Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Noel Butler
 

On 27/03/2015 12:23, Noel Butler wrote: 

> On 26/03/2015 23:42, David F. Skoll wrote: 
> On Thu, 26 Mar 2015 14:37:08 +0100
> Reindl Harald  wrote:
> 
> i have to show nothing after for nearly a decade most german IT 
> magazines had articles about that topic written by law experts 
> The only link I found written by a German law expert said that
> the it "may" apply to spam filtering if the recipient did not agree
> beforehand to how the filter operates.
> 
> I also suggest you ask a German law expert if rejecting with 5xx is
> materially different than silently discarding when it comes
> to "suppressing" data. Frankly, I cannot see the difference; the
> law certainly doesn't say it's OK to suppress data as long
> as you inform the originator of said data.
> 
> But maybe you could link to some articles on the topic?
> 
> Regards,
> 
> David.

I would rather see, not an article written in some mag, but the actual
legislative law act that specifies this, any links to actual German law
about this would be more welcome. 

It can (obviously) be written in German, I can understand a bit, and
what i can't I have good friend who can (he is afterall, well, German),
and failing his availability there's always google translate :) 

 nevermind, I've got it, going to read it after lunch 

 

Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Noel Butler
 

On 26/03/2015 23:42, David F. Skoll wrote: 

> On Thu, 26 Mar 2015 14:37:08 +0100
> Reindl Harald  wrote:
> 
>> i have to show nothing after for nearly a decade most german IT 
>> magazines had articles about that topic written by law experts
> 
> The only link I found written by a German law expert said that
> the it "may" apply to spam filtering if the recipient did not agree
> beforehand to how the filter operates.
> 
> I also suggest you ask a German law expert if rejecting with 5xx is
> materially different than silently discarding when it comes
> to "suppressing" data. Frankly, I cannot see the difference; the
> law certainly doesn't say it's OK to suppress data as long
> as you inform the originator of said data.
> 
> But maybe you could link to some articles on the topic?
> 
> Regards,
> 
> David.

I would rather see, not an article written in some mag, but the actual
legislative law act that specifies this, any links to actual German law
about this would be more welcome. 

It can (obviously) be written in German, I can understand a bit, and
what i can't I have good friend who can (he is afterall, well, German),
and failing his availability there's always google translate :) 

 

Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Noel Butler
 

On 26/03/2015 23:34, David F. Skoll wrote: 

> Hi,
> 
> A followup:
> 
> 1) has anyone been convicted under 303a StGB for suppressing email during 
> spam filtering?

I bet not :) Its likely a law introduced to stop anally retentive jerks
from having hissy fits and deleting other peoples data, thats unlawful,
stopping deliberate spam, can be preventing stresses upon the recipient,
so could be argued as lawful destruction of data, we really need a
German lawyer (a real lawyer - not keyboard internet lawyer) to
interpret the German law. Germany has the strongest data protection laws
in the world, but I hardly doubt they were written with the intent of
protecting spammer or abusive scum. 

> 2) How is rejecting with a 5xx code any less of a "suppression" of the
> data than silently discarding with a 2xx code? In either case, the
> recipient does not receive the mail. The fact that the sender is *aware*
> of the non-receipt is immaterial.

Are they? We both know 99% of deliberate spam which is likely to high
score, is sent by spoofed addresses :) 

 

Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 17:27:03 -0600
"@lbutlr"  wrote:

> > ]]] If action is taken in the delivery process, with the result
> > that the ]]] message does not reach its goal, the e-mail is
> > "suppressed".

> > How does that not apply to a 5xx reject?

> Because a reject happens before the delivery process even begins.

No.  The Heise article (if my memory serves) considers the delivery
process to have begun as soon as the SMTP connection is established.

Furthermore, a 5xx-Reject and 2xx-Discard after DATA happen at *EXACTLY*
the same time, so you cannot say the delivery process "hasn't even begun"
for the 5xx but has for the 2xx.  The timing is identical.

Regards,

David.



Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread @lbutlr
On 26 Mar 2015, at 08:05 , David F. Skoll  wrote:
> 
> On Thu, 26 Mar 2015 14:54:07 +0100
> Robert Schetterer  wrote:
> 
>> Uff , why should i waste my time in telling you the untruth...
> 
> I took a look at the Heise article and Google Translate says:
> 
> ]]] If action is taken in the delivery process, with the result that the
> ]]] message does not reach its goal, the e-mail is "suppressed".
> 
> How does that not apply to a 5xx reject?

Because a reject happens before the delivery process even begins.

-- 
'Everything will be all right. From History's point of view, that is.
There really isn't any other.'



Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread @lbutlr
On 26 Mar 2015, at 06:43 , David F. Skoll  wrote:
> On Thu, 26 Mar 2015 12:09:58 +0100 Reindl Harald  
> wrote:
>> why in the world would a reject *before queue* trigger a backscatter
>> or bounce on my side?

> How do you do before-queue rejection of a message

Reject it.

> Solve that problem, and then I agree with you.  And saying "well, don't
> let different end-users have different settings" is not a solution.
> Neither is "tempfail all recipients but the first so the message
> is transmitted one time for each recipient.”

Before-queue settings are liberal and designed to REJECT messages that are 
obviously broken or from known spammers. These are server settings and no, 
users can not opt out of postscreen, for example. They also cannot choose to 
receive .exe files, for example.

After the message is accepted, then the message is processed much more 
rigorously and delivered to the user.

The USER can discard mail if they want, but the SERVER never discards messages 
after they’ve been accepted.

-- 
"He sees the good in every one. No one would ever take him for a
clergyman." -- Lucy Honeychurch



Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread @lbutlr
On 26 Mar 2015, at 06:38 , David F. Skoll  wrote:
> On Thu, 26 Mar 2015 07:53:49 +0100 Reindl Harald  
> wrote:
>> accepted means your SMTP sevrer responded with a 250 status code and
>> not with a 4x temporary or 5x permanent error aka rejected the message
> 
> No.  Accepted means delivered to the end-user's mailbox.

You do not get to make up your own definitions.

Accepted: your server accepted the message
Delivered: messages was sent to an LDA

-- 
"If this is the best God can do, I'm not impressed."



Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Steve Freegard

On 26/03/15 22:23, Tom Hendrikx wrote:



Your single message was delivered by two different hosts, with a
single recipient in each.



This is actually very logical because the recipients don't share the
same MX hosts or IP addresses.


*nod* - I'd missed that fact when I glanced over this thread.

However, Gmail splits all multiple recipient messages into separate 
deliveries regardless as to whether the all recipients are in the same 
domain or not.



Ok, so the machine accepts both addresses, but rejects at end-of-data.
Harald, if one of the used recipient addresses accepts all spam
messages (all_spam_to), you should have one copy of the message,
right? Could you share the result of my test with us?


Yeah; my bet is that your test wasn't delivered at all.

Imagine the confusion that would be caused if you delivered a copy of a 
message that you rejected to one of the recipients, the sender would get 
a bounce and think that neither was successful...


Regards,
Steve.



Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread @lbutlr

> On 25 Mar 2015, at 18:25 , David F. Skoll  wrote:
> 
> On Wed, 25 Mar 2015 16:08:34 -0600
> "@lbutlr"  wrote:
> 
>> There is a difference between ___block___ and ___silently discard___.
> 
>> Blocking is fine, silently discarding is just evil and should be
>> illegal everywhere.
> 
> Nonsense.

You are entitled to your opinion of course.

> Silently discarding is sometimes the only sensible thing to do.

If you are certain it is spam, reject it before you accept it. If you have 
accepted it, the file it somewhere where the recipient has a chance to get to 
it.

> If you have users with different spam settings (or perhaps some who have
> opted-out of spam-scanning completely), there's no sensible way to
> handle a multi-recipient message.  You either have to tempfail all
> recipients after the first so you can process with each recipient's
> settings during SMTP, which is horrible, or you have to generate DSNs
> for the recipients who reject the message, which will get you
> blacklisted as a backscatterer.

How do you figure that? You deliver the message if it passes your border 
checks. If you think it’s spam after that, you can deliver it to the 
recipient’s spam folders where they are free to ignore it. You do NOT throw it 
away.

>> You can reject who you want in Germany too, you just can___t delete a
>> message that you___ve already accepted.
> 
> What does "accepted" mean?  Redirecting a message to /dev/null means you
> didn't accept it.

When your mailserver says “OK, I’ve received the message and am closing the 
transaction”, you’ve accepted it.

> I used to be in the "never silently discard camp", but unfortunately the
> email environment has become so hostile that I can no longer keep the
> promise of the original SMTP that a message is either delivered or
> the sender notified of non-delivery.  Promising that in every single
> case is, alas, no longer feasible.

How does that follow? Don’t discard the message and there’s no problem.

-- 
One tequila, two tequila, three tequila, floor.



Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Tom Hendrikx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 26-03-15 17:28, Steve Freegard wrote:
> On 26/03/15 13:47, Reindl Harald wrote:
> 
>> that below was *one* message with two different recipients
>> 
>> X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 
>> X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0
>> 
> 
> I hate to piss on your parade, but your example here is totally 
> flawed; this mail from from Gmail right?
> 
>> X-Local-Envelope-From:  
>> X-Local-Envelope-To:  Received: from 
>> mail-ig0-f171.google.com Message-ID: 
>> 
>>
>>
>>
>> 
X-Local-Envelope-From: 
>> X-Local-Envelope-To:  Received: from 
>> mail-ie0-f177.google.com Message-ID: 
>> 
>
>>
>> 
> Gmail splits multi-recipient mail into separate deliveries, so 
> whilst you sent a single message to multiple recipients at your 
> domain from Gmail, what the big Goog does is turn that into two 
> separate messages that are delivered separately.
> 
> Whilst the messages have identical Message-ID headers - you missed 
> this bit:
> 
>> Received: from mail-ig0-f171.google.com Received: from 
>> mail-ie0-f177.google.com
> 
> Your single message was delivered by two different hosts, with a 
> single recipient in each.
> 

This is actually very logical because the recipients don't share the
same MX hosts or IP addresses. But as Harald shows in his logs that
the mail ends up at the same machine, and I'm really interested how it
actually works, I did some old-fashioned telnet:

- 8<-

$ telnet mail-gw.thelounge.net. 25
Trying 91.118.73.19...
Connected to mail-gw.thelounge.net.
Escape character is '^]'.
220-mail-gw.thelounge.net ESMTP Spamfirewall (Enforcing
SMTP-Compliance, PTR/HELO/RBL-Checks, SPF-Policies and
Sender-Verification)
220 mail-gw.thelounge.net ESMTP Spamfirewall (Enforcing
SMTP-Compliance, PTR/HELO/RBL-Checks, SPF-Policies and
Sender-Verification)
helo valerie.whyscream.net
250 mail-gw.thelounge.net
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
rcpt to:
250 2.1.5 Ok
data
354 End data with .
Subject: test message for spamassassin user mailing list

This is the gtube:


.
550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
tech-support first, time: Mar 26 23:06:06, client: 89.105.204.244,
server: mail-gw.thelounge.net, contact: 
+4315953999
quit
221 2.0.0 Bye
Connection closed by foreign host.

- 8<-

Ok, so the machine accepts both addresses, but rejects at end-of-data.
Harald, if one of the used recipient addresses accepts all spam
messages (all_spam_to), you should have one copy of the message,
right? Could you share the result of my test with us?

