On Fri, Jun 01, 2007 at 08:11:06PM -0400, Jim Popovitch wrote: > On Fri, 2007-06-01 at 18:44 -0400, Phil Dyer wrote: > > Hey, I thought they caught the spam king and we weren't going to get any > > more of this... :P > > The lack of security with murphy.debian.org, wrt spam pass-through, > makes me wonder sometimes about the security of Debian. If the Debian > engineers are so awesome with security of email applications (Postfix, > Thunderbird, Evolution, ClamAV, Mailman, Spamassassin, etc.), and I > believe they are awesome, why can't someone within the same organization > properly secure a mailinglist server? My Debian based > Postfix/ClamAV/Spamassassin/Mailman system doesn't let spam like that > through to the mailinglists, so it is a fixable problem. If anyone > wants help fixing it, please let me know. > This has been brought up many times before. According to Pascal Hakim (one of the list masters), as of July 2004: Despite popular misconceptions, the listmasters are not currently injecting extra spam into the lists when we feel the spam level is too low, and we have been trying to decrease the amount of spam constantly. For an idea of how things are going there, murphy.d.o, (our list server) is currently blocking over 60,000 emails a day. Unfortunately, this is still not good enough as there is still a fair amount of spam going onto the lists. [0] That was nearly three years ago. More recently this discussion came up on debian-user [1]: All the rest of the numbers are for March: CrossAssassin: 7375 SpamAssassin: 4672 Other filters: 333 -> subtotal: 12380 Total blocked spam: ~37700 Actual messages pushed through the list: 3404 ... I went through the archive for March, and pulled out the numbers. I found 25 spam messages, which leaves us with 3379 valid messages. ... 25/37700 works out to be 0.066% of spam not being blocked. Again, those are the words of Pascal Hakim, one of the list masters. So, the short version is that you bet that all of the mail that actually gets through to Debian mailing lists represents less than 10% of the mail that arrives at the Debian mailing list server. Considering the astonishing amount of spam that gets blocked, I say that they have done outstanding job. Besides, when there are obvious attacks (like spams start flooding into the BTS or onto the lists that have managed to get past the filters, the list masters jump into action and modify the filters to catch the new spam flood. Does your mail server perform better than allowing 0.066% of spam through for a comparable level of traffic? I know mine doesn't. I'd love it if my filters were even half as effective as those on the Debian mail servers. Regards, -Roberto [0] http://lists.debian.org/debian-devel-announce/2004/07/msg00013.html [1] http://lists.debian.org/debian-user/2006/04/msg00723.html -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature