Re: Spam from the list?

[Thomas Schmitt]

Hi,

Andy Smith wrote:
> [...] I argue that at present it
> isn't a good idea to just reject all DKIM failures like OP's mailbox
> provider appears to be doing.

Just for the records:
The mails in question don't get rejected but rather marked as spam
and then get delivered.

The currently best theory is that megamailservers.eu adds a header
  X-Spam-Flag: YES
if it perceives DKIM problems, and that the local anti-spam software
of the receiver takes this header as reason to alter the subject by
the prefix "*SPAM*".

Whether it is a good idea to map DKIM failure to a spam marking header
is another interesting topic.

Original post of this thread with an example of all headers of a mail:
  https://lists.debian.org/msgid-search/3371640.PXJkl210th@protheus2


Have a nice day :)

Thomas

Re: Spam from the list?

[Andy Smith]

Hello,

On Fri, Mar 08, 2024 at 02:16:07AM +, Tim Woodall wrote:
> And some dkim seems setup with the intention that it should not be used
> for mailinglusts:
> 
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> d=dow.land;
> s=20210720;
> h=From:In-Reply-To:References:Subject:To:Message-Id:Date:
> Content-Type:Content-Transfer-Encoding:Mime-Version:Sender:Reply-To:Cc:
> Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
> Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
> List-Subscribe:List-Post:List-Owner:List-Archive;

So the thing is that the RFC for DKIM specifies a list of headers to
sign and those include ones commonly used by mailing list software
so as soon as one of those mails goes through list software, the DKIM
signatures get broken. And sadly because that is what is suggested
in the RFC, that is also the default setting of Exim in Debian.

As a result heaps of messages don't make it through mailing lists
with DKIM intact even when the list operator makes some effort to
allow it to work (e.g. avoids adding footers or subject tags, just
passes the mail through, like debian-user does).

> AFAICT, it's a problem at the originator causing failures, either
> something wrong with dkim setup or too strict set of headers.

Yes. But I think a person whose receiving system outright rejects on
DKIM failure might spend their whole lives tracking down and
contacting the operators of sending systems to educate them about
DKIM, only to be mostly met with disagreement, lack of
understanding, or silence. Which is why I argue that at present it
isn't a good idea to just reject all DKIM failures like OP's mailbox
provider appears to be doing.

That sort of setup would only be suitable for someone who doesn't
really use email, except for "transactional" mails (password
reminders, OTP, etc.) and one-way newsletters. Which admittedly is
probably the majority of users - but not OP!

> I shall be checking what this does when it gets back to me. One of the
> problems with dkim is that you assume it still works, it's hard to know
> what others actually see...

Adding DMARC and a reporting address gets you far more unwelcome
insight into what others do. 

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Spam from the list?

[Tim Woodall]

On Thu, 7 Mar 2024, Andy Smith wrote:


Hi,

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
> --- sninp ---
> 
> Authentication-Results: mail35c50.megamailservers.eu; spf=none 
> smtp.mailfrom=lists.debian.org

> Authentication-Results: mail35c50.megamailservers.eu;
> 	dkim=fail reason="signature verification failed" (2048-bit key) 
> header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"

> Return-Path: 
> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
> 	by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
> 425I9ZEK112497

>for ; Tue, 5 Mar 2024 18:09:37 +
> 
> --- snap ---
> 
> White mails get the dkim=pass and spam mails got dkim=fail (as you see above).


A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.


And some dkim seems setup with the intention that it should not be used
for mailinglusts:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=dow.land;
s=20210720;
h=From:In-Reply-To:References:Subject:To:Message-Id:Date:
Content-Type:Content-Transfer-Encoding:Mime-Version:Sender:Reply-To:Cc:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;

This one passed on bendel but not when it got to me. Most on debian-user
seem ok, debian-devel does seem to get more submissions with broken dkim
(based on looking at a random handful on each list)

AFAICT, it's a problem at the originator causing failures, either
something wrong with dkim setup or too strict set of headers.