Kind regards,
Tom

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVFIbYAAoJEJPfMZ19VO/1n3IP+waEs4/mbCA0PP9VB4oHmEGL
GTvGom+7Qmr1OknbNSHVnKdcN5+zSkNQEcd2poGBH/iU36I1aWlLNUfpstH0XeFI
iY1JognVE67LSqHA6Y1Q0bGdDrJSLg8QeYB961n7biBDnWphfUwOevC9F2cP/10k
KaLHg+MRlMUF/1MHqZlDJqhF0XM0dPapKReBAmQ4/PiCZnQ/xHG05qY37ruL/xz0
xBjWU2Dfkri6lC3MAH+p1X/2YyLVx9pi+rUzMUXiYJbR6ihKFHarOrd0Z9hEacPr
0Eyaryv89qPRUpV2cuPudpFOb3Twk2mXXH6IFQKSFyKBM33WyC/iCkKVrTYR28Sp
J5pg2O8V1PSsnkjHZzj1sEA/GeKOTNGyl6jh1XC2ofctKmGrXtOxrIg2ubImHRzK
sIfKizbjRP5/NJum/y0xTYGo+huT1wIxBS0ntSaHtCHS6gwMovHCHR8T84UdVO+S
Q/xDu8+2mpt5h4XNqcOQMePoyL2hSW/Yywh78+jFuUmesLrornsk8pz6TdgIb7Lq
aDxQ8xnuoUyBASnzTjfGhhuKmiIGCzv0dEMu1NAuL7X/w/P1dRjYx79bIHzWLYR0
wkj3vCeqxmAbOzujNY3zsh9LKUfNDcqY7Bj2hPgM1QSDQRVGegkF1bR4bNo0OpG2
tdE13QR2C1SrW2UYrsD5
=C7pe
-END PGP SIGNATURE-


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Matus UHLAR - fantomas

On Thu, 26 Mar 2015 10:12:22 -0500 (CDT)
Dave Funk  wrote:


If they are compatible you respond with a 250, if not with a 452 (or
other 45* type reply).


On 26.03.15 11:52, David F. Skoll wrote:

We looked at doing this.  There are some serious downsides:

1) Some senders (for example, mailing list tools) send to quite a number
of recipients at once.  30 or even 100 is not out of the question.
If all of them have different policies, the last recipient is going to
wait a very long time indeed to receive his or her email.


FYI: all SMTP RFCs yet require accepting at least 100 recipients at once. 
(I don't want to discuss this, just to note...)


in such case, either spam is refused with sane defaults, or mail is accepted
and should be handles as accepted (e.g. delivered to spam folder).


2) Some marginal SMTP software (old versions of Novell Groupwise, I
think?  Can't recall exactly) does not handle 4xx responses to RCPT:
very well.  It basically converts them to 5xx.


that is very old (and very broken) SMTP software, and since 4xx code can
result because of different issues, I don't think we should take this into
account 


3) You have no control over the retry interval or retention time on the
SMTP client.  It's not unimaginable that some messages simply won't get
delivered because the SMTP client gives up.  Some SMTP clients use
an exponential backoff algorithm rather than a constant retry interval,
and that can be disastrous in this situation.


clients with exponential backoff interval should be safe here... the others
might not :-)

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Matus UHLAR - fantomas

On Thu, 26 Mar 2015 11:55:27 -0400
Michael Orlitzky  wrote:


If one of your customer domains has non-default settings, give them
their own IP address and a separate MX record pointing to that
address.


On 26.03.15 12:54, David F. Skoll wrote:

We filter more than 8000 domains.  That is not feasible.


That's in fact not feasible because even recipients in the same domain may
have different settings and rules (and different BAYES database)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 11:55:27 -0400
Michael Orlitzky  wrote:

> If one of your customer domains has non-default settings, give them
> their own IP address and a separate MX record pointing to that
> address.

We filter more than 8000 domains.  That is not feasible.

Regards,

David.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Steve Freegard

On 26/03/15 13:47, Reindl Harald wrote:


that below was *one* message with two different recipients

X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0



I hate to piss on your parade, but your example here is totally flawed; 
this mail from from Gmail right?



X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ig0-f171.google.com
Message-ID:


X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ie0-f177.google.com
Message-ID:



Gmail splits multi-recipient mail into separate deliveries, so whilst 
you sent a single message to multiple recipients at your domain from 
Gmail, what the big Goog does is turn that into two separate messages 
that are delivered separately.


Whilst the messages have identical Message-ID headers - you missed this bit:

> Received: from mail-ig0-f171.google.com
> Received: from mail-ie0-f177.google.com

Your single message was delivered by two different hosts, with a single 
recipient in each.


If you actually got a real message to multiple recipients in one SMTP 
transaction, you can't accept one and reject the other once you've 
entered the DATA phase because your decision becomes binary at that 
point:  either accept, defer or reject the message for *all* recipients 
as David points out.


Regards,
Steve.



Re: German law 303a (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 16:39 schrieb David F. Skoll:
> I find this discussion intriguing.  The German law cited earlier also
> forbids you from changing data (original German word "verändert" ---
> did I get that right?)
> 
> It seems to me this could make subject tagging illegal.  In fact, a rigid
> interpretation could make SMTP illegal since you add a Received: header
> at each hop, and that's certainly modifying the data being transmitted.
> 
> I believe this is a case of non-technical legislators completely failing
> to forsee the logical consequences of their law. :)
> 
> Regards,
> 
> David.
> 

Common legal accepted practice is
silent discard mail is forbidden, tagging mail is allowed
reject mail is allowed anyway, exception is virus mail as averting of a
danger. If its your personal mail you can do what you want.
As mail provider you may get contracted to filter. But be sure to have
good legal advice if your filter does silent discard. Thats best
practice for over 10 years now.

And yes laws may miracle included everywhere, there are tons of them in
the US i will never understand too *g


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Michael Orlitzky
On 03/26/2015 08:43 AM, David F. Skoll wrote:
> On Thu, 26 Mar 2015 12:09:58 +0100
> Reindl Harald  wrote:
> 
>> why in the world would a reject *before queue* trigger a backscatter
>> or bounce on my side?
> 
> How do you do before-queue rejection of a message that is...
> 
> 1) Directed to multiple recipients...
> 
> 2) Some of which have different spam thresholds or have even opted-out?
> 
> Solve that problem, and then I agree with you.  And saying "well, don't
> let different end-users have different settings" is not a solution.
> Neither is "tempfail all recipients but the first so the message
> is transmitted one time for each recipient."
> 


If one of your customer domains has non-default settings, give them
their own IP address and a separate MX record pointing to that address.
Then if a multi-recipient message is addressed to someone in that
domain, the sending MTA will split the message before sending it
(because it's headed to a different server, as far as the MTA knows).

Your pre-queue filter can then switch settings depending on the IP
address, and should satisfy your criteria above.

Obviously it's a little annoying to set up an MX for every such domain,
but you can charge a little PITA fee for domains that want special
treatment.



Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 10:12:22 -0500 (CDT)
Dave Funk  wrote:

> If they are compatible you respond with a 250, if not with a 452 (or
> other 45* type reply).

We looked at doing this.  There are some serious downsides:

1) Some senders (for example, mailing list tools) send to quite a number
of recipients at once.  30 or even 100 is not out of the question.
If all of them have different policies, the last recipient is going to
wait a very long time indeed to receive his or her email.

2) Some marginal SMTP software (old versions of Novell Groupwise, I
think?  Can't recall exactly) does not handle 4xx responses to RCPT:
very well.  It basically converts them to 5xx.

3) You have no control over the retry interval or retention time on the
SMTP client.  It's not unimaginable that some messages simply won't get
delivered because the SMTP client gives up.  Some SMTP clients use
an exponential backoff algorithm rather than a constant retry interval,
and that can be disastrous in this situation.

> Note that Gmail is already doing something like this (the "multiple
> destinations not supported in one transaction" status).

You can possibly get away with it on a per-domain rather than
per-recipient basis because you're unlikely to have a single message
coming in for more than a handful of different domains.  Even so, it's
risky IMO.

Regards,

David.


Re: German law 303a (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 16:39 schrieb David F. Skoll:

I find this discussion intriguing.  The German law cited earlier also
forbids you from changing data (original German word "verändert" ---
did I get that right?)

It seems to me this could make subject tagging illegal.  In fact, a rigid
interpretation could make SMTP illegal since you add a Received: header
at each hop, and that's certainly modifying the data being transmitted.

I believe this is a case of non-technical legislators completely failing
to forsee the logical consequences of their law. :)


that may all be true and like won't matter most of the time

it starts to matter if you silent discard a important message and some 
large party with a good laywer pretends he lost xxx $ money because of 
the not happened resend or contact over a dfiierent medium in the 
assumption the mail was delivered


yes i am aware that one could pretend not got a mail anyways, but in 
that case you can prove at least the delivery to the mailbox with your 
logs, if your last log entry is "discarded" you are out of luck




signature.asc
Description: OpenPGP digital signature


German law 303a (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
I find this discussion intriguing.  The German law cited earlier also
forbids you from changing data (original German word "verändert" ---
did I get that right?)

It seems to me this could make subject tagging illegal.  In fact, a rigid
interpretation could make SMTP illegal since you add a Received: header
at each hop, and that's certainly modifying the data being transmitted.

I believe this is a case of non-technical legislators completely failing
to forsee the logical consequences of their law. :)

Regards,

David.


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 11:23 AM, Robert Schetterer wrote:

Am 26.03.2015 um 16:03 schrieb Kevin A. McGrail:

On 3/26/2015 9:54 AM, Robert Schetterer wrote:

so again , there are exceptions, but in general you are not allowed
to silent discard mail in germany.

Unless there are MASSIVE translation issues, the answer is exactly what
DFS proposed: consent from the users of the system.

 From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html


   Solution to the dilemma

A solution to this problem is the consent of the recipient to delete the
e-mails that must be present in advance. In this case, the application
of the above paragraphs is excluded, legally it is called a "factual
negative consent".


Is that translation accurate?

As i wrote you "may" be contracted and allowed
to filter and discard mail by/for a customer.

But you better should have a good legal office in case of trouble

Most people here avoid such potentially struggle, cause they are not
very hardly needed. The common way is not to do silent discard mail.
So I am assuming that means the translation is accurate.  I think that's 
a key point that we are saying, we do this to protect our users and with 
their full consent.  Should a firewall let attacks through if it's a 
DDoS on your email servers because there could be legitimate mail?  What 
right and responsibility do you have to protect your users and network?


Overall, from what I've seen, the legal woes have the proper exemptions 
that if you have a good legal adviser, a good technical team and you are 
willing to fight conformity, there is an opportunity to improve on the 
competition!


Regards,
KAM



Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 16:19 schrieb Kevin A. McGrail:

On 3/26/2015 11:11 AM, Robert Schetterer wrote:

what he describes is not backscatter, cause the mail is rejected during
smtp imcome stage, wich means the server simply didnt take the mail
during the running smtp session,

This argument to me assumes that their isn't a server in the middle of
the relay.  Not everything is edge to edge, point A to B.  Lots of
backscatter comes from attacking secondary MX's and


well, in case it is not edge-to-edge (backup MX and so on) you need to 
make sure that the backup MX has the same filter quality as the primary 
and in any case use a different port without restricitions for deliver 
that mails to the primary later


to say it short: the whole mail environment needs to be desigend from 
the start to a) reject a message or b) after answer with 2xx deliver it 
to minimize backscatters *and* provide reliable mailflow



just because you 5xx doesn't mean it doesn't cause backscatter


only if the sending environment is configured wrong, but in any case 
*you* are not triggering the backscatter and if we argue that way we 
also would need to stop using RBL's which rejects a majority of all 
incoming spam





signature.asc
Description: OpenPGP digital signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 16:19 schrieb Kevin A. McGrail:
> On 3/26/2015 11:11 AM, Robert Schetterer wrote:
>> what he describes is not backscatter, cause the mail is rejected during
>> smtp imcome stage, wich means the server simply didnt take the mail
>> during the running smtp session,
> This argument to me assumes that their isn't a server in the middle of
> the relay.  Not everything is edge to edge, point A to B.  Lots of
> backscatter comes from attacking secondary MX's and just because you 5xx
> doesn't mean it doesn't cause backscatter.
> 
> Regards,
> KAM


whats the problem, you only need to take care of your mailservers are
working the right way, for sure gateways make things more difficult
but not unsolvable


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 16:03 schrieb Kevin A. McGrail:
> On 3/26/2015 9:54 AM, Robert Schetterer wrote:
>> so again , there are exceptions, but in general you are not allowed
>> to silent discard mail in germany.
> Unless there are MASSIVE translation issues, the answer is exactly what
> DFS proposed: consent from the users of the system.
> 
> From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html
> 
> 
>   Solution to the dilemma
> 
> A solution to this problem is the consent of the recipient to delete the
> e-mails that must be present in advance. In this case, the application
> of the above paragraphs is excluded, legally it is called a "factual
> negative consent".
> 
> 
> Is that translation accurate?

As i wrote you "may" be contracted and allowed
to filter and discard mail by/for a customer.

But you better should have a good legal office in case of trouble

Most people here avoid such potentially struggle, cause they are not
very hardly needed. The common way is not to do silent discard mail.

And yes ,US people mostly dont understand that culture thing *g

> 
> Regards,
> KAM



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 11:11 AM, Robert Schetterer wrote:

what he describes is not backscatter, cause the mail is rejected during
smtp imcome stage, wich means the server simply didnt take the mail
during the running smtp session,
This argument to me assumes that their isn't a server in the middle of 
the relay.  Not everything is edge to edge, point A to B.  Lots of 
backscatter comes from attacking secondary MX's and just because you 5xx 
doesn't mean it doesn't cause backscatter.


Regards,
KAM


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Dave Funk

On Thu, 26 Mar 2015, Kris Deugau wrote:


David F. Skoll wrote:

On Thu, 26 Mar 2015 15:05:06 +0100
Reindl Harald  wrote:


* spamass-milter -r 8.0
* messages above 8.0 are *rejected*


Silently?  Or do you generate an NDR?  I'm genuinely curious as to how you:

1) Accept mail for some recipients

2) Reject mail for others

3) Without generating backscatter

4) Given that the messages are sent in the same SMTP session with
   multiple RCPTs and only one DATA.


For those of you still a little puzzled, here's an example of what David
is asking about.  In the following SMTP transaction, how to you reject
the message for receip1, while accepting the message for recip2?

$ telnet mx.example.org 25
<< 220 example.org, talk to me

helo sending.server

<< 250 Hello, friend!

mail from:imma.spam...@example.com

<< 250 OK, send this to who?

rcpt to:rec...@example.org

<< 250 OK

rcpt to:rec...@example.org

<< 250 OK

DATA

<< 354 Now for the message


.


At this point you have one message, scoring > 8 points.  Recipient 1
absolutely requires all mail to be delivered to their Inbox, with a
Subject tag in the case of mail considered spam.  Recipient 2 wants mail
scoring > 8 points to be rejected.

What SMTP response to you send?  You can only send one response, since
you only have one message, but you have two recipients with conflicting
filter policies.


At that stage you're stuck, there is no way out of that box.

To achieve the desired results you need business logic in your pre-queue
/ milter filter to do a triage during the 'rcpt' stage.

You need a database of recipient classes to indicate whether the recipient
is a spam-lover or a spam-hater.
At the first recipient you look up that address and set a state variable
for that session (call it love-hate). As each additional recipient comes in
you compare his class against the love-hate setting for the current
session. If they are compatible you respond with a 250, if not with a 452
(or other 45* type reply). This way the sender is responsible for queuing
those recipients and trying again in another SMTP session.
Then all the recipients in one session can be treated equally WRT the
handling of reject/accept based upon some future state (EG spammyness
of the message).

That logic can be extended to more than just spam love/hate status,
just need some kind of business logic that sets the compatibility
matrix at the beginning of a session and 452's any recipient that
isn't compatible.

Note that Gmail is already doing something like this (the "multiple
destinations not supported in one transaction" status).

--
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 15:55 schrieb Reindl Harald:
> 
> Am 26.03.2015 um 15:52 schrieb Antony Stone:
>> On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote:
>>
>>> Delivery to the following recipient failed permanently:
>>>
>>>ad...@rhsoft.net
>>>
>>> Technical details of permanent failure:
>>> Google tried to deliver your message, but it was rejected by the server
>>> for the recipient domain rhsoft.net by mail-gw.thelounge.net.
>>> [91.118.73.19].
>>>
>>> The error that the other server returned was:
>>> 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
>>> tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
>>> server: mail-gw.thelounge.net, contact: 
>>> +4315953999
>>
>> Surely this message is backscatter, though?
>>
>> It's being sent to the (apparent) sender, in response to a message
>> which you
>> know is identified as spam
> 
> NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
> that is NOT the apparent sender - it IS the sender
> 
> it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
> a backscatter would have been when my mailserver hd sent the bounce
> 

Harald is very unfriendly sometimes , but he is right
what he describes is not backscatter, cause the mail is rejected during
smtp imcome stage, wich means the server simply didnt take the mail
during the running smtp session,

milter are running as before-queue !
typical milters are spamass-milter, clamav-milter amavis-milter
youre right it may not optimal with more recipients "sometimes"
but good enough in real world, also you may combine it with any other
after-queue content filter

backscatter would mean accept the mail and bounce it back later to i.e a
forged sender



study

http://www.postfix.org/MILTER_README.html
http://www.postfix.org/FILTER_README.html
http://www.postfix.org/BACKSCATTER_README.html





Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 9:54 AM, Robert Schetterer wrote:

so again , there are exceptions, but in general you are not allowed
to silent discard mail in germany.
Unless there are MASSIVE translation issues, the answer is exactly what 
DFS proposed: consent from the users of the system.


From http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html


 Solution to the dilemma

A solution to this problem is the consent of the recipient to delete the 
e-mails that must be present in advance. In this case, the application 
of the above paragraphs is excluded, legally it is called a "factual 
negative consent".



Is that translation accurate?

Regards,
KAM


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 15:57:14 +0100
Robert Schetterer  wrote:

> David, reject means your server dont take a mail, the sender
> mailserver may bounce it back, after some time , its not your job to
> take care of that.

Yes, I'm pretty sure I understand the difference between reject and discard.
What I cannot understand is why you (seem to?) think that "rejecting"
mail because of unwanted content is legal, but "discarding" it is not.  I
post again the English translation of the Heise article; perhaps the original
German is cleared, but anyway:

]]] If action is taken in the delivery process, with the result that the
]]] message does not reach its goal, the e-mail is "suppressed".

So purely with respect to the law, how is "reject" different from "discard"?
In either case, "action is taken" such that "the message does not reach
its goal".

Regards,

David.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 15:58 schrieb Antony Stone:

On Thursday 26 March 2015 at 15:55:52 (EU time), Reindl Harald wrote:

Am 26.03.2015 um 15:52 schrieb Antony Stone:


Surely this message is backscatter, though?

It's being sent to the (apparent) sender, in response to a message which
you know is identified as spam


NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
that is NOT the apparent sender - it IS the sender

it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
a backscatter would have been when my mailserver hd sent the bounce


Okay, thanks for the clarification - but there's no need to shout


it is after talking wasted hours about the difference of

* reject
* accept and discard
* accept and send a bounce

and my mail even contained the logs while a reject *by definition* can't 
be a backscatter which is the whole purpose of reject the SMTP session 
instead issue a 2xx status code


Mar 26 15:22:51 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: 
milter-reject: END-OF-MESSAGE from 
mail-ie0-f177.google.com[209.85.223.177]: 5.7.1 Blocked by Spamfilter; 
from= to= proto=ESMTP 
helo=




signature.asc
Description: OpenPGP digital signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 15:45:07 +0100
Reindl Harald  wrote:

> boah postfix responds with a "postfix/cleanup[21827]: 3lCS043tlCz1l: 
> milter-reject: END-OF-MESSAGE" to the delivering client and the
> server on the other side generates a bounce containing the reject
> message

So then the sender thinks that neither address was delivered, when in
fact one copy was.

I suppose that is a "solution" to the problem I posed, though IMO not a
good one. :)

Regards,

David.


signature.asc
Description: PGP signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Antony Stone
On Thursday 26 March 2015 at 15:55:52 (EU time), Reindl Harald wrote:

> Am 26.03.2015 um 15:52 schrieb Antony Stone:
>
> > Surely this message is backscatter, though?
> > 
> > It's being sent to the (apparent) sender, in response to a message which
> > you know is identified as spam
> 
> NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
> that is NOT the apparent sender - it IS the sender
> 
> it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
> a backscatter would have been when my mailserver hd sent the bounce

Okay, thanks for the clarification - but there's no need to shout.


Antony.

-- 
Never automate fully anything that does not have a manual override capability. 
Never design anything that cannot work under degraded conditions in emergency.

   Please reply to the list;
 please *don't* CC me.


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 15:05 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:54:07 +0100
> Robert Schetterer  wrote:
> 
>> Uff , why should i waste my time in telling you the untruth...
> 
> I took a look at the Heise article and Google Translate says:
> 
> ]]] If action is taken in the delivery process, with the result that the
> ]]] message does not reach its goal, the e-mail is "suppressed".
> 
> How does that not apply to a 5xx reject?
> 
> I looked at Joerg Heidrich's site briefly, but couldn't find anything
> specifically addressing this topic.  Similarly on the sys4.de site.
> 
> Regards,
> 
> David.
> 

David, reject means your server dont take a mail, the sender mailserver
may bounce it back, after some time , its not your job to take care of that.

Silent discard mail means you take a mail and destroy it ( cause you
feel free to do it), the sender and/or recipient has no chance to notice
what ever happend to that mail.


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 15:52 schrieb Antony Stone:

On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote:


Delivery to the following recipient failed permanently:

   ad...@rhsoft.net

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server
for the recipient domain rhsoft.net by mail-gw.thelounge.net.
[91.118.73.19].

The error that the other server returned was:
550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
server: mail-gw.thelounge.net, contact: 
+4315953999


Surely this message is backscatter, though?

It's being sent to the (apparent) sender, in response to a message which you
know is identified as spam


NOT IT IS NOT A BACKSCATTER - "Google tried to deliver your message"
that is NOT the apparent sender - it IS the sender

it is sent from GOOGLE to my GMAIL account as RESPONSE to the reject
a backscatter would have been when my mailserver hd sent the bounce



signature.asc
Description: OpenPGP digital signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Antony Stone
On Thursday 26 March 2015 at 15:45:07 (EU time), Reindl Harald wrote:

> Delivery to the following recipient failed permanently:
> 
>   ad...@rhsoft.net
> 
> Technical details of permanent failure:
> Google tried to deliver your message, but it was rejected by the server
> for the recipient domain rhsoft.net by mail-gw.thelounge.net.
> [91.118.73.19].
> 
> The error that the other server returned was:
> 550 5.7.1 Blocked by Spamfilter, please forward this to YOUR
> tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177,
> server: mail-gw.thelounge.net, contact: 
> +4315953999

Surely this message is backscatter, though?

It's being sent to the (apparent) sender, in response to a message which you 
know is identified as spam.


Antony.

-- 
"Linux is going to be part of the future. It's going to be like Unix was."

 - Peter Moore, Asia-Pacific general manager, Microsoft

   Please reply to the list;
 please *don't* CC me.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 15:08 schrieb David F. Skoll:

On Thu, 26 Mar 2015 15:05:06 +0100
Reindl Harald  wrote:


* spamass-milter -r 8.0
* messages above 8.0 are *rejected*


Silently?  Or do you generate an NDR?  I'm genuinely curious as to how you:


i explained it multiple times, look at the logs at bottom

From: Harald Reindl 
To: TL Reindl Harald 
Cc: ad...@rhsoft.net


1) Accept mail for some recipients


postfix hands different copies to the milter
otherwise the won't have different Envelope-Headers


2) Reject mail for others


postfix hands different copies to the milter
otherwise the won't have different Envelope-Headers


3) Without generating backscatter


why should postfix generate a backscatter?

the connection to the delivering client is open, that's the purpose of a 
milter, postfix answers with a reject



4) Given that the messages are sent in the same SMTP session with
multiple RCPTs and only one DATA.


boah postfix responds with a "postfix/cleanup[21827]: 3lCS043tlCz1l: 
milter-reject: END-OF-MESSAGE" to the delivering client and the server 
on the other side generates a bounce containing the reject message



the only question i ask myself is why i waste my time with so much
ignorance and provocation on the other side


Don't call people names, please.  It's a waste of bandwidth.  I think
I've been pretty polite and I also believe I have pretty good
sysadmin/email credentials


one message is to the adrress i am using here is delivered, the other to 
ad...@rhsoft.net got rejected by the milter and even the bounce from 
gmail contains the correct one


Mar 26 15:22:48 mail-gw postfix/smtpd[21928]: 3lCT6w0F9Fz20: 
client=mail-ig0-f179.google.com[209.85.213.179]
Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: 
message-id=
Mar 26 15:22:48 mail-gw spamd[5735]: spamd: processing message 
 for 
sa-milt:189
Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20: 
message-id=
Mar 26 15:22:48 mail-gw spamd[5736]: spamd: processing message 
 for 
sa-milt:189

_

[root@mail-gw:~]$ cat maillog | grep 3lCT6v6FXRz1y
Mar 26 15:22:47 mail-gw postfix/smtpd[21940]: 3lCT6v6FXRz1y: 
client=mail-ie0-f177.google.com[209.85.223.177]
Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: 
message-id=
Mar 26 15:22:51 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: 
milter-reject: END-OF-MESSAGE from 
mail-ie0-f177.google.com[209.85.223.177]: 5.7.1 Blocked by Spamfilter; 
from= to= proto=ESMTP 
helo=


[root@mail-gw:~]$ cat maillog | grep 3lCT6w0F9Fz20
Mar 26 15:22:48 mail-gw postfix/smtpd[21928]: 3lCT6w0F9Fz20: 
client=mail-ig0-f179.google.com[209.85.213.179]
Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20: 
message-id=
Mar 26 15:22:53 mail-gw postfix/qmgr[7240]: 3lCT6w0F9Fz20: 
from=, size=2144, nrcpt=1 (queue active)
Mar 26 15:22:53 mail-gw postfix/smtp[22684]: 3lCT6w0F9Fz20: 
to=, relay=10.0.0.15[10.0.0.15]:10027, 
delay=5.7, delays=5.6/0/0.04/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: 
queued as 3lCT715134z36)

Mar 26 15:22:53 mail-gw postfix/qmgr[7240]: 3lCT6w0F9Fz20: removed
_

[root@mail-gw:~]$ cat maillog | grep 
CAAcbkvN7BpCmrEkgfiMZBbxi51Exp5428Vnv4YQuaH6g=l7...@mail.gmail.com
Mar 26 15:22:48 mail-gw postfix/cleanup[21927]: 3lCT6v6FXRz1y: 
message-id=
Mar 26 15:22:48 mail-gw spamd[5735]: spamd: processing message 
 for 
sa-milt:189
Mar 26 15:22:48 mail-gw postfix/cleanup[21832]: 3lCT6w0F9Fz20: 
message-id=
Mar 26 15:22:48 mail-gw spamd[5736]: spamd: processing message 
 for 
sa-milt:189
Mar 26 15:22:51 mail-gw spamd[5735]: spamd: result: Y 10 - 
BAYES_50,CUST_DNSWL_4,CUST_DNSWL_5,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H2,SPF_PASS,SUBJ_ALL_CAPS,TVD_SPACE_RATIO,URIBL_BLACK 
scantime=3.2,size=2076,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=19453,mid=,bayes=0.499601,autolearn=disabled
Mar 26 15:22:53 mail-gw spamd[5736]: spamd: result: . 4 - 
BAYES_50,CUST_DNSWL_4,CUST_DNSWL_5,CUST_MOST_SPAM_TO,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS,SUBJ_ALL_CAPS,TVD_SPACE_RATIO,URIBL_BLACK 
scantime=5.3,size=2095,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=19455,mid=,bayes=0.499644,autolearn=disabled

_

Delivery to the following recipient failed permanently:

 ad...@rhsoft.net

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server 
for the recipient domain rhsoft.net by mail-gw.thelounge.net. 
[91.118.73.19].


The error that the other server returned was:
550 5.7.1 Blocked by Spamfilter, please forward this to YOUR 
tech-support first, time: Mar 26 15:22:51, client: 209.85.223.177, 
server: mail-gw.thelounge.net, contact:  
+4315953999


- Original message -

DKIM-Signature: v=1; a=rsa-sha256

Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Kris Deugau
David F. Skoll wrote:
> On Thu, 26 Mar 2015 15:05:06 +0100
> Reindl Harald  wrote:
> 
>> * spamass-milter -r 8.0
>> * messages above 8.0 are *rejected*
> 
> Silently?  Or do you generate an NDR?  I'm genuinely curious as to how you:
> 
> 1) Accept mail for some recipients
> 
> 2) Reject mail for others
> 
> 3) Without generating backscatter
> 
> 4) Given that the messages are sent in the same SMTP session with
>multiple RCPTs and only one DATA.

For those of you still a little puzzled, here's an example of what David
is asking about.  In the following SMTP transaction, how to you reject
the message for receip1, while accepting the message for recip2?

$ telnet mx.example.org 25
<< 220 example.org, talk to me
>> helo sending.server
<< 250 Hello, friend!
>> mail from:imma.spam...@example.com
<< 250 OK, send this to who?
>> rcpt to:rec...@example.org
<< 250 OK
>> rcpt to:rec...@example.org
<< 250 OK
>> DATA
<< 354 Now for the message
>> 
>> .

At this point you have one message, scoring > 8 points.  Recipient 1
absolutely requires all mail to be delivered to their Inbox, with a
Subject tag in the case of mail considered spam.  Recipient 2 wants mail
scoring > 8 points to be rejected.

What SMTP response to you send?  You can only send one response, since
you only have one message, but you have two recipients with conflicting
filter policies.

-kgd


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 15:05:06 +0100
Reindl Harald  wrote:

> * spamass-milter -r 8.0
> * messages above 8.0 are *rejected*

Silently?  Or do you generate an NDR?  I'm genuinely curious as to how you:

1) Accept mail for some recipients

2) Reject mail for others

3) Without generating backscatter

4) Given that the messages are sent in the same SMTP session with
   multiple RCPTs and only one DATA.

> the only question i ask myself is why i waste my time with so much 
> ignorance and provocation on the other side

Don't call people names, please.  It's a waste of bandwidth.  I think
I've been pretty polite and I also believe I have pretty good
sysadmin/email credentials.

Regards,

David.



signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:54:07 +0100
Robert Schetterer  wrote:

> Uff , why should i waste my time in telling you the untruth...

I took a look at the Heise article and Google Translate says:

]]] If action is taken in the delivery process, with the result that the
]]] message does not reach its goal, the e-mail is "suppressed".

How does that not apply to a 5xx reject?

I looked at Joerg Heidrich's site briefly, but couldn't find anything
specifically addressing this topic.  Similarly on the sys4.de site.

Regards,

David.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 14:57 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:47:16 +0100
Reindl Harald  wrote:


i proved you that i can assign differnt scores to a single message
with more than one recipients *per recipient*


Assigning scores is passive.  What do you do with the scored messages?
If all your users are content to use tagging only, and never discard
messages that are tagged highly, then yes... you've solved a limited
version of the problem.

In the real world, users are not willing to accept that.  They just
want spam *gone*.  They don't even want to see or deal with it in any
way


the scores are *not* passive

* spamass-milter -r 8.0
* messages above 8.0 are *rejected*
* as i have proven spamass-milter get a own copy
  of multi-rcpt messages for each, hands that single
  messages to spamc and decides based on the header
  if that message is rejected
* so the one copy with 9.5 points is rejected
* the copy with 6.0 points got tagged
* the copy to a user in "all_spam_to" is not because the negative score

the only thing i need to do is put users/domains into the suiteable 
groups to apply a different scoring - that's it - done, it works


if you would have read my first response *completly* you would have 
understodd that instead start a mail flood and make bad blood everywhere


the only question i ask myself is why i waste my time with so much 
ignorance and provocation on the other side




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:53:26 +0100
Reindl Harald  wrote:

> he is not allowed to silent throw away a letter, but if he can't
> deliver it it's sent back

"can't" deliver is different from "won't" deliver.

If you reject a message because you don't like its content, it's not
because you "can't" deliver it.  It's because you don't want to deliver it.

Analogy: Suppose the post office decided to send back mail whose
content it decided it didn't like.  Would that be OK?

> if you still don't accept the difference go out and call a laywer as
> others did years ago.

Please post links to legal opinions, case law... anything at all that I
can read and study.  Neither of us is a lawyer, so our opinions are worth
little.

Regards,

David.


signature.asc
Description: PGP signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:47:16 +0100
Reindl Harald  wrote:

> i proved you that i can assign differnt scores to a single message
> with more than one recipients *per recipient*

Assigning scores is passive.  What do you do with the scored messages?
If all your users are content to use tagging only, and never discard
messages that are tagged highly, then yes... you've solved a limited
version of the problem.

In the real world, users are not willing to accept that.  They just
want spam *gone*.  They don't even want to see or deal with it in any
way.

>  > Then you're breaking German law

> OK, you really just provocate, otherwise you would not bring that
> when we talk about rejects and not discarding

I'm not provoking, truly.  I'm genuinely curious why you think a 5xx reject
is legal according to the law you cited whereas a 2xx discard is not.
I really cannot see the logic for that assumption; in either case
you are "suppressing" data.

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 14:36 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:29:01 +0100
> Robert Schetterer  wrote:
> 
>> As i wrote, there maybe exceptions, but in general
>> youre not allowed to silent discard any mail ( unless its your own ,
>> or its a virus )
> 
> Well, seeing as we have customers in the EU, I really would like to see
> the text of the directive as well as any case law you can cite regarding
> spam filtering.  Do you have a link?
> 
> Regards,
> 
> David.
> 

Uff , why should i waste my time in telling you the untruth...

http://www.heise.de/ct/artikel/Strafbares-Filtern-289128.html

Heise/CT is one of the biggest It magazines in Germany

http://www.recht-im-internet.de/

Joerg Heidrich is one of the most famos It lawers in Germany
co founder
https://sys4.de

so again , there are exceptions, but in general you are not allowed
to silent discard mail in germany.

I never ever thought to do so , or didnt found another tec way to avoid it.

Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 14:43 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:39:52 +0100
Reindl Harald  wrote:


* you write a mail
* your server get a 5xx reject from the destination
* your server generates a NDR and informs you



* you write a mail
* your server get a 200 repsonse
* the destination silent discards



you *really* don't see the difference?


