Message: 5 Date: Thu, 19 Feb 2004 16:57:23 -0700 From: "Monique Y. Herman" <[EMAIL PROTECTED]> Subject: Re: addresses being incorrectly added to blacklist To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> On 2004-02-19, F. Even penned:
What does your incoming log have to say about what it did to these messages?
Two of the 3 addresses had been released, so they are in my ~/.tmda/lists/released file, and 1 had actually confirmed their message, and the address for that is sitting in ~/.tmda/lists/confirmed. YET, all 3 of these addresses appeared on the blacklist (automating the blacklisting has proven unreliable enough that I have a cron to e-mail me my blacklist each night so I can see if it caught legitimate addresses, which it does). Is there any logging aside from the message delivery logging that can be turned on? Can anyone explain why these addresses are getting added to the blacklist when they have either been confirmed and are sitting in confirmed or manually released and sitting in released?
I'm not sure what you mean by "message delivery logging."
I have the following lines in my config:
LOGFILE_DEBUG = os.path.expanduser("~/log/tmda/debug") LOGFILE_INCOMING = os.path.expanduser("~/log/tmda/incoming") LOGFILE_OUTGOING = os.path.expanduser("~/log/tmda/outgoing")
So, once again, what does your incoming log have to say about what it did to these messages?
The incoming log should look something like this:
Date: Sun Feb 15 06:27:38 MST 2004 From: root <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subj: Daily AIDE report for localhost.org Actn: OK (from-file /home/monique/.tmda/lists/whitelist ok) (47581)
Once again, I've explained what happened w/ each of the messages. The incoming log does not tell how it gets added to the blacklist! That is what I meant by "message delivery logging." The incoming log is an example of "message delivery logging." But if I delete a message from tmda-pending, it doesn't log anything anywhere about what happened, including it getting added to the blacklist for having the "PENDING_DELETE_APPEND" option chosen. At this point, I barely remember all three messages, but here is what I found on a couple of them in the logs, one that was manually released, and one that was confirmed:
Confirmed:
Date: Tue Feb 3 22:47:32 CST 2004
From: scrubbed
To: [EMAIL PROTECTED]
Subj: Re: scrubbed subject
Actn: CONFIRM action_incoming (2334)
Date: Tue Feb 3 22:47:32 CST 2004
From: scrubbed
To: [EMAIL PROTECTED]
Subj: Re: scrubbed subject
Actn: CONFIRM pending 1075870052.28279.msg (2334)
--
Date: Wed Feb 4 09:51:00 CST 2004
From: scrubbed
To: [EMAIL PROTECTED]
Subj: Re: Please confirm your message
Actn: CONFIRM accept 1075870052.28279.msg (2731)
Date: Wed Feb 4 09:51:00 CST 2004 From: scrubbed To: [EMAIL PROTECTED] Subj: Re: Please confirm your message Actn: CONFIRM_APPEND /home/user/.tmda/lists/confirmed (2731)
Date: Wed Feb 4 09:51:02 CST 2004
From: scrubbed
To: [EMAIL PROTECTED]
Subj: Re: scrubbed subject
Actn: OK good_confirm_done_cookie (2612)
--
Date: Thu Feb 5 12:16:43 CST 2004
From: scrubbed
To: [EMAIL PROTECTED]
Subj: Re: scrubbed subject
Actn: OK (from-file ~/.tmda/lists/confirmed ok) (2822)
Mannually Released:
Date: Mon Feb 2 07:39:37 CST 2004
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subj: State Farm Antivirus Email Gateway Notification
Actn: CONFIRM pending 1075729177.4386.msg (1756)
Date: Thu Feb 5 00:36:33 CST 2004
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subj: State Farm Antivirus Email Gateway Notification
Actn: OK good_confirm_done_cookie (2031)
The ONLY thing that shows up in the logs is the CONFIRM_APPEND as far as what gets added to the multiple lists, making logging virtually useless in this situation.
