On Wed, 17 Oct 2007, Matthias Leisi wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Mahoney, System Admin schrieb:
Livejournal's purely a mail forwarding service (i.e. there's no way to
POP/IMAP that account)
As far as I know, there are mails originating from LJ itself (eg
notifications etc)?
No, Livejournal also gives you a [EMAIL PROTECTED] email
address. Yes, they do also originate mail (for which we have things like
SPF (which they do), DomainKeys, DKIM (which they don't, and in fact they
may have an error for) -- as well as some of the more esoteric things like
HashCash, GnuPG-signing, etc etc.)
and if they can't effect proper controls on how
mail is sent through them, then they shouldn't be trusted at all.
On my end, I have degrees of control (false MXes, Blacklists,
whitelists, greylists, sender callbacks, etc). I have no such control
over the LJ MX'es.
Correct. But by setting (in your local.cf or equivalent)
| trusted_networks 204.9.177.18
you are telling SpamAssassin that this relay is not operated by a
spammer and that it should apply all black-/whitelist rules etc. to the
IP address one more hop away. Then, in the context of SpamAssassin, you
regain full control of connection-oriented rules.
interesting point, I suppose. Kinda breaks the logic of "trusted
networks". On the same note, would it not be more useful to, instead of
using the static trusted_networks configuration, to use the DNSWL to
determine if that logic should be in play? Or some kind of database of
known forwarding services that work in such a manner?
That's not fully equivalent to having the actual "spamming connection"
to deal with, but as close as it gets -- if you need it "closer", you
should not use forwarding services.
Forwarding services are edge case in spamfiltering. Usually, such a
service is itself perfectly trustworthy and not the actual source of
spam, and care must be taken not to unduly penalize these services for
forwarded spam.
The problem therein lies in the fact that LJ notifications (comment
notifications, friendslist notifications, account verification emails,
etc) are passed through the exact same MXes as the
[EMAIL PROTECTED] forwarding service.
I've proposed a reporting plugin on the sa-users list, that allows (both
for yourself, as well as other whitelists) for the list-owner to be
notified with details of high-spam activity (at which point, I guess,
you guys could pass that on to your whitelisted groups, and/or adjust
categories accordingly.
As I've answered before: That's already on the todo list. However, the
main problem is not the plugin per se (technically, that is rather
simple), but identifying trustworthy submitters.
I suppose that depends on what we submit. If it's something verifiable
(like, messageID:originating ip:spam level, it's easy). Just as with
spamcop, one can choose to omit the message-id so that the spammers cannot
track who is the spamtrap and listwash, but such reports could be given a
lower precedence.
--
"You're a nomad billygoat!"
-Juston, July 18th, 2002
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
