Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)
On 2016-08-01 05:55, @lbutlr wrote: On 31 Jul 2016, at 01:06, Robert Schetterer wrote: But thats historic, bots are recoded, better antibot tecs were invented. The only problem now is people still believe in historic stuff. Yeah, that about sums it up. Greylisting never worked well, always caused problems with lost email, and in 2016 is simply a bad idea. Not just a not good idea, but a bad idea. back to basic then, why would a mta like postfix not deliver later when it get a tempfail ? i bet greylist is cough invalid mailservers at the doorstep, it could be that postscreen is bad aswell ? see in sqlgrey whitelist how many old ips that do not retry, shurg
Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)
On 31 Jul 2016, at 01:06, Robert Schetterer wrote: > But thats historic, bots are recoded, better antibot tecs were invented. > The only problem now is people still believe in historic stuff. Yeah, that about sums it up. Greylisting never worked well, always caused problems with lost email, and in 2016 is simply a bad idea. Not just a not good idea, but a bad idea.
Re: false possitive
On 2016-07-31 13:27, Benny Pedersen wrote:
# rule:[h.reindl maillist]
if allof (header :contains "from" "h.rei...@thelounge.net", header
:contains "to" "users@spamassassin.apache.org")
{
setflag "\\Seen";
stop;
}
That seems poorly written as it relies upon the To field while the list
may also receive CC/BCC'd messages, and doesn't handle all possible
instances in the From field. Also, I'd remove "stop" as I still want
this delivered into the spamassassin folder by a later rule. This seems
to work better:
if allof (anyof (header :contains "from" "h.rei...@thelounge.net",header
:contains "from" "m...@junc.eu"), header :is "List-Id"
"")
{
setflag "\\Seen";
}
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: false possitive
On 2016-07-31 22:23, Reindl Harald wrote:
what the hell is the reason to spam this list with a report of a FP
solved years ago *before* update your stuff? especially from the guy
who talks always about "precompiled problems" outside of the gentoo
world and hence can't have any outdated software by definition
sorry i missed this one here
# rule:[h.reindl maillist]
if allof (header :contains "from" "h.rei...@thelounge.net", header
:contains "to" "users@spamassassin.apache.org")
{
setflag "\\Seen";
stop;
}
Re: false possitive
Am 31.07.2016 um 22:16 schrieb Benny Pedersen: On 2016-07-31 21:42, Martin Hepworth wrote: 3.3.1 was released march 2010, yes its a slow update these days as latest is 3.4.1 but most of the updates are around the rulesets But i'd really suggest you update i have :=) well, *now* you have, your report with "FS_REPLICA" at http://www.dovecot.org/list/dovecot/2016-July/105105.html shows the truth dovecot.org working on there own problem with 3.3.1 they have no problem with 3.3.1, you had, a RBL listing is a completly different story wake up what the hell is the reason to spam this list with a report of a FP solved years ago *before* update your stuff? especially from the guy who talks always about "precompiled problems" outside of the gentoo world and hence can't have any outdated software by definition signature.asc Description: OpenPGP digital signature
Re: false possitive
On 2016-07-31 21:42, Martin Hepworth wrote: 3.3.1 was released march 2010, yes its a slow update these days as latest is 3.4.1 but most of the updates are around the rulesets But i'd really suggest you update i have :=) dovecot.org working on there own problem with 3.3.1 wake up
Re: false possitive
3.3.1 was released march 2010, yes its a slow update these days as latest is 3.4.1 but most of the updates are around the rulesets But i'd really suggest you update On Sun, 31 Jul 2016 at 20:33, Benny Pedersen wrote: > On 2016-07-31 21:30, Matus UHLAR - fantomas wrote: > > > will you answer or are you just trolling? > > oh dear > > you may make your own problems > > >
Re: false possitive
Am 31.07.2016 um 21:30 schrieb Matus UHLAR - fantomas: On 2016-07-31 21:09, Matus UHLAR - fantomas wrote: so why do you complain in spamassassin list? On 31.07.16 21:13, Benny Pedersen wrote: is this a question ? of course it is a question. it ends by a question mark. read my post on dovecot running a server in pbl why? yes why ? will you answer or are you just trolling? rethoric question - just look at the sender signature.asc Description: OpenPGP digital signature
Re: false possitive
On 2016-07-31 21:30, Matus UHLAR - fantomas wrote: will you answer or are you just trolling? oh dear you may make your own problems
Re: false possitive
On 2016-07-31 21:09, Matus UHLAR - fantomas wrote: so why do you complain in spamassassin list? On 31.07.16 21:13, Benny Pedersen wrote: is this a question ? of course it is a question. it ends by a question mark. read my post on dovecot running a server in pbl why? yes why ? will you answer or are you just trolling? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N)
Re: false possitive
On 2016-07-31 21:09, Matus UHLAR - fantomas wrote: so why do you complain in spamassassin list? is this a question ? read my post on dovecot running a server in pbl why? yes why ?
