[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Fri, Jun 01, 2007 at 08:11:06PM -0400, Jim Popovitch wrote:
> On Fri, 2007-06-01 at 18:44 -0400, Phil Dyer wrote:
> > Hey, I thought they caught the spam king and we weren't going to get any
> > more of this... :P
> The lack of security with murphy.debian.org, wrt spam pass-through,
> makes me wonder sometimes about the security of Debian.  If the Debian
> engineers are so awesome with security of email applications (Postfix,
> Thunderbird, Evolution, ClamAV, Mailman, Spamassassin, etc.), and I
> believe they are awesome, why can't someone within the same organization
> properly secure a mailinglist server?  My Debian based
> Postfix/ClamAV/Spamassassin/Mailman system doesn't let spam like that
> through to the mailinglists, so it is a fixable problem.  If anyone
> wants help fixing it, please let me know.
This has been brought up many times before.  According to Pascal Hakim
(one of the list masters), as of July 2004:

   Despite popular misconceptions, the listmasters are not currently
   injecting extra spam into the lists when we feel the spam level is
   too low, and we have been trying to decrease the amount of spam
   constantly. For an idea of how things are going there, murphy.d.o,
   (our list server) is currently blocking over 60,000 emails a
   day. Unfortunately, this is still not good enough as there is still
   a fair amount of spam going onto the lists. [0]

That was nearly three years ago.

More recently this discussion came up on debian-user [1]:

  All the rest of the numbers are for March:
  CrossAssassin: 7375
  SpamAssassin:  4672
  Other filters:  333
   -> subtotal: 12380
  Total blocked spam: ~37700

  Actual messages pushed through the list: 3404


  I went through the archive for March, and pulled out the numbers. I
  found 25 spam messages, which leaves us with 3379 valid messages.


  25/37700 works out to be 0.066% of spam not being blocked.

Again, those are the words of Pascal Hakim, one of the list masters.
So, the short version is that you bet that all of the mail that actually
gets through to Debian mailing lists represents less than 10% of the
mail that arrives at the Debian mailing list server.  Considering the
astonishing amount of spam that gets blocked, I say that they have done
outstanding job.

Besides, when there are obvious attacks (like spams start flooding into
the BTS or onto the lists that have managed to get past the filters, the
list masters jump into action and modify the filters to catch the new
spam flood.

Does your mail server perform better than allowing 0.066% of spam
through for a comparable level of traffic?  I know mine doesn't.  I'd
love it if my filters were even half as effective as those on the Debian
mail servers.



[0] http://lists.debian.org/debian-devel-announce/2004/07/msg00013.html
[1] http://lists.debian.org/debian-user/2006/04/msg00723.html

Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: