Re: [spam subject elided] (fwd)

To: debian-laptop@lists.debian.org
Subject: Re: [spam subject elided] (fwd)
From: Rich Kulawiec <rsk@gsp.org>
Date: Sat, 15 Dec 2018 08:29:15 -0500
Message-id: <[🔎] 20181215132915.GA19625@gsp.org>
In-reply-to: <[🔎] 20181203011018.jtb4vou2htdnvnha@basil.wdw>
References: <[🔎] alpine.BSF.2.21.9999.1812030946580.52810@aneurin.horsfall.org> <[🔎] 20181203011018.jtb4vou2htdnvnha@basil.wdw>

On Sun, Dec 02, 2018 at 08:10:19PM -0500, Marvin Renich wrote:
> Third, the list masters are professional and expert email
> administrators, and they volunteer their time to run the Debian mailing
> lists.  Characterizing them as idiots is not only extremely rude, but as
> far from the truth as you can get.

The results -- as measured by the unacceptable quantity of spam that
gets through to the various debian-* lists -- do not suggest that
they're being run by professionals/experts.   I would rate their
performance as a "D", no better.

Moreover, a great deal of the spam that gets through repeatedly
comes from the same domains/hosts/networks/senders, indicating
that list administrators are not doing what they should do --
which is to individually analyze every FN and figure out if measures
can be put in place to stop the next occurence.  (This isn't
always possible.  However, having done this very exercise on 
a substantial corpus of debian-* list spam, I can attest that
it works in the majority of cases present here.)  (Why did I do this?
Because one of the things I've learned in decades of running mailing
lists is that spammers who target one are likely to target another.
It's thus wise to pre-emptively block them whenever possible.  Getting
hit once from a spammer is forgiveable.  Getting hit repeatedly when
you could have easily stopped them is not.)

This doesn't mean that the people running this list aren't hardworking
volunteers.  I'll take your word that they are. That's a good thing.
But they're not even remotely close to professionals/experts, because
professionals/experts simply would not allow this miserably poor
performance to persist for years at a time.

Dave's volunteered to help.  So have I -- and like him, I never received
any response.  One would think that people who are obviously struggling
to understand and implement the rudiments of antispam best practices
would be glad to receive free consulting services from people who've
been there and done that for a *very* long time.

Among the steps that should be taken, and this is off the top of my
head so will clearly be incomplete:

	1. Dump smartlist, switch to latest revision of Mailman 2.x.
	2. Configure Mailman to hold mesages from nonsubscribers.
	3. Process hold queue, whitelist/blacklist as necessary, 
	4. Implement Spamhaus DROP and EDROP at perimeter.
	5. Implement Spamhaus Zen DBSBL in MTA.
	6. Install simple pattern matching for well-known spammer
		domains/LHS/senders/hosts in the MTA.  Make sure
		it's under revision control.
	7. Implement DNS checks in the MTA (including enforcing FCrDNS,
		enforcing valid HELO/EHLO, etc.)
	8. Install pattern matching for dynamic subdomains in the MTA.
	9. Add the usual malware/phish/ratware pattern matches in the MTA.

Steps 2, 6 and 7 would suffice to stop a lot of the spam that makes
it way through to the debian-* lists.  Not all.  But a lot.

You didn't like Dave's tone.  You probably won't like mine either.
You can either focus on that, or you can start trying to learn and
do better, for the sake of Debian project/community/ecosystem.

---rsk

Reply to:

References:
- richiesta ordine (fwd)
  - From: Dave Horsfall <dave@horsfall.org>
- Re: [spam subject elided] (fwd)
  - From: Marvin Renich <mrvn@renich.org>

Prev by Date: Re: unsuscribe
Next by Date: Noveau framebuffer
Previous by thread: Re: [spam subject elided] (fwd)
Next by thread: Re: richiesta ordine (fwd)
Index(es):
- Date
- Thread