Re: false possitive
On 2016-07-31 17:37, Matus UHLAR - fantomas wrote: On 31.07.16 16:55, Benny Pedersen wrote: 3.6 FS_REPLICA Subject says "replica" missing ancor ? replication seems to be very 5 years) old rule. need sa-update apparently: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6637 rule exists in sa 3.3.1, yes needs updates on there spamassassin install or dovecot.org did not have latest rule set i do care
Re: false possitive
Am 31.07.2016 um 16:55 schrieb Benny Pedersen: 3.6 FS_REPLICA Subject says "replica" missing ancor? On 2016-07-31 20:27, Reindl Harald wrote: fix your setup, that rule don't exist [root@mail-gw:~]$ sa-score.sh FS_REPLICA /usr/share/spamassassin /var/lib/spamassassin/3.004001/updates_spamassassin_org /etc/mail/spamassassin/local-*.cf On 31.07.16 20:43, Benny Pedersen wrote: and i use rspamd now so why do you complain in spamassassin list? read my post on dovecot running a server in pbl why? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody
Re: false possitive
On 2016-07-31 20:46, Reindl Harald wrote: don't care so please ignore me with a autoreader in sieve, if you just reply to dont care mails you miss a lot of time to other nice things
Re: false possitive
Am 31.07.2016 um 20:43 schrieb Benny Pedersen: On 2016-07-31 20:27, Reindl Harald wrote: Am 31.07.2016 um 16:55 schrieb Benny Pedersen: 3.6 FS_REPLICA Subject says "replica" missing ancor? fix your setup, that rule don't exist [root@mail-gw:~]$ sa-score.sh FS_REPLICA /usr/share/spamassassin /var/lib/spamassassin/3.004001/updates_spamassassin_org /etc/mail/spamassassin/local-*.cf and i use rspamd now so why do you complain here about rules not existing for 5 years read my post on dovecot running a server in pbl don't care signature.asc Description: OpenPGP digital signature
Re: false possitive
On 2016-07-31 20:27, Reindl Harald wrote: Am 31.07.2016 um 16:55 schrieb Benny Pedersen: 3.6 FS_REPLICA Subject says "replica" missing ancor? fix your setup, that rule don't exist [root@mail-gw:~]$ sa-score.sh FS_REPLICA /usr/share/spamassassin /var/lib/spamassassin/3.004001/updates_spamassassin_org /etc/mail/spamassassin/local-*.cf and i use rspamd now read my post on dovecot running a server in pbl
Re: false possitive
Am 31.07.2016 um 16:55 schrieb Benny Pedersen: 3.6 FS_REPLICA Subject says "replica" missing ancor? fix your setup, that rule don't exist [root@mail-gw:~]$ sa-score.sh FS_REPLICA /usr/share/spamassassin /var/lib/spamassassin/3.004001/updates_spamassassin_org /etc/mail/spamassassin/local-*.cf signature.asc Description: OpenPGP digital signature
Re: false possitive
On 31.07.16 16:55, Benny Pedersen wrote: 3.6 FS_REPLICA Subject says "replica" missing ancor ? replication seems to be very 5 years) old rule. need sa-update apparently: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6637 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
false possitive
3.6 FS_REPLICA Subject says "replica" missing ancor ? replication
Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)
Am 30.07.2016 um 13:10 schrieb Kim Roar Foldøy Hauge: > On Sat, 30 Jul 2016, Robert Schetterer wrote: > >> Am 30.07.2016 um 03:34 schrieb Reindl Harald: >>> >>> >>> Am 29.07.2016 um 22:48 schrieb Dianne Skoll: On Fri, 29 Jul 2016 22:39:15 +0200 Robert Schetterer wrote: >> I don't use postfix or postscreen. > hm.. that does not fit the subject..why did you involved yourself ? I am sorry. I should have changed the thread subject. > you may get that quite better, i see > a lot of server greylisting useless ,only filling up others queues > waiting for a second slot ,so it may only cheap for you but not for > your partners > Dont slow down communication if you dont need to So what I didn't mention is that in our implementation, once an IP address successully passes greylisting, we no longer greylist it for the next 45 days. (It would probably be pointless... if an IP passes greylisting once, it probably will keep passing it.) >>> >>> that's nothing special and postgrey does the same, the whole point of >>> greylisting is that badly written bots don't try again (the same happens >>> if they connect to a backup-MX responding with 4xx) >>> >>> also it don't help for clients which *do not* pass like large senders >>> with outbound clusters coming each time from a different IP >>> >>> hence you skip greylisting based on DNSWL and spf-policyd because that >>> big legit senders hit DNSWL or have a proper SPF while random bots of >>> infected machines don't and this ones are your target for greylisting >>> >>> >>> >> >> Harald is right, the goal has to be "reject" spam asap, not to tell >> "come again later", i.e i had 4 bot cons per second, this will run out >> the system of smtp slots rapidly which means any good sender isnt able >> to sent mail too, greylisting makes such situations more worst. >> > > I'm no expert here, but postgrey is usually a purely local test. It > should terminate with a "currently busy, try again later" message very > quickly. SPF checks and white listing require dns lookups that can > potentially take much longer. Several orders of magnitude longer. > > Efficient handling of spam is all about doing the least expensive tests > first in terms of cpu/time. Caching DNS can probably help a bit, but it > will still require the occasional lookup now and then that take a lot > longer than a good greylisting implementation should ever do. > > Doing an expensive test on every mail when it's not needed is badly > designed setup. > > Many of the dns based lists also limit the amount of checks per day. > Worst case scenario, you stop getting results from lists due to over > use. If you use google's 8.8.8.8 servers for dns lookups one can quickly > run into that problem, I did. A high volume of dns checks could force > you into having to pay for the amount of traffic you cause. > > Many expensive network (takes a long time) checks will probably make you > run out of slots a lot faster than the reconnects due to greylisting > will do due to the time spent waiting for the lookups to finish. > > If speed of delivery is important, you could lower the amount of time > mail stays greylisted. Ideally you'd like the mail delivered the first > time a server tries to send it again. If a server tries to resend once, > it will most likely try more than once anyway. Having a minimum time of > 300 seconds, the default of postgrey, is probably a bit excessive. > Greylisting was invented as an idea against bots. Its based on the idea that bots "fire and forget" when they see a tmp error and dont get back. This idea was criticized for design failures since it exists ( Harald and me explained it in detail ), but was acceptable in lack of better ideas that time. But thats historic, bots are recoded, better antibot tecs were invented. The only problem now is people still believe in historic stuff. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