I shall be checking what this does when it gets back to me. One of the
problems with dkim is that you assume it still works, it's hard to know
what others actually see...

Re: Spam from the list?

[John Crawley]

On 07/03/2024 21:04, Andy Smith wrote:

Hi,

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:

--- sninp ---

Authentication-Results: mail35c50.megamailservers.eu; spf=none
smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: 
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id
425I9ZEK112497
for ; Tue, 5 Mar 2024 18:09:37 +

--- snap ---

White mails get the dkim=pass and spam mails got dkim=fail (as you see above).


A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.

In this specific example your problem is that a mail came through
the Debian bug tracking system (which pretends to be the original
sender) and on the way out was DKIm signed by debian.org and then
went through Debian's list servers. Somewhere in there the DKIM
signature was broken.

I don't rate your chances of getting the operators of
bugs.debian.org and lists.debian.org to agree to preserve DKIM since
I know at least some of them are severely opposed to DKIM.

Your mailbox provider really should not be rejecting everything that
has a broken DKIm signature. This email from me will probably have a
broken DKIM signature.

Thanks,
Andy


Andy's mail's DKIM looks OK here:

Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=none (zohomail.com: 82.195.75.100 is neither permitted nor denied 
by domain of lists.debian.org)  
smtp.mailfrom=bounce-debian-user=john=bunsenlabs@lists.debian.org;
dmarc=pass(p=none dis=none)  header.from=strugglers.net
ARC-Seal: i=1; a=rsa-sha256; t=1709813111; cv=none;
d=zohomail.com; s=zohoarc;

b=E/0YtYVq6D01XC5ug3vazK169M6jDxoXOO6K7rs6qdKhNHP1XDV7QSLAvwJetsjzooDe39MNSl/160MWgl3URqQ1YhPYZ9aBFQ3DsmN74mTKPiQYOxqx0XzNy1Nemo4oRetVQDrwEGeegQWUBbrxtbD18x8R7Dd9Ps19NxKRMP8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; 
s=zohoarc;
t=1709813111; 
h=Content-Type:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Resent-Sender:Resent-Date:References:Resent-Message-ID:Resent-From:Subject:Subject:To:To:Message-Id:Reply-To:Cc;
bh=ohelUf+wTnNtAeaNpYE6UONuc2euPhvqBvxLaU7Fz7c=;

b=MUW94hTSknXpUch7F94usVvulKMrwldlWtoyP582oO6+EMhKaeisaBraF7KE46pdbHyE+AAzf/dn0xPDxNnN+M+RXSbXsQvu7qEIe/+q6fCdppDhql+IMx+U9H+Q61olqpD+JMh9IxFgAUSKme0bLD8NhFKOskvLdtzqq3XeIpg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=none (zohomail.com: 82.195.75.100 is neither permitted nor denied 
by domain of lists.debian.org)  
smtp.mailfrom=bounce-debian-user=john=bunsenlabs@lists.debian.org;
dmarc=pass header.from= (p=none dis=none)

--snip--

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=strugglers.net; s=alpha; 
h=In-Reply-To:Content-Type:MIME-Version:References

:Message-ID:Subject:To:From:Date:Content-Transfer-Encoding:Sender:Reply-To:Cc
:Content-ID:Content-Description:Resent-To;
bh=ohelUf+wTnNtAeaNpYE6UONuc2euPhvqBvxLaU7Fz7c=; 
b=c5YTQp9JWbbPNuLxDYO19XXqgy

KmEiV4tSD2LlNXy4C9/5PPfZ5JGT6U70UQpwIXgC1alHcUyD+LY6JDPEbO33KuWsWr4gvrJCwrq0u

HMUc+sKwQgknFeLxa5Jk3a3VFLURsYYec+6Lc9C4WsQB9I+xuv8CmO22xpRRNqB3SWdR7gtHy+Ab8

1UGvqoeEsCAtc5y2dt3uiX6Uy5qYDRbgbSVBhfq4TwjxmyTqmnkT1oG62tW2LavipJDvfR/40weCR

B/S7To5h6Lgc/1oLArFNtrtPlfyyRg38maGSj5Jgt9X5Vwdfg187lIla/I4OBjib2pDV5d38QzL7v
4Vz0PYFg==;

--
John

Re: Spam from the list?

