[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PATCH for spamass-milter to solve Debian list spam->bounce issue (Was:- Spamming the World through Open Debian Mailinglists....)

[ Nicely showing good will - Merry X-mas everyone! ]

Don Armstrong wrote:

> On Sat, 27 Dec 2008, Jeroen Massar wrote:

>> And yes, my SMTP server and those of a lot of other people will
>> CORRECTLY refuse to accept mail classified as spam and correctly
>> give a 500 SMTP error code as the server will refuse to deliver it