reaching my users/mailing lists has gone down to almost zero. Thanks. [1]http://hcpnet.free.fr/milter-greylist/ [2]http://harishpillay.livejournal.com/2007/01/17/ --- Harish Pillay [EMAIL PROTECTED] gpg id: 74609E3 fingerprint: F7F5 5CCD 25B9 FC25 303E 3DA2 0F80 27DB 7468 09E3 ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Apologies for spam - we will blacklist that account right away
Thanks Harish, I'll forward your suggestion to our IT person. Regards, Michael Harish Pillay wrote: May I make a suggestion to whoever is running this mailing list to add the greylist technique to it as well? I have had milter-greylist running on my main email servers for over 12 months now, and the amount of spam reaching my users/mailing lists has gone down to almost zero. Thanks. [1]http://hcpnet.free.fr/milter-greylist/ [2]http://harishpillay.livejournal.com/2007/01/17/ --- Harish Pillay [EMAIL PROTECTED] gpg id: 74609E3 fingerprint: F7F5 5CCD 25B9 FC25 303E 3DA2 0F80 27DB 7468 09E3 ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community