[Andy Smith]

Hi,

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
> --- sninp ---
> 
> Authentication-Results: mail35c50.megamailservers.eu; spf=none 
> smtp.mailfrom=lists.debian.org
> Authentication-Results: mail35c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (2048-bit key) 
> header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
> Return-Path: 
> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
>   by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
> 425I9ZEK112497
>   for ; Tue, 5 Mar 2024 18:09:37 +
> 
> --- snap ---
> 
> White mails get the dkim=pass and spam mails got dkim=fail (as you see above).

A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.

In this specific example your problem is that a mail came through
the Debian bug tracking system (which pretends to be the original
sender) and on the way out was DKIm signed by debian.org and then
went through Debian's list servers. Somewhere in there the DKIM
signature was broken.

I don't rate your chances of getting the operators of
bugs.debian.org and lists.debian.org to agree to preserve DKIM since
I know at least some of them are severely opposed to DKIM.

Your mailbox provider really should not be rejecting everything that
has a broken DKIm signature. This email from me will probably have a
broken DKIM signature.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Spam from the list?

[Byunghee HWANG]

On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
> Hi all,
> I believe, I found the reason, why mails are marked as spam and others not.
> 
> All spam mails shjow this entry in the header:
> 
> --- sninp ---
> 
> Authentication-Results: mail35c50.megamailservers.eu; spf=none 
> smtp.mailfrom=lists.debian.org
> Authentication-Results: mail35c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (2048-bit key) 
> header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
> Return-Path: 
> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
>   by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
> 425I9ZEK112497
>   for ; Tue, 5 Mar 2024 18:09:37 +
> 
> --- snap ---
> 
> White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
> 
> However, I am not much experienced with DKIM, but as far as I read, it has 
> soemthing to do with key exchanges. 
> 
> But who must exchange keys? I see also bendel.debian.org and a bounce message.
> 
> Can that be the reason, that bendel.debian.org and megameilservers.eu has 
> some 
> problems with the keys?
> 
> On both I can not take a look and have no influence to it, but mayme the 
> admins 
> of bendel.debian.org do know more.
> 
> Thanks for reading this,
> 
> Best regards
> 
> Hans

Well i think that you would be add to whitelist emails from bendel.debian.org. 


Thanks, Byunghee from South Korea

Re: Spam from the list?

[Hans]

Hi all,
I believe, I found the reason, why mails are marked as spam and others not.

All spam mails shjow this entry in the header:

--- sninp ---

Authentication-Results: mail35c50.megamailservers.eu; spf=none 
smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key) 
header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: 
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
425I9ZEK112497
for ; Tue, 5 Mar 2024 18:09:37 +

--- snap ---

White mails get the dkim=pass and spam mails got dkim=fail (as you see above).

However, I am not much experienced with DKIM, but as far as I read, it has 
soemthing to do with key exchanges. 

But who must exchange keys? I see also bendel.debian.org and a bounce message.

Can that be the reason, that bendel.debian.org and megameilservers.eu has some 
problems with the keys?

On both I can not take a look and have no influence to it, but mayme the admins 
of bendel.debian.org do know more.

Thanks for reading this,

Best regards

Hans

Re: Spam from the list?

[debian-user]

Hans  wrote:
> HI Brad,
> 
> I do not believe, it is a training problem. Why? Well, your formerly
> mail was marked as spam. So I marked it as ham. Now, your second mail
> again is marked as spam. 
> 
> We know, there is nothing unusual with your mail, but it is again
> marked as spam. Even, when I explicity marked your mails as ham! 
> 
> Thus the problem is not on my computer. 
> 
> I believe, what Thomas said: Megamail or my mailprovider is setting
> the X- Spam-Flag to YES, and my spamassassin is recognizing this and
> marks this as spam.
> 
> The solution would be, either to make megamails or my provider make
> things correctly (but I have no atom bombs to force them) , or delete
> my rule, to check the X-Spam-Flag (which I actually do not want). 

