Re: spam sent to debian.org addresses

To: debian-project@lists.debian.org
Subject: Re: spam sent to debian.org addresses
From: Ian Jackson <ian@davenant.greenend.org.uk>
Date: Thu, 26 Jun 2003 19:35:27 +0100
Message-id: <[🔎] 16123.15599.733776.455912@davenant.relativity.greenend.org.uk>
In-reply-to: <20030429185043.GB4845@wonderland.linux.it>
References: <20030429185043.GB4845@wonderland.linux.it>

Marco d'Itri writes ("spam sent to debian.org addresses"):
> What's wrong with our mail system? Why can't the debian admins blacklist
> a well known spammer, or even better use a reputable DNSBL like SBL?

I too find that the amount of spam I get via Debian systems is quite a
problem.  Many of our mailinglists are virtually unuseable due to the
spam volume.  Also, I imagine that our mail administrators must junk
all bounced bounces (because they'll have so many of them), so that
our mail is not reliable either.

There are a wide variety of tools out there than can help a lot.
While most of them nowadays don't require uniform policy for the whole
mailserver, many do require some support from the sysadmins.

For example, dnsbl-based filtering can only sensibly be done when the
dnsbl is configured on the incoming mailserver, even if it only adds
warning headers for per-user filtering further downstream.

As another example, my own antispam software (SAUCE) must be installed
on the MX, but can delegate control of policy to each individual
recipient user so that each user can choose whether they would like to
accept `doubtful' mail, make exceptions for particular correspondents,
etc.

Also, I note that debian.org has secondary and tertiary MXs !  This is
nearly always a bad idea nowadays - it just leads to spammers
bypassing your attempts at policy control, to increased bounced
bounces, etc.

Personally I'd be very happy if the admin team were to install SAUCE
on murphy.  I'd even be willing to help install and run it.

(I know that SAUCE isn't very popular in some quarters, particularly,
people who like to do SMTP direct from dynamic ISP pools or who have
broken reverse DNS.  But surely as a mail recipient I should be able
to decide for myself whether I want to receive such mail ?  SAUCE
would give me that ability, without compromising the ability of other
users to choose otherwise.)

In any case, using very-low-false-positive dnsbls like the Spamhaus
list is an obvious step that ought to be taken straight away.

Ian.

Reply to:

Follow-Ups:
- Re: spam sent to debian.org addresses
  - From: Josip Rodin <joy@srce.hr>

Prev by Date: Re: EPSON appreciates your feedback by June 30, '03 - Debian
Next by Date: Bug#199214: project: dependency perlapi-5.6.1 removed from sarge prematurely
Previous by thread: Re: MPE ???
Next by thread: Re: spam sent to debian.org addresses
Index(es):
- Date
- Thread