Message: 6 Date: Thu, 19 Feb 2004 19:42:17 -0800 From: Robin Lynn Frank <[EMAIL PROTECTED]> Subject: Re: addresses being incorrectly added to blacklist To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" On Wednesday 18 February 2004 23:06, F. Even wrote:
from <> ok from-file ~/.tmda/lists/blacklist bounce from-file ~/.tmda/lists/whitelist_wildcards accept from-file ~/.tmda/lists/whitelist ok from-file ~/.tmda/lists/confirmed ok from-file ~/.tmda/lists/released ok
Regardless of what is causing the problem, if you move things around like:
from <> ok from-file ~/.tmda/lists/confirmed ok from-file ~/.tmda/lists/released ok from-file ~/.tmda/lists/whitelist ok from-file ~/.tmda/lists/blacklist bounce #drop is prabably better from-file ~/.tmda/lists/whitelist_wildcards accept
That way accidental deletions don't block mail from otherwise whitelisted senders. BTW, the reason I recommend drop over bounce is that with so much forged spam and virus mail, bouncing is a poor choice.
For additional flexibility, you might want to go with "released hold" so that you can release mail from a source you are unsure of without leaving the door open.
-- Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Email acceptance policy: http://paradigm-omega.com/email_policy.php :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Confidential or privileged information unintentionally sent us will be listed on EBAY as soon as possible Paypal is accepted. ------------------------------ Message: 7 Date: Thu, 19 Feb 2004 22:38:34 -0600 From: Tim Legant <[EMAIL PROTECTED]> Subject: Re: addresses being incorrectly added to blacklist To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii "F. Even" <[EMAIL PROTECTED]> writes:
Something worth trying. I would like to automate blacklisting, but have these addresses that have been legitimately dealt with are being added to the blacklist is annoying. Am I not already doing a "released hold" basically be intercepting the message and releasing it initially?
Message: 7 Date: Thu, 19 Feb 2004 22:38:34 -0600 From: Tim Legant <[EMAIL PROTECTED]> Subject: Re: addresses being incorrectly added to blacklist To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii
"F. Even" <[EMAIL PROTECTED]> writes:
> Date: Thu, 12 Feb 2004 08:55:10 -0800 > From: Stephen Warren <[EMAIL PROTECTED]> > Subject: Re: addresses being incorrectly added to blacklist > To: [EMAIL PROTECTED] > >Quoting "F. Even" <[EMAIL PROTECTED]>: >
> > I'm having a situation where legitimate addresses are getting > > added to the blacklist. The only reason I could think of that > > this may behappening is that it is an instance where I have > > released a message, and the confirmation was never received. > > Should these addresses be getting...
> > [EMAIL PROTECTED]:~/.tmda] grep APPEND config > > ... > > PENDING_DELETE_APPEND = os.path.expanduser("~/.tmda/lists/blacklist")
> > See http://www.tmda.net/config-vars.html#PENDING_DELETE_APPEND. Setting > this variable means that whenever a message is deleted from the pending > queue, the sender's address will be automatically added to the given list > - your blacklist. This will happen (as you suggest) when no response is > seen to a confirmation request within your defined time limit, and the > pending queue is cleaned up automatically (see also > http://www.tmda.net/config-vars.html#PENDING_CLEANUP_ODDS)
[...]
OK....I've just had 3 addresses added to my blacklist from messages that I'm not sure were ever confirmed. I KNOW I've released them all manually, I don't know if the people ever sent their confirmation. If I release a message, why should it ever get added to the blacklist, even considering how I have my setup configured? This would seem to be a bug to me. I am using the latest version this time, that has been confirmed.
What Stephen said is correct. When TMDA deletes messages from the queue, which can happen anytime you receive mail (tmda-filter does the work), those sender addresses are added to PENDING_DELETE_APPEND. This may seem weird, but it is the desired behavior. Deleting a message and blacklisting the sender are not the same thing. If you want to blacklist a sender, you should explicitly choose to blacklist them. If you simply want to delete a message, don't add that sender to your blacklist!
Remove PENDING_DELETE_APPEND from your configuration and you will find that these problems go away. If you want to keep track of the sender addresses of email you have deleted, set PENDING_DELETE_APPEND to a different filename than your blacklist file.
But this is a BUG, can we not at least agree on that? No one can explain to me why this is happening, except to "remove this." Even according to the documentation, it "suggests" that this could be used for blacklisting:
[quote]
PENDING_DELETE_APPEND
Filename to which a sender's e-mail address should be automatically appended when a message is "deleted" by tmda-pending. tmda-filter's automated pending queue cleanup feature (see PENDING_CLEANUP_ODDS) also respects this setting.
Example:
PENDING_DELETE_APPEND = "/full/path/to/blacklist" [/quote]
The problem here though is that it is adding it to the blacklist EVEN IF it has been confirmed or manually released. If someone can explain to me how to enable some USEFUL logging to determine why this is happening, I'll be happy to keep watching it contributing information.
Frank _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