You don't need an atom bomb. Simply contact their support and tell them
they appear to be misclassifying mail. If they don't fix the problem
then consider changing your provider. Or at least tell them you will :)

Also they are still sending the mail to you, so it is your choice
whether to actually classify it as spam! Look at your mail program and
see what options it has regarding classifying spam. Change it to not
respect the particular header you think is causing problems.

> Important is: The cause is not at debian server (which is fine!) and
> not on my system (which is also fine), but on the provider server. 
> 
> To know this, I think we can safely close this issue.
> 
> We have learnt some things (which is always important) and could find
> the reason.
> 
> Thank you all for your help and input!!

Re: Spam from the list?

[Brad Rogers]

On Wed, 06 Mar 2024 15:36:25 +0100
Hans  wrote:

Hello Hans,

>I do not believe, it is a training problem. Why? Well, your formerly
>mail was marked as spam. So I marked it as ham. Now, your second mail
>again is marked as spam. 

Spam/ham training is not, IME, a single shot affair.  However, as you go
on to say, this particular issue is in all likelihood due to forces
outside of our control.

At which point, I'll hand over to people far more experienced than I.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
You criticize us, you say we're sh*t, but we're up here doin' it
We're The League - Anti-Nowhere League


pgpPJCjXv8hya.pgp
Description: OpenPGP digital signature

Re: Spam from the list?

[Hans]

HI Brad,

I do not believe, it is a training problem. Why? Well, your formerly mail was 
marked as spam. So I marked it as ham. Now, your second mail again is marked 
as spam. 

We know, there is nothing unusual with your mail, but it is again marked as 
spam. Even, when I explicity marked your mails as ham! 

Thus the problem is not on my computer. 

I believe, what Thomas said: Megamail or my mailprovider is setting the X-
Spam-Flag to YES, and my spamassassin is recognizing this and marks this as 
spam.

The solution would be, either to make megamails or my provider make things 
correctly (but I have no atom bombs to force them) , or delete my rule, to 
check the X-Spam-Flag (which I actually do not want). 

Important is: The cause is not at debian server (which is fine!) and not on my 
system (which is also fine), but on the provider server. 

To know this, I think we can safely close this issue.

We have learnt some things (which is always important) and could find the 
reason.

Thank you all for your help and input!!

Best regards

Hans


Am Mittwoch, 6. März 2024, 14:24:19 CET schrieb Brad Rogers:
> On Wed, 06 Mar 2024 13:53:49 +0100
> Hans  wrote:
> 
> Hello Hans,
> 
> >It should be well trained
> 
> Spam training is an ongoing process
> 
> >But until then suddenly the false positives increased from one day to
> >another, although I had changed nothing.
> 
> because the spam changes.  What's coming now is new, and SA has not
> seen it before.  You have to train it.  Equally, what you consider ham
> can change - for example, when you subscribe to a new mailing list that
> caters to a subject not encountered by you before because of, say, taking
> up a new hobby.
> 
> I've been using my spam filtering set up for years too, and I still get
> the occasional false positive.  I mark them as ham to (hopefully)
> improve spam filtering here.

Re: Spam from the list?

[Brad Rogers]

On Wed, 06 Mar 2024 13:53:49 +0100
Hans  wrote:

Hello Hans,

>It should be well trained

Spam training is an ongoing process

>But until then suddenly the false positives increased from one day to
>another, although I had changed nothing.

because the spam changes.  What's coming now is new, and SA has not
seen it before.  You have to train it.  Equally, what you consider ham
can change - for example, when you subscribe to a new mailing list that
caters to a subject not encountered by you before because of, say, taking
up a new hobby.

I've been using my spam filtering set up for years too, and I still get
the occasional false positive.  I mark them as ham to (hopefully)
improve spam filtering here.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
If you ain't sticking your knives in me, you will be eventually
Monsoon - Robbie Williams


pgpW7BRD_vUWU.pgp
Description: OpenPGP digital signature

Re: *****SPAM***** Re: Spam from the list?