Not with respect to to the German law, which forbids "suppressing"
data.  In either case, you have "suppressed" the data.  The law
certainly does NOT say "It's OK to suppress data if you inform the
originator."


surely, it's handeled the same way as for a postmaster in the real world

he is not allowed to silent throw away a letter, but if he can't deliver 
it it's sent back - exactly the same happens with a rejcted message - a 
NDR from the sending server to his user with "undeliverable message 
returned to sender"


if you still don't accept the difference go out and call a laywer as 
others did years ago.




signature.asc
Description: OpenPGP digital signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 14:37 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:33:08 +0100
Reindl Harald  wrote:


boah - spamass-milter *rejects* above 8.0 points based on the header


What if one of the recipients is opted-out and has categorically stated
that he/she wants to receive every piece of email?


is your intention to provocate me until i call you names or what's the 
purpose of strip out all relevant parts of my repsones?


i proved you that i can assign differnt scores to a single message with 
more than one recipients *per recipient* and so i can place a domain or 
rcpt into "all_spam_to" and assign "score USER_IN_ALL_SPAM_TO -1000" and 
so the score for messages to that user hardly reach 8.0 points


that below was *one* message with two different recipients

X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0

> Then you're breaking German law

OK, you really just provocate, otherwise you would not bring that when 
we talk about rejects and not discarding





signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:39:52 +0100
Reindl Harald  wrote:

> * you write a mail
> * your server get a 5xx reject from the destination
> * your server generates a NDR and informs you

> * you write a mail
> * your server get a 200 repsonse
> * the destination silent discards

> you *really* don't see the difference?

Not with respect to to the German law, which forbids "suppressing"
data.  In either case, you have "suppressed" the data.  The law
certainly does NOT say "It's OK to suppress data if you inform the
originator."

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:37:08 +0100
Reindl Harald  wrote:

> i have to show nothing after for nearly a decade most german IT 
> magazines had articles about that topic written by law experts

The only link I found written by a German law expert said that
the it "may" apply to spam filtering if the recipient did not agree
beforehand to how the filter operates.

I also suggest you ask a German law expert if rejecting with 5xx is
materially different than silently discarding when it comes
to "suppressing" data.  Frankly, I cannot see the difference; the
law certainly doesn't say it's OK to suppress data as long
as you inform the originator of said data.

But maybe you could link to some articles on the topic?

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 14:34 schrieb David F. Skoll:

2) How is rejecting with a 5xx code any less of a "suppression" of the
data than silently discarding with a 2xx code?


* you write a mail
* your server get a 5xx reject from the destination
* your server generates a NDR and informs you

* you write a mail
* your server get a 200 repsonse
* the destination silent discards

you *really* don't see the difference?

in the first case if the mail is important i retry, chose a different 
subject or even take the phone and call the other side to find out *why* 
it was rejected


in the second one i assume the other side just ignored my message



signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Joe Quinn

On 3/26/2015 9:19 AM, Reindl Harald wrote:



Am 26.03.2015 um 14:13 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:02:19 +0100
Robert Schetterer  wrote:


Silent discard mail is mostly forbidden in the EU,


Is it?  Could you perhaps point me to the EU directive stating this?
I'm sure there must be lots of qualifications


in germany 2 years jail

§ 303a StGB -
Datenveränderung

(1) Wer rechtswidrig Daten (§ 202a Abs. 2) löscht, unterdrückt, 
unbrauchbar macht oder verändert, wird mit Freiheitsstrafe bis zu zwei 
Jahren oder mit Geldstrafe bestraft


That's just the penalty clause, it doesn't define what's considered 
unlawful deletion of data.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:33:08 +0100
Reindl Harald  wrote:

> boah - spamass-milter *rejects* above 8.0 points based on the header

What if one of the recipients is opted-out and has categorically stated
that he/she wants to receive every piece of email?  Then you're
breaking German law.

> basicly you pretend there is no solution while you just close your
> eyes and ignore it

I'm pretty sure there's no solution.  You haven't given us one; rather,
you've changed the terms of the problem until it is solveable.

Regards,

David.



signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald



Am 26.03.2015 um 14:30 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:19:09 +0100
Reindl Harald  wrote:


Is it?  Could you perhaps point me to the EU directive stating this?
I'm sure there must be lots of qualifications



in germany 2 years jail


It says: "Whoever unlawfully deletes, modifies, suppresses..."

You have to show that silently discarding spam (assuming you've
informed the users you do this up-front) is "unlawful".  That's
not clear from the links I was able to find


i have to show nothing after for nearly a decade most german IT 
magazines had articles about that topic written by law experts







signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:29:01 +0100
Robert Schetterer  wrote:

> As i wrote, there maybe exceptions, but in general
> youre not allowed to silent discard any mail ( unless its your own ,
> or its a virus )

Well, seeing as we have customers in the EU, I really would like to see
the text of the directive as well as any case law you can cite regarding
spam filtering.  Do you have a link?

Regards,

David.


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
Hi,

A followup:

1) has anyone been convicted under 303a StGB for suppressing email during
spam filtering?

2) How is rejecting with a 5xx code any less of a "suppression" of the
data than silently discarding with a 2xx code?  In either case, the
recipient does not receive the mail.  The fact that the sender is *aware*
of the non-receipt is immaterial.  I doubt you could escape conviction by
calling someone up and saying "I'm going to delete your sensitive data",
deleting it, and then claiming "well, he knew I deleted it."

Regards,

David.


signature.asc
Description: PGP signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald



Am 26.03.2015 um 14:27 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:14:10 +0100
Reindl Harald  wrote:


That is a non-solution.  You are assuming all users have the same
criteria for what is or isn't spammy content.



you stopped premature reading my repsonse - WHY?
look again at the "X-Spam-Status" header below
a single mail sent from gmail to 2 addresses i own


That works for tagging.  What do you do with highly-spammy mail?  You
discard it, or you don't read it which amounts to the same thing.


boah - spamass-milter *rejects* above 8.0 points based on the header

and as you can see the mail with 2 different RCPT got passed *twice* to 
the milter, hence both copies got a different header and so finally the 
milter can reject one while pass the other *because* both have different 
scores in the header responsible for that decision



Most of our users do not use or want tagging.  They want good mail
delivered, somewhat spammy mail quarantined for human review, and very
spammy mail discarded, no questions asked.

Basically, there is no solution to the problem I posed and yet you
ignore that fact


basicly you pretend there is no solution while you just close your eyes 
and ignore it




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:19:09 +0100
Reindl Harald  wrote:

> > Is it?  Could you perhaps point me to the EU directive stating this?
> > I'm sure there must be lots of qualifications

> in germany 2 years jail

It says: "Whoever unlawfully deletes, modifies, suppresses..."

You have to show that silently discarding spam (assuming you've
informed the users you do this up-front) is "unlawful".  That's
not clear from the links I was able to find.

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 14:13 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 14:02:19 +0100
> Robert Schetterer  wrote:
> 
>> Silent discard mail is mostly forbidden in the EU,
> 
> Is it?  Could you perhaps point me to the EU directive stating this?
> I'm sure there must be lots of qualifications.

As i wrote, there maybe exceptions, but in general
youre not allowed to silent discard any mail ( unless its your own , or
its a virus )

Different countries , different cultures, its not a secret
that in the US its not done that strict. No need to flame.
The best advice in any case is avoid silent discard mail, there should
be better options anytime anyplace.

> 
> Regards,
> 
> David.
> 



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:14:10 +0100
Reindl Harald  wrote:

> > That is a non-solution.  You are assuming all users have the same
> > criteria for what is or isn't spammy content.

> you stopped premature reading my repsonse - WHY?
> look again at the "X-Spam-Status" header below
> a single mail sent from gmail to 2 addresses i own

That works for tagging.  What do you do with highly-spammy mail?  You
discard it, or you don't read it which amounts to the same thing.

Most of our users do not use or want tagging.  They want good mail
delivered, somewhat spammy mail quarantined for human review, and very
spammy mail discarded, no questions asked.

Basically, there is no solution to the problem I posed and yet you
ignore that fact.

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald



Am 26.03.2015 um 14:13 schrieb David F. Skoll:

On Thu, 26 Mar 2015 14:02:19 +0100
Robert Schetterer  wrote:


Silent discard mail is mostly forbidden in the EU,


Is it?  Could you perhaps point me to the EU directive stating this?
I'm sure there must be lots of qualifications


in germany 2 years jail

§ 303a StGB -
Datenveränderung

(1) Wer rechtswidrig Daten (§ 202a Abs. 2) löscht, unterdrückt, 
unbrauchbar macht oder verändert, wird mit Freiheitsstrafe bis zu zwei 
Jahren oder mit Geldstrafe bestraft




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Antony Stone
On Thursday 26 March 2015 at 14:02:19 (EU time), Robert Schetterer wrote:

> Silent discard mail is mostly forbidden in the EU, but
> someone may do so with its own mail.

Does anyone here have any references to actual legislation, stating this?

I've seen several comments about this in this thread, from people in various 
parts of the world, and it would be good to see what some actual laws say in 
specific jurisdictions.


Thanks,


Antony.

-- 
A user interface is like a joke.
If you have to explain it, it didn't work.

   Please reply to the list;
 please *don't* CC me.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 14:04 schrieb David F. Skoll:

On Thu, 26 Mar 2015 13:54:45 +0100
Reindl Harald  wrote:


1) Directed to multiple recipients...



the content is the same, reject it or not


That is a non-solution.  You are assuming all users have the same
criteria for what is or isn't spammy content.


you stopped premature reading my repsonse - WHY?
look again at the "X-Spam-Status" header below
a single mail sent from gmail to 2 addresses i own

X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ig0-f171.google.com
Message-ID:


X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ie0-f177.google.com
Message-ID:


and in fact both messages got a different score because my coampany 
address is in "MOST_SPAM" and my private one in "MANY_SPAM"


X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0


the same way you reject a mail with a invalid recipient and two valid
ones


Very clever... except you cannot do any content scanning until you've
already accepted all of the RCPT: commands.


and how does that matter?

there is a reason that typical bounce messages contains "to one or more 
recipients" - and the bounce of the delivering server just contains the 
response of the destination - nothing new



Care to try solving again?  You solve the problem of different
content-scanning rules for different recipients, with no possibility
of backscatter, no silent discards, and no delays due to tempfailing,
and you'll make a fortune


it is solved, you just don't get it




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 14:02:19 +0100
Robert Schetterer  wrote:

> Silent discard mail is mostly forbidden in the EU,

Is it?  Could you perhaps point me to the EU directive stating this?
I'm sure there must be lots of qualifications.

Regards,

David.


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 13:54:45 +0100
Reindl Harald  wrote:

> > 1) Directed to multiple recipients...

> the content is the same, reject it or not

That is a non-solution.  You are assuming all users have the same
criteria for what is or isn't spammy content.

> the same way you reject a mail with a invalid recipient and two valid 
> ones

Very clever... except you cannot do any content scanning until you've
already accepted all of the RCPT: commands.

Care to try solving again?  You solve the problem of different
content-scanning rules for different recipients, with no possibility
of backscatter, no silent discards, and no delays due to tempfailing,
and you'll make a fortune.

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Robert Schetterer
Am 26.03.2015 um 13:40 schrieb David F. Skoll:
> On Thu, 26 Mar 2015 11:36:36 +0100
> Reindl Harald  wrote:
> 
>> What make you think you have the right to put a mail for a different 
>> person to /dev/null without reject it proper and so sender nor RCPT
>> are aware?
> 
> People who sign up for our service do so knowing that we sometimes
> silently discard spam.  If they don't agree, then they don't have to
> use our service.
> 
> Regards,
> 
> David.
> 

Silent discard mail is mostly forbidden in the EU, but
someone may do so with its own mail.
Policy differ with virus mails, but not for spam.
There maybe exceptions, if your customer explicit contracted and allowed
you to discard his mail ( i am no lawer ). Best way is reject on smtp
income level
tagging the rest, differ handling "may" lead to legal trouble..., also
typical quarantaine "may" lead to equal legal trouble.
Using silent discard for avoiding backscatter reasons is bad design and
should not be needed.