[Nicolas George]

Hans (12024-03-06):
> I am using this spamfilter now for several years. It should be well trained 
> and 
> almost until about 4 months I never had any problems with it.

Hi.

It is probably not the reason for you problem now, but it is important
to note that in the “several years” since your spam filter was trained,
spammers have not stayed idle, they have learned, they have refined
their mail to bypass the most common protections. And in turn,
protections have evolved to fight the new stealthiness of spammers.

Spammers also have changed topics, they used to sell pills, now they
sell cryptocurrencies. If your Bayesian filter is trained to recognize
mails that sell pills, they might accept mails that seem to talk about
technical points of computing.

So if your own mail filter has not evolved, it is not surprising that it
becomes progressively less efficient.

> Am Mittwoch, 6. März 2024, 12:22:53 CET schrieb Brad Rogers:

Please remember not to top-post.

Regards,

-- 
  Nicolas George

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Hans wrote:
> Re: *SPAM* Re: Spam from the list?
> In-Reply-To: <20240306112253.55e25...@earth.stargate.org.uk>

referring the mail

> > Date: Wed, 6 Mar 2024 11:22:53 +
> > From: Brad Rogers 
> > Message-ID: <20240306112253.55e25...@earth.stargate.org.uk>

I assume that this mail appeared with the "*SPAM*" marker in
your mailbox.
(The currently most plausible theory is that megamailservers.eu adds
"X-Spam-Flag: YES" and your local mail processing takes this header as
reason to change the subject.)

So what does the mail which you received from Brad via debian-user
say about "Authentication-Results:" ?
Your initial post quoted three such headers. Expect more than one.


Have a nice day :)

Thomas

Re: *****SPAM***** Re: Spam from the list?

[tomas]

On Wed, Mar 06, 2024 at 01:53:49PM +0100, Hans wrote:
> Hi Brad,
> 
> I am using this spamfilter now for several years. It should be well trained 
> and 
> almost until about 4 months I never had any problems with it.
> 
> But until then suddenly the false positives increased from one day to 
> another, 
> although I had changed nothing. 

You keep saying that. Your mail provider seems to have changed something.
Your spamassassin is seeing those new headers (which, by all comments in
this thread are being added on the way from the mailing list to you)
and acts accordingly.

So nothing weird. Except, perhaps, your mail provider. There are few of
them which are not weird these days.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: *****SPAM***** Re: Spam from the list?

[Hans]

Hi Brad,

I am using this spamfilter now for several years. It should be well trained and 
almost until about 4 months I never had any problems with it.

But until then suddenly the false positives increased from one day to another, 
although I had changed nothing. 

And weired: It happened only with mails from the debian forum! This looks 
weired for me. Other spammails are still well recognized and I get no false 
positives from any other site. 

Maybe this is by chance. But mails, which are recognized as spam are looking 
not fishy in any kind. Even a mail sent by myself to the forum was seen as 
spam.

Of course there is the option, that my own spamfilter has changed, although I 
did nothing manually, it could not be excluded.

I do not believe, it is is a training model, but of course, i will mark white 
mails as ham manually and see, if the false positives decrease.

Will inform you again in a few days.

Best 

Hans



Am Mittwoch, 6. März 2024, 12:22:53 CET schrieb Brad Rogers:
> On Wed, 06 Mar 2024 11:19:27 +0100
> Hans  wrote:
> 
> Hello Hans,
> 
> >Does one see any reason, why this is considered as spam???
> 
> Further to what Thomas says;  You haven't told your spam filtering that
> it's ham.  If you don't train your spam filters, it's never going to get
> any better at detecting what you consider to be ham/spam.

Re: Spam from the list?

[debian-user]

Hans  wrote:
> Hi Thomas,
> 
> > you perhaps subscribed to one of the "Resent-*" lists ?
> >  
> Not as far as I know.
>  
> > > Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector --
> > > Connector for Bleak Clients that handles transient connection
> > > failures  
> > 
> > The mark "*SPAM*" does not appear in the archive
> >   
> 
> This line is set by spamassassin on my own computer, when a spam mail
> is marked as spam. Then it will be filtered out. But I can not see,
> WHJY it is recognised as apam!
> 
> >   https://lists.debian.org/debian-devel/2024/03/msg00076.html
> > 
> > All in all it looks like a legit message, not like spam.
> > So the suspect would sit after Debian's mail servers.
> > 
> > The only Received header i see between Debian and you is:  
> > > Received: from bendel.debian.org (bendel.debian.org
> > > [82.195.75.100])
> > > 
> > > by mail104c50.megamailservers.eu (8.14.9/8.13.1) with
> > > ESMTP id 4269vZOl098298
> > > for ; Wed, 6 Mar 2024 09:57:37
> > > +  
> > 
> > It looks like either megamailservers.eu or your own processing added
> > the spam mark to the subject.
> >   
> Hmm, suspicious. I changed nothing and suddenly many mails from
> debian-user (but not all, only some) are recognized as spam. And I
> can not see, why they are. Thre are no URLs in it, no suspicous gifs
> or any other content. Just quite normal mails. And some are flagged
> as spam, some not. Weired.

So if it's not you, then it sounds like you need to ask
megamailservers.eu why.

Re: Spam from the list?

[Brad Rogers]

On Wed, 06 Mar 2024 11:19:27 +0100
Hans  wrote:

Hello Hans,

>Does one see any reason, why this is considered as spam???

Further to what Thomas says;  You haven't told your spam filtering that
it's ham.  If you don't train your spam filters, it's never going to get
any better at detecting what you consider to be ham/spam.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
People stare like they've seen a ghost
Titanic (My Over) Reaction - 999


pgp8hb40F8jjN.pgp
Description: OpenPGP digital signature

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Hans wrote:
> I changed nothing and suddenly many mails from debian-user
> (but not all, only some) are recognized as spam.

But the one you posted here did not come from debian-user.

So maybe what changed is an inadverted subscription to one of
  debian-bugs-d...@lists.debian.org
  debian-de...@lists.debian.org
  debian-pyt...@lists.debian.org,
  w...@debian.org
This might have broadened the set of mail senders and thus gives your
mail provider opportunities to complain like spotted by Dan Ritter:

> Authentication-Results: mail104c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (4096-bit key)
> header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"

"4angle.com" matches the mail address of the bug submitter
"Edward Betts ".


The shown message headers offer unsubscription from debian-devel:

> List-Unsubscribe: 
> 

I.e. to send a mail to debian-devel-requ...@lists.debian.org with the
subject line
  unsubscribe


Have a nice day :)

Thomas

Re: Spam from the list?

[Hans]

Am Mittwoch, 6. März 2024, 12:10:57 CET schrieb Dan Ritter:

> > 
> >  X-Spam-Flag: YES
> > 
> > X-SPAM-FACTOR: DKIM
> 
> What sets these two headers?
> 

I do not know. So I asked on this list.

What I believe is, that the X-Spam-Flag: YES is set somehow on the way and as 
spamassin is looking at that is marking the mail as spam. 

The question is: Where and why is this flag set? Maybe because of the DKIM 
failure? 

Sorry, I do not know, and maybe you are right: It might be a problem with 
megamailservers, who knows.

Best

Hans

Re: Spam from the list?

[Hans]

Hi Thomas,

> you perhaps subscribed to one of the "Resent-*" lists ?
>
Not as far as I know.
 
> > Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector --
> > Connector for Bleak Clients that handles transient connection failures
> 
> The mark "*SPAM*" does not appear in the archive
> 

This line is set by spamassassin on my own computer, when a spam mail is 
marked as spam. Then it will be filtered out. But I can not see, WHJY it is 
recognised as apam!