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 13:54 schrieb Reindl Harald:

Solve that problem, and then I agree with you.  And saying "well, don't
let different end-users have different settings" is not a solution.
Neither is "tempfail all recipients but the first so the message
is transmitted one time for each recipient."


the same way you reject a mail with a invalid recipient and two valid
ones - as you can see below spamass-milter anyways get a seperate copy
for scanning to change the overall score based on envelopes (from as
well as too) based on
http://comments.gmane.org/gmane.mail.postfix.user/193456

X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ig0-f171.google.com
Message-ID:


X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ie0-f177.google.com
Message-ID:



and in fact both messages got a different score because my coampany 
address is in "MOST_SPAM" and my private one in "MANY_SPAM"


X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0
X-Spam-Status: No, score=-8.1, tag-level=5.5, block-level=8.0



signature.asc
Description: OpenPGP digital signature


Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread Reindl Harald



Am 26.03.2015 um 13:43 schrieb David F. Skoll:

On Thu, 26 Mar 2015 12:09:58 +0100
Reindl Harald  wrote:


why in the world would a reject *before queue* trigger a backscatter
or bounce on my side?


How do you do before-queue rejection of a message that is...

1) Directed to multiple recipients...


the content is the same, reject it or not


2) Some of which have different spam thresholds or have even opted-out?

Solve that problem, and then I agree with you.  And saying "well, don't
let different end-users have different settings" is not a solution.
Neither is "tempfail all recipients but the first so the message
is transmitted one time for each recipient."


the same way you reject a mail with a invalid recipient and two valid 
ones - as you can see below spamass-milter anyways get a seperate copy 
for scanning to change the overall score based on envelopes (from as 
well as too) based on 
http://comments.gmane.org/gmane.mail.postfix.user/193456


X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ig0-f171.google.com
Message-ID: 



X-Local-Envelope-From: 
X-Local-Envelope-To: 
Received: from mail-ie0-f177.google.com
Message-ID: 





signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Nick Edwards
On 3/26/15, David F. Skoll  wrote:
> On Thu, 26 Mar 2015 11:36:36 +0100
> Reindl Harald  wrote:
>
>> What make you think you have the right to put a mail for a different
>> person to /dev/null without reject it proper and so sender nor RCPT
>> are aware?
>
> People who sign up for our service do so knowing that we sometimes
> silently discard spam.  If they don't agree, then they don't have to
> use our service.
>

Exactly, and I've never found anyone to leave over it, most people
appreciate not getting spam, they dont give a rats how we stop it
getting to them, so long as we stop it.


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Nick Edwards
On 3/26/15, Reindl Harald  wrote:
>
> Am 26.03.2015 um 13:10 schrieb Nick Edwards:
>> On 3/26/15, Reindl Harald  wrote:
 bots have not learned from 55x messages  EVER they dont care, they
 never have they never will, they will resend their shit 50 times a
 second without hesitation anyone whos been a mail admin for more than
 5 years knows this
>>>
>>> in the time you wrote that paragraph you could have opened the
>>> attachment, the curve of RBL rejects moved dramatically down while the
>>> number of daily delivered mail is unchanged
>>
>> RBL blocks are still very significant around here, dont presume that
>> we see what you see, same as I'd never presume you'd see what we see,
>> I can say that with fact because the regions hitting our hamburg
>> servers are nothing like what hits our hong kong servers, and vice
>> versa
>
> a last reply to that thread:
>
> the point was not RBL's and whatz you see where, the point was that
> after switch to unconditionally reject instead drop the number of
> *delivery attempts* dramatically went down
>
> and since it is the same userbase, the same network and the same
> mailflow it's not a matter of what you and i see different - it is a
> matter of what i see different just by stop silent discard
>

i'm confused, its not a mater of what we see different but then you
say it is matter of what you see different, I think unknowingly you
agreed with me. Dont think we have not  looked at reject, we looked at
that years ago, never changed, just like we never saw graylisting as
beneficial, most the bastards still resend so we dropped that too, all
it did was delay legitimate mail.

Either way, the way you run your network suites you, and the way we
run ours suites us.
Just dont go round calling other organisations method shit or dumb or
silly or stupid because  you disagree with how we successfully choose
to run our networks, we could turn around and say the same about how
you run yours, but we dont because we  know and understand "each to
our own"


Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 12:09:58 +0100
Reindl Harald  wrote:

> why in the world would a reject *before queue* trigger a backscatter
> or bounce on my side?

How do you do before-queue rejection of a message that is...

1) Directed to multiple recipients...

2) Some of which have different spam thresholds or have even opted-out?

Solve that problem, and then I agree with you.  And saying "well, don't
let different end-users have different settings" is not a solution.
Neither is "tempfail all recipients but the first so the message
is transmitted one time for each recipient."

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 11:36:36 +0100
Reindl Harald  wrote:

> What make you think you have the right to put a mail for a different 
> person to /dev/null without reject it proper and so sender nor RCPT
> are aware?

People who sign up for our service do so knowing that we sometimes
silently discard spam.  If they don't agree, then they don't have to
use our service.

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David F. Skoll
On Thu, 26 Mar 2015 07:53:49 +0100
Reindl Harald  wrote:

> accepted means your SMTP sevrer responded with a 250 status code and
> not with a 4x temporary or 5x permanent error aka rejected the message

No.  Accepted means delivered to the end-user's mailbox.

As an analogy: I do not believe the postal system requires
acknowledgement of every single letter that ends up being delivered.
If you want delivery notification, you need to pay more for it.  In the
electronic world, if you want to be sure you've made contact with someone,
you call them up.

That is not how SMTP was designed.  But that is today's reality and it's
tilting at windmills to fight it.

Regards,

David.


signature.asc
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 13:10 schrieb Nick Edwards:

On 3/26/15, Reindl Harald  wrote:

bots have not learned from 55x messages  EVER they dont care, they
never have they never will, they will resend their shit 50 times a
second without hesitation anyone whos been a mail admin for more than
5 years knows this


in the time you wrote that paragraph you could have opened the
attachment, the curve of RBL rejects moved dramatically down while the
number of daily delivered mail is unchanged


RBL blocks are still very significant around here, dont presume that
we see what you see, same as I'd never presume you'd see what we see,
I can say that with fact because the regions hitting our hamburg
servers are nothing like what hits our hong kong servers, and vice
versa


a last reply to that thread:

the point was not RBL's and whatz you see where, the point was that 
after switch to unconditionally reject instead drop the number of 
*delivery attempts* dramatically went down


and since it is the same userbase, the same network and the same 
mailflow it's not a matter of what you and i see different - it is a 
matter of what i see different just by stop silent discard




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Nick Edwards
On 3/26/15, Reindl Harald  wrote:
>
> Am 25.03.2015 um 14:56 schrieb Nick Edwards:
>>> if i need to take the phone and ask the admin if a mail was discarded or
>>> just not delivered at the moment the mailservice is shit
>>
>> get into the real world, and there you go again someone does different
>> than reindl does so they must be shit.  jesus christ you have a lame
>> outlook on life, get used to the fact  because someone does something
>> different than you, doesnt mean its bad.
>
> you should get into the real world
>
> if iw rite a mail and don't get a bounce i have to expect it was
> delivered, if mail delivery is not trustable it is shit - not because
> you are doing it different than me - but because your mailservice is
> some sort of lottery
>


BINGO!

Thats exactly what mail delivery has been for nearing 25 years.

An Enormous number of service providers in the western world will
discard spam messages we do nothing special or out of the ordinary,
the lottery game is for the spammers, they have no idea if anyone read
their trash or not, if your message is not spam it would be delivered.

we have 3.8 million users, so I think we would know pretty quickly if
we were doing it wrong.

you will just have to accept the world doesnt follow your handbook or wishes.


>>> a reject at SMTP level in case of spam don't produce bounces anywhere,
>>> but the bot may interpret as "that RCPT don't accept mail" - with a
>>
>> bots have not learned from 55x messages  EVER they dont care, they
>> never have they never will, they will resend their shit 50 times a
>> second without hesitation anyone whos been a mail admin for more than
>> 5 years knows this
>
> in the time you wrote that paragraph you could have opened the
> attachment, the curve of RBL rejects moved dramatically down while the
> number of daily delivered mail is unchanged
>

RBL blocks are still very significant around here, dont presume that
we see what you see, same as I'd never presume you'd see what we see,
I can say that with fact because the regions hitting our hamburg
servers are nothing like what hits our hong kong servers, and vice
versa.

>


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Steve Freegard

Kevin,

On 26/03/15 11:18, Kevin A. McGrail wrote:

On 3/26/2015 7:09 AM, Reindl Harald wrote:

why in the world would a reject *before queue* trigger a backscatter
or bounce on my side?


To me, your recommend action makes you only worried about your tiny star
in the universe of mail servers and ignores the community responsibility
you have as an IT administrator.  *Your* actions are contributing to
backscatter and you have a *choice* to handle it differently *without
malicious intent* to make the computing world a better place.   I don't
care if your server does or doesn't end up actually sending the DSN.

For example, in the scenario where server A sends a virus to your server
B, my opinion is that I have a duty to act to protect the public at
large and go "this is a virus, send a dsn 200 and silently discard".

In any case, it does not appear you are going to change my opinion so
stop beating a dead horse, agree to disagree and let's move on.



Whilst I don't agree with Harald about the complete ban on silent 
discards; there is a time and place for any and all means at our 
disposal as e-mail administrators provided some common sense is applied, 
however I really don't agree with your viewpoint about rejections here:


> For example, in the scenario where server A sends a virus to your server
> B, my opinion is that I have a duty to act to protect the public at
> large and go "this is a virus, send a dsn 200 and silently discard".

In this case if server B rejects the message outright, then it is server 
A's responsibility to create a DSN/MDN and that absolutely doesn't make 
server B at fault at all, there is no 'community responsibility' to 
discard it whatsoever.


The biggest common cause for backscatter is all of the e-mail admins 
that have systems that don't reject invalid recipients at SMTP time but 
instead accept all recipients and then cause the MTA to bounce the 
message back to the return-path when the delivery fails.  It's these 
folks and their vendors that have a community responsibility to clean up 
their act.


Kind regards,
Steve.



Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David Jones
>From: Reindl Harald 

>been there short ago by receive 600 backscatters about messages i never sent

Hmmm.  Maybe someone on this list was trying to send you a strong hint.
For the record, that wasn't me but it did sound like a good idea to prove
a point about backscatter.


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 12:18 schrieb Kevin A. McGrail:

For example, in the scenario where server A sends a virus to your server
B, my opinion is that I have a duty to act to protect the public at
large and go "this is a virus, send a dsn 200 and silently discard"


and send the DSN to the forged sender - that's not "ignores the 
community responsibility you have as an IT administrator" - you have the 
duty to block that message, respond with a pretty clear text that it was 
rejected because malware (in the best case *which* malware) and the 
delivering MTA will send the bounce to his user


if the delivering machine is not a MTA but a botnet using forged senders 
it won't send a NDR to the victim - the receiving MTA producing NDR's 
would send to the victim of the forged envelope


been there short ago by receive 600 backscatters about messages i never sent



signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Antony Stone
On Thursday 26 March 2015 at 12:18:03 (EU time), Kevin A. McGrail wrote:

> stop beating a dead horse, agree to disagree and let's move on.

Thanks :)


Antony.

-- 
I want to build a machine that will be proud of me.

 - Danny Hillis, creator of The Connection Machine

   Please reply to the list;
 please *don't* CC me.


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 7:09 AM, Reindl Harald wrote:
why in the world would a reject *before queue* trigger a backscatter 
or bounce on my side?


To me, your recommend action makes you only worried about your tiny star 
in the universe of mail servers and ignores the community responsibility 
you have as an IT administrator.  *Your* actions are contributing to 
backscatter and you have a *choice* to handle it differently *without 
malicious intent* to make the computing world a better place.   I don't 
care if your server does or doesn't end up actually sending the DSN.


For example, in the scenario where server A sends a virus to your server 
B, my opinion is that I have a duty to act to protect the public at 
large and go "this is a virus, send a dsn 200 and silently discard".