>   https://lists.debian.org/debian-devel/2024/03/msg00076.html
> 
> All in all it looks like a legit message, not like spam.
> So the suspect would sit after Debian's mail servers.
> 
> The only Received header i see between Debian and you is:
> > Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
> > 
> > by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP
> > id 4269vZOl098298
> > for ; Wed, 6 Mar 2024 09:57:37 +
> 
> It looks like either megamailservers.eu or your own processing added
> the spam mark to the subject.
> 
Hmm, suspicious. I changed nothing and suddenly many mails from debian-user 
(but not all, only some) are recognized as spam. And I can not see, why they 
are. Thre are no URLs in it, no suspicous gifs or any other content. Just 
quite normal mails. And some are flagged as spam, some not. Weired.

> 
> Have a nice day :)
> 
> Thomas


Best

Hans

Re: Spam from the list?

[Dan Ritter]

Hans wrote: 
> Hi folks,
> 
> during the last moonths I get more mails from the debian-user list marked as 
> spam than before. Something must have changed.
> 
> I examined the header of the mails, but did not see any unusual.
> 
> Below I send the header of an example of such a mail, maybe you can see the 
> reason?
> 
> On my computer I am also using spamassassin, and my own score is set to 3.4, 
> so even so it should not considered as spam. 
> 
>  X-Spam-Flag: YES
> X-SPAM-FACTOR: DKIM

What sets these two headers?


> Authentication-Results: mail104c50.megamailservers.eu;
>   dkim=fail reason="signature verification failed" (4096-bit key) 
> header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"

That's the source of the DKIM fail.

> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on bendel.debian.org
> X-Spam-Level: 
> X-Spam-Status: No, score=-6.7 required=4.0 tests=BODY_INCLUDES_PACKAGE,
>   
> DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,
>   T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
>   version=3.4.2

This is debian.org's mailserver checking for spam and deciding that it isn't,
even though DKIM is invalid.

> X-Virus-Scanned: at lists.debian.org with policy bank en-ht
> X-Amavis-Spam-Status: No, score=-8.561 tagged_above=-1 required=5.3
>   tests=[BAYES_00=-2, BODY_INCLUDES_PACKAGE=-2, DKIM_INVALID=0.1,
>   DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
>   LDO_WHITELIST=-5, T_SCC_BODY_TEXT_LINE=-0.01]
>   autolearn=ham autolearn_force=no

This is debian.org again.

> X-Bogosity: Ham, tests=bogofilter, spamicity=0.053994, version=1.2.5
> 
> --- snap ---
> 
> Does one see any reason, why this is considered as spam???

Whatever set X-SPAM-FLAG: YES is probably at fault.

-dsr-

Re: Spam from the list?

[Thomas Schmitt]

Hi,

Hans wrote:
> during the last moonths I get more mails from the debian-user list marked as
> spam than before.
> [...]
> Below I send the header of an example of such a mail, maybe you can see the
> reason?

The message does not look like it came to you via debian-user:

> X-Original-To: lists-debian-de...@bendel.debian.org
> Delivered-To: lists-debian-de...@bendel.debian.org
> Received: from localhost (localhost [127.0.0.1])
> by bendel.debian.org (Postfix) with ESMTP id B720220598
> for ; Wed,  6 Mar 2024
> [...]
> Resent-To: debian-bugs-d...@lists.debian.org
> Resent-CC: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org,
> w...@debian.org

Are you perhaps subscribed to one of the "Resent-*" lists ?


> Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector -- Connector
> for Bleak Clients that handles transient connection failures

The mark "*SPAM*" does not appear in the archive

  https://lists.debian.org/debian-devel/2024/03/msg00076.html

All in all it looks like a legit message, not like spam.
So the suspect would sit after Debian's mail servers.


The only Received header i see between Debian and you is:

> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
> by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP
> id 4269vZOl098298
> for ; Wed, 6 Mar 2024 09:57:37 +

It looks like either megamailservers.eu or your own processing added
the spam mark to the subject.


Have a nice day :)

Thomas

Spam from the list?

[Hans]

Hi folks,

during the last moonths I get more mails from the debian-user list marked as 
spam than before. Something must have changed.

I examined the header of the mails, but did not see any unusual.

Below I send the header of an example of such a mail, maybe you can see the 
reason?

On my computer I am also using spamassassin, and my own score is set to 3.4, 
so even so it should not considered as spam. 

Thisis the header:

--- snip ---

 X-Spam-Flag: YES
X-SPAM-FACTOR: DKIM
X-Envelope-From: bounce-debian-devel=hans.ullrich=loop...@lists.debian.org
DMARC-Filter: OpenDMARC Filter v1.4.1 mail104c50.megamailservers.eu 
4269vZOl098298
Authentication-Results: mail104c50.megamailservers.eu; dmarc=fail (p=reject 
dis=none) header.from=4angle.com
Authentication-Results: mail104c50.megamailservers.eu; spf=none 
smtp.mailfrom=lists.debian.org
Authentication-Results: mail104c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (4096-bit key) 
header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"
Return-Path: 
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 
4269vZOl098298
for ; Wed, 6 Mar 2024 09:57:37 +
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id C9230205B1; Wed,  6 Mar 2024 09:57:27 + (UTC)
X-Mailbox-Line: From debian-devel-requ...@lists.debian.org  Wed Mar  6 
09:57:27 2024
Old-Return-Path: 
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on bendel.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.7 required=4.0 tests=BODY_INCLUDES_PACKAGE,

DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,
T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
version=3.4.2
X-Original-To: lists-debian-de...@bendel.debian.org
Delivered-To: lists-debian-de...@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id B720220598
for ; Wed,  6 Mar 2024 
09:57:16 + (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-8.561 tagged_above=-1 required=5.3
tests=[BAYES_00=-2, BODY_INCLUDES_PACKAGE=-2, DKIM_INVALID=0.1,
DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
LDO_WHITELIST=-5, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=ham autolearn_force=no
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 
2525)
with ESMTP id CnwFbHimGCbL for ;
Wed,  6 Mar 2024 09:57:08 + (UTC)
Received: from buxtehude.debian.org (buxtehude.debian.org 
[IPv6:2607:f8f0:614:1::1274:39])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) 
server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "buxtehude.debian.org", Issuer "Debian SMTP CA" (not 
verified))
by bendel.debian.org (Postfix) with ESMTPS id F06C820576;
Wed,  6 Mar 2024 09:57:07 + (UTC)
Received: from debbugs by buxtehude.debian.org with local (Exim 4.94.2)
(envelope-from )
id 1rho1I-0040qp-GA; Wed, 06 Mar 2024 09:57:04 +
X-Loop: ow...@bugs.debian.org
Subject: *SPAM* Bug#1065537: ITP: bleak-retry-connector -- Connector 
for Bleak Clients that handles transient connection failures
Reply-To: Edward Betts , 1065...@bugs.debian.org
Resent-From: Edward Betts 
Resent-To: debian-bugs-d...@lists.debian.org
Resent-CC: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org,
w...@debian.org
X-Loop: ow...@bugs.debian.org
Resent-Date: Wed, 06 Mar 2024 09:57:02 +
Resent-Message-ID: 
X-Debian-PR-Message: report 1065537
X-Debian-PR-Package: wnpp
X-Debian-PR-Keywords: 
Received: via spool by sub...@bugs.debian.org id=B.1709718770954021
  (code B); Wed, 06 Mar 2024 09:57:02 +
Received: (at submit) by bugs.debian.org; 6 Mar 2024 09:52:50 +
Received: from 4angle.com ([78.129.222.14]:43828)
by buxtehude.debian.org with esmtps 
(TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.94.2)
(envelope-from )
id 1rhnxC-0040B7-74
for sub...@bugs.debian.org; Wed, 06 Mar 2024 09:52:50 +
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=4angle.com;
s=bridge; h=Content-Type:MIME-Version:Message-
ID:Subject:To:From:Date:Sender:
Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-
Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-
Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-
Subscribe:
List-Post:List-Owner:List-Archive;
bh=RkmeLzNl75rHSQ2ewaAj7V5oqKSJrzv7gFEX+bkonac=; 
b=bS+3bWmquMXLNzmyviYErz0ZgQ