In any case, it does not appear you are going to change my opinion so 
stop beating a dead horse, agree to disagree and let's move on.


Regards,
KAM



Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Niamh Holding

Hello David,

Thursday, March 26, 2015, 10:56:36 AM, you wrote:

DJ> I have never had customer ask to release a message that scored 2x
DJ> above our block threshold or had a virus so these are definitely safe to 
silent
DJ> discard as long as local laws allow it.

Quite, and we can and do vary the /dev/null score according to the
destination mailbox.

-- 
Best regards,
 Niamhmailto:ni...@fullbore.co.uk

pgpfByuGEnsgp.pgp
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 11:58 schrieb Kevin A. McGrail:

On 3/26/2015 6:20 AM, Reindl Harald wrote:


and everybody acting that way for mails which are not only his own
should refrain from maintain a mailserver because he is playing
lottery with other peolles communication


You are inherently entitled to your opinion but we will have to agree to
disagree because I believe the exact opposite that if you are not
capable of knowing the cases to properly silently discard email than you
have no business running a mailserver because you'll do more harm than
good to the overall ecosystem.  At a very minimum, you should fully
understand the impact of backscatter as well as the extremely viable
vector for spamming/spreading malware through the use of forged headers
to relay payloads through NDRs/DSNs


why in the world would a reject *before queue* trigger a backscatter or 
bounce on my side?


the whole purpose is to *not* produce bounces *nor* silent discard - the 
sending MTA is repsonsible for bounces to *his* users after a reject and 
a bot just ignores the reject


if you are talk about "have no business running a mailserver" and 
"you'll do more harm than good" you should know that




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 11:56 schrieb David Jones:

From: Reindl Harald 

And that is a silent discard.  You are accepting responsibility for the
email, telling no one anything more and discarding it with out DSN/NDR



and everybody acting that way for mails which are not only his own
should refrain from maintain a mailserver because he is playing lottery
with other peolles communication


I filter for over 100,000 mailboxes with MailScanner so silent discards happen
all the time with no issues from our customers.  It's going to be different for
each environment so it's not a hard rule


the environment don't matter, silent discard of wrong classified mails 
is harm you are doing to users and not to machines - i was affected by 
such a behavior because talking about PTR filtering in a mail-thread and 
some of the hostname domains where on URI blacklists


i tell you waht my reaction as responsible admin was:

* a existing and payed service contract until end of 2016
* within 2 weeks day and night replaced and de-commisioned the appliance

not because my personal false positives, just because i can't take 
responsibility and give customers qualified answers in case of a 
gambling machine as MX



If you have other protections setup around SA like RBLs to reject, honeypot
MXes that tempfail, etc., then SA only has to scan a small percentage of your
messages.  This equates to a very small percentage of silent discards for 
obvious
spam which keeps you from being part of the backscatter problem.
A large percentage of mail that makes it to my SA is clean mail.  I do have the
occasional false positive but we quarantine everything and can release it as
needed.  I have never had customer ask to release a message that scored 2x
above our block threshold or had a virus so these are definitely safe to silent
discard as long as local laws allow it.


"so silent discards happen" and "false positive but we quarantine 
everything and can release it" at the same time?


yes with RBL scoring, honeypot MX and so on only a very small percentage 
of mail touchs SA at all - that's why it scales also with a large user 
number to make the filtering before queue




signature.asc
Description: OpenPGP digital signature


Laws on Quarantine, Discard, Archive, Queuing, etc. was Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 6:56 AM, David Jones wrote:

  I do have the
occasional false positive but we quarantine everything and can release it as
needed.  I have never had customer ask to release a message that scored 2x
above our block threshold or had a virus so these are definitely safe to silent
discard as long as local laws allow it.
Out of interest, anyone ever run afoul of things like the EU Data 
Protection Directive 
(http://en.wikipedia.org/wiki/Data_Protection_Directive) and similar 
laws with email quarantine, archive and queuing?


Anyone have any specific laws that have caused legal issues?

regards,
KAM


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 6:20 AM, Reindl Harald wrote:


and everybody acting that way for mails which are not only his own 
should refrain from maintain a mailserver because he is playing 
lottery with other peolles communication


You are inherently entitled to your opinion but we will have to agree to 
disagree because I believe the exact opposite that if you are not 
capable of knowing the cases to properly silently discard email than you 
have no business running a mailserver because you'll do more harm than 
good to the overall ecosystem.  At a very minimum, you should fully 
understand the impact of backscatter as well as the extremely viable 
vector for spamming/spreading malware through the use of forged headers 
to relay payloads through NDRs/DSNs.


While this behavior was helpful to identify compromised machines perhaps 
a decade ago, the techniques have long since switched to malicious 
behavior.


Your decision and advocacy for others to follow this path makes you a 
complicit bystander to how the bad guys work. And I can present facts, 
RFCs, best practices, logs, legal analysis, experts on the matter, etc.  
All you've stated is some amorphous laws (unquoted) based apparently in 
a country where I don't live.


Additionally, you will not convince me to change with a stance akin to 
politicians being infallible and that the law shouldn't be changed.  If 
you live in a place with such a law, you should lobby to improve the law.


I live in Virginia in the US and on the face, you might saw, OMG, KAM is 
breaking the law 
https://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-152.4 for 
Computer Trespass.  However you will notice the clause at the top that 
requires "malicious intent".  My intent is not malicious.  My intent is 
to protect the public at large.


If you run a mail server that is sending DSNs/NDRs for everything, you 
might want to at least start and consider how you handle forged and 
malicious emails.  My strong recommendation is that you consider silent 
discard of items that have extremely low FPs as a start such as items 
identified as having a malicious payload by ClamAV with default rules.


I also suggest you read 
http://www.pccc.com/base.cgim?template=sage_code_of_ethics  I call it 
the IT ten commandments and believe strongly that if you follow it in 
your work, you will find yourself rising to the upper echelon of IT admins.


regards,
KAM


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread David Jones
>
>From: Reindl Harald 
>Sent: Thursday, March 26, 2015 5:20 AM
>To: users@spamassassin.apache.org
>Subject: Re: Spamassassin not catching spam (Follow-up)

>Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail:
>> On 3/26/2015 2:53 AM, Reindl Harald wrote:
>>>
>>> Am 26.03.2015 um 01:25 schrieb David F. Skoll:
>>>> On Wed, 25 Mar 2015 16:08:34 -0600
>>>> "@lbutlr"  wrote:
>>>>> You can reject who you want in Germany too, you just can___t delete a
>>>>> message that you___ve already accepted.
>>>>
>>>> What does "accepted" mean?  Redirecting a message to /dev/null means you
>>>> didn't accept it
>>>
>>> accepted means your SMTP sevrer responded with a 250 status code and
>>> not with a 4x temporary or 5x permanent error aka rejected the message
>>>
>>> don't get me wrong but that's absolute basics
>>
>> And that is a silent discard.  You are accepting responsibility for the
>> email, telling no one anything more and discarding it with out DSN/NDR

>and everybody acting that way for mails which are not only his own
>should refrain from maintain a mailserver because he is playing lottery
>with other peolles communication

I filter for over 100,000 mailboxes with MailScanner so silent discards happen
all the time with no issues from our customers.  It's going to be different for
each environment so it's not a hard rule.
If you have other protections setup around SA like RBLs to reject, honeypot
MXes that tempfail, etc., then SA only has to scan a small percentage of your
messages.  This equates to a very small percentage of silent discards for 
obvious
spam which keeps you from being part of the backscatter problem.
A large percentage of mail that makes it to my SA is clean mail.  I do have the
occasional false positive but we quarantine everything and can release it as
needed.  I have never had customer ask to release a message that scored 2x
above our block threshold or had a virus so these are definitely safe to silent
discard as long as local laws allow it.
Dave

Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Antony Stone
On Thursday 26 March 2015 at 11:36:36 (EU time), Reindl Harald wrote:

> Am 26.03.2015 um 11:27 schrieb Niamh Holding:
> > Hello Reindl,
> > 
> > Thursday, March 26, 2015, 10:20:15 AM, you wrote:
> > 
> > What make you think you have the right to tell me what's appropriate in
> > our setup?
> > 
> > Arrogant or what?
> 
> What make you think you have the right to put a mail for a different
> person to /dev/null without reject it proper and so sender nor RCPT are
> aware?
> 
> Arrogant or what?

On Thursday 26 March 2015 at 11:32:42 (EU time), Axb wrote:

> PLEASE move this off topic noise/troll traffic to alt.test

Seconded.


Antony.

-- 
"The future is already here.   It's just not evenly distributed yet."

 - William Gibson


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 11:27 schrieb Niamh Holding:

Hello Reindl,

Thursday, March 26, 2015, 10:20:15 AM, you wrote:

RH> and everybody acting that way for mails which are not only his own
RH> should refrain from maintain a mailserver because he is playing lottery
RH> with other peolles communication

What make you think you have the right to tell me what's appropriate in
our setup?

Arrogant or what?


What make you think you have the right to put a mail for a different 
person to /dev/null without reject it proper and so sender nor RCPT are 
aware?


Arrogant or what?



signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Axb

On 03/26/2015 11:27 AM, Niamh Holding wrote:


Hello Reindl,

Thursday, March 26, 2015, 10:20:15 AM, you wrote:

RH> and everybody acting that way for mails which are not only his own
RH> should refrain from maintain a mailserver because he is playing lottery
RH> with other peolles communication

What make you think you have the right to tell me what's appropriate in
our setup?

Arrogant or what?



PLEASE move this off topic noise/troll traffic to alt.test






Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Niamh Holding

Hello Reindl,

Thursday, March 26, 2015, 10:20:15 AM, you wrote:

RH> and everybody acting that way for mails which are not only his own 
RH> should refrain from maintain a mailserver because he is playing lottery 
RH> with other peolles communication

What make you think you have the right to tell me what's appropriate in
our setup?

Arrogant or what?

-- 
Best regards,
 Niamhmailto:ni...@fullbore.co.uk

pgp9YFh4qdhzY.pgp
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Reindl Harald


Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail:

On 3/26/2015 2:53 AM, Reindl Harald wrote:


Am 26.03.2015 um 01:25 schrieb David F. Skoll:

On Wed, 25 Mar 2015 16:08:34 -0600
"@lbutlr"  wrote:

You can reject who you want in Germany too, you just can___t delete a
message that you___ve already accepted.


What does "accepted" mean?  Redirecting a message to /dev/null means you
didn't accept it


accepted means your SMTP sevrer responded with a 250 status code and
not with a 4x temporary or 5x permanent error aka rejected the message

don't get me wrong but that's absolute basics


And that is a silent discard.  You are accepting responsibility for the
email, telling no one anything more and discarding it with out DSN/NDR


and everybody acting that way for mails which are not only his own 
should refrain from maintain a mailserver because he is playing lottery 
with other peolles communication




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-26 Thread Kevin A. McGrail

On 3/26/2015 2:53 AM, Reindl Harald wrote:


Am 26.03.2015 um 01:25 schrieb David F. Skoll:

On Wed, 25 Mar 2015 16:08:34 -0600
"@lbutlr"  wrote:

You can reject who you want in Germany too, you just can___t delete a
message that you___ve already accepted.


What does "accepted" mean?  Redirecting a message to /dev/null means you
didn't accept it


accepted means your SMTP sevrer responded with a 250 status code and 
not with a 4x temporary or 5x permanent error aka rejected the message


don't get me wrong but that's absolute basics 


And that is a silent discard.  You are accepting responsibility for the 
email, telling no one anything more and discarding it with out DSN/NDR.


Regards,
KAM


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Reindl Harald


Am 26.03.2015 um 01:25 schrieb David F. Skoll:

On Wed, 25 Mar 2015 16:08:34 -0600
"@lbutlr"  wrote:

You can reject who you want in Germany too, you just can___t delete a
message that you___ve already accepted.


What does "accepted" mean?  Redirecting a message to /dev/null means you
didn't accept it


accepted means your SMTP sevrer responded with a 250 status code and not 
with a 4x temporary or 5x permanent error aka rejected the message


don't get me wrong but that's absolute basics



signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Niamh Holding

Hello David,

Thursday, March 26, 2015, 12:25:30 AM, you wrote:

DFS> that a message is either delivered

It is delivered to the appropriate place, it just happens that that place
is /dev/null

-- 
Best regards,
 Niamhmailto:ni...@fullbore.co.uk

pgp63jipFQW2m.pgp
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Niamh Holding

Hello Reindl,

Wednesday, March 25, 2015, 7:39:56 PM, you wrote:

RH> stop kidding or do you *really* pretend you never had a false positive?

Not that scored highly enough to be dumped rather than put in a spam
folder.

-- 
Best regards,
 Niamhmailto:ni...@fullbore.co.uk

pgpAt5Fl6u_MT.pgp
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread David F. Skoll
On Wed, 25 Mar 2015 16:08:34 -0600
"@lbutlr"  wrote:

> There is a difference between ___block___ and ___silently discard___.

> Blocking is fine, silently discarding is just evil and should be
> illegal everywhere.

Nonsense.

Silently discarding is sometimes the only sensible thing to do.  If
you have users with different spam settings (or perhaps some who have
opted-out of spam-scanning completely), there's no sensible way to
handle a multi-recipient message.  You either have to tempfail all
recipients after the first so you can process with each recipient's
settings during SMTP, which is horrible, or you have to generate DSNs
for the recipients who reject the message, which will get you
blacklisted as a backscatterer.

> You can reject who you want in Germany too, you just can___t delete a
> message that you___ve already accepted.

What does "accepted" mean?  Redirecting a message to /dev/null means you
didn't accept it.

I used to be in the "never silently discard camp", but unfortunately the
email environment has become so hostile that I can no longer keep the
promise of the original SMTP that a message is either delivered or
the sender notified of non-delivery.  Promising that in every single
case is, alas, no longer feasible.

Regards,

David.


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread @lbutlr
On 25 Mar 2015, at 06:34 , Nick Edwards  wrote:
> It only applies to German based providers, located in Germany, serving 
> Germany.
> A similar rule applies in Sweden too, and there are exceptions.

There is a difference between “block” and “silently discard”.

Blocking is fine, silently discarding is just evil and should be illegal 
everywhere.

> I can reject who or what I want, because I'm not based in Germany,

You can reject who you want in Germany too, you just can’t delete a message 
that you’ve already accepted.


-- 
people didn't seem to be able to remember what it was like with the
elves around. Life was certainly more interesting then, but usually
because it was shorter. And it was more colourful, if you liked the
colour of blood. --Lords and Ladies



Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Reindl Harald


Am 25.03.2015 um 20:03 schrieb Niamh Holding:

Hello Reindl,

Wednesday, March 25, 2015, 5:15:22 PM, you wrote:

RH> the support calls for silent discard are more and contain more bad
RH> energy

Never been contacted by a spammer as to why their message ended up in
/dev/null


stop kidding or do you *really* pretend you never had a false positive?



signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Niamh Holding

Hello Reindl,

Wednesday, March 25, 2015, 5:15:22 PM, you wrote:

RH> the support calls for silent discard are more and contain more bad 
RH> energy

Never been contacted by a spammer as to why their message ended up in
/dev/null

-- 
Best regards,
 Niamhmailto:ni...@fullbore.co.uk

pgpprI0DFYQhc.pgp
Description: PGP signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Reindl Harald


Am 25.03.2015 um 17:59 schrieb Axb:

Both methods have their advantages - it always depends on what your
user's expect/wish/hope for AND not to be forgotten: How many support
tickets could all the rejects trigger?
Depending on your user base, it could be more than you wish for


that's why you careful consider a score above you reject which is way 
higher than the score above you just flag a message


at the begin with a new setup set it exremely high, than take the 
messages to train bayes in both directions and over time you can slowly 
lower the reject-score to values where you still be sure that you have 
very few to zero false positives


the support calls for silent discard are more and contain more bad 
energy when somebody finds out days later that the message the other 
side talks about on the phone never was delivered and no NDR sent




signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Reindl Harald



Am 25.03.2015 um 17:23 schrieb Dave Wreski:

Hi,


RH> i don't know the UK laws but in germany it's for sure not allowed
RH> because it's legally classified identical to a postman says "meh i
don't
RH> walk to go upstairs today and throw the letter away"

RH> if you pretend to provide relieable mailservices it should be
logically
RH> that discard instead reject so that none of both parties can take
notice
RH> in case of false positives is not that smart

Better go tel MS as that's exactly what hotmail and live do


because others do wrong is not a good justification


I hoped I could ask for a little more of an explanation.

I'm willing to rely on RBLs and postscreen to make outright reject
decisions, but I'm not sure I want spamassassin/amavisd doing that.
Silently quarantining viruses and spam is how it's been done here for a
while.
So this method eliminates the content_filter configuration in postfix,
where the messages are queued.

I can see this new method being suitable for smaller networks, but
without any queuing capability, how does it scale?


since most messages are still killed with postscreen and smtpd rules 
*before* the milter it scales not that bad - 1200 valid users and zero 
load over 8 months now


the barracuda virtual appliance using silent drop in many cases had 
magnitudes more system load and given that the Spamfilter-VM now has 
only 4 cores assigned i don't see a scale problem for many years


current month:

Connections:   407725
Delivered: 50896
Blocked:   356829
Invalid User:  7875
Disallowed User:   53
Reject Postscreen: 221739
Reject Postfix:15765
Reject Milter: 4278
Reject Temporary:  1232
Blacklist: 218434
Pregreet:  24446
Hangup:265877
Protocol Error:2098
Illegal Syntax:9
SpamAssassin:  4167
Virus: 111
Helo:  936
Subject:   107
Attachment:12
Header Length: 14
Sender Regex:  126
Sender Blocked:211
Sender Verify: 286
Sender Invalid:305
Sender Spoofed:7
Sender Parked: 11
PTR Missing:   153
PTR Generic:   430
SPF:   570


Also, if there is even a temporary interruption in amavis' ability to
operate, mail will be rejected.


temporary with a 4xx - the same as you do with greylisting for every new IP


Do large scale operators implement this proxy filter approach, and if
so, aren't there any problems with processing times?

It seems the real advantage to doing it this way is the ability to
quickly reject mail not already rejected by zen/postscreen/etc. Is that
really such a big benefit?


the real benefit is that you don't receive high score junk at all


And not even all spam would be rejected - only those you felt were over
a predetermined threshold, correct? Why not just quarantine it all,
giving the user the ability to determine if they want to go looking for it?


because my users and virtually all people i know prefer to *not* face 
high score junk at all, not flagged and not in quarantine - hence they 
forward me all flagged mails for training


why would i want to have a message with a score above 20 delivered at all

quarantine don't work well at all - we had that over 8 years and most of 
the time in case of waiting for important mails people forgot their user 
credentials and wanted to look if it is in quarantine, looked in the 
junk folder, called me by phone if i know what's with a specific message


setup a filter working on a 95% hit level in case of rejects, deliver 
the remaining 5% flagged and be able to make a clear statement "if the 
message would have been rejected the sender would know unconditional" 
leaded in 2 phone calls over 8 months versus 2 each day over years






signature.asc
Description: OpenPGP digital signature


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Axb
While a few here think this is god's gift to mankind, it's ONE way to do 
it...


On 03/25/2015 05:23 PM, Dave Wreski wrote:


I hoped I could ask for a little more of an explanation.

I'm willing to rely on RBLs and postscreen to make outright reject
decisions, but I'm not sure I want spamassassin/amavisd doing that.
Silently quarantining viruses and spam is how it's been done here for a
while.

So this method eliminates the content_filter configuration in postfix,
where the messages are queued.

I can see this new method being suitable for smaller networks, but
without any queuing capability, how does it scale?


Postini was prequeue, inline with target server... BUT.. what juice did 
they use in the background I don't know. Certainly not SA.



Also, if there is even a temporary interruption in amavis' ability to
operate, mail will be rejected.


afaik, on fail accept or 450 - configurable


Do large scale operators implement this proxy filter approach, and if
so, aren't there any problems with processing times?


There are some large service providers doing but they use customized 
MTAs and no fat SA/Perl regex parties.


Also, in a well connected world it works fine, but what happens with 
sluggish connections from Indonesia or Bolivia ? Lord knows...



It seems the real advantage to doing it this way is the ability to
quickly reject mail not already rejected by zen/postscreen/etc. Is that
really such a big benefit?


Depends... [1] no matter how loud ppl get about the benefits (and trust 
me, they're persistent) only you can decide if it will work for your 
traffic. Trust YOUR judgement only  - not the rabid advocate's



And not even all spam would be rejected - only those you felt were over
a predetermined threshold, correct? Why not just quarantine it all,
giving the user the ability to determine if they want to go looking for it?


See [1]
Both methods have their advantages - it always depends on what your 
user's expect/wish/hope for AND not to be forgotten: How many support 
tickets could all the rejects trigger?

Depending on your user base, it could be more than you wish for.

In the end, trust your gut feeling and take what lets you sleep best. 
Nobody will thank you for gettting high pressure and a stroke.


Axb


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread Dave Wreski

Hi,


RH> i don't know the UK laws but in germany it's for sure not allowed
RH> because it's legally classified identical to a postman says "meh i
don't
RH> walk to go upstairs today and throw the letter away"

RH> if you pretend to provide relieable mailservices it should be
logically
RH> that discard instead reject so that none of both parties can take
notice
RH> in case of false positives is not that smart

Better go tel MS as that's exactly what hotmail and live do


because others do wrong is not a good justification


I hoped I could ask for a little more of an explanation.

I'm willing to rely on RBLs and postscreen to make outright reject 
decisions, but I'm not sure I want spamassassin/amavisd doing that. 
Silently quarantining viruses and spam is how it's been done here for a 
while.


So this method eliminates the content_filter configuration in postfix, 
where the messages are queued.


I can see this new method being suitable for smaller networks, but 
without any queuing capability, how does it scale?


Also, if there is even a temporary interruption in amavis' ability to 
operate, mail will be rejected.


Do large scale operators implement this proxy filter approach, and if 
so, aren't there any problems with processing times?


It seems the real advantage to doing it this way is the ability to 
quickly reject mail not already rejected by zen/postscreen/etc. Is that 
really such a big benefit?


And not even all spam would be rejected - only those you felt were over 
a predetermined threshold, correct? Why not just quarantine it all, 
giving the user the ability to determine if they want to go looking for it?


Thanks,
Alex


Re: Spamassassin not catching spam (Follow-up)

2015-03-25 Thread RW
On Tue, 24 Mar 2015 14:10:48 -0500
Lorenzo Thurman wrote:

> I contacted the list a couple of weeks ago about SA not missing a lot
> of spam I thought it should be catching. There duplicates of message
> that I had put through sa-learn, that were still getting passed. One
> of the suggestions offered here, after posting my command line here,
> was that I should run sa-learn as the user not, as root (silly
> mistake). That did improve SA?s ability to catch spam. It cut it down
> to ~1/2, but I thought there was more I could do. So, after more
> digging, I found this script:
> http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
>  I had
> been using the default Ubuntu configuration, but after implementing
> this script, I?ve found SA catching ~90-95% of the spam. So my faith
> is now restored. Thanks

I don't see anything obvious in that script that would change the
performance of spamassassin itself - other that the "tweak" to change
the threshold to 3.0.


  1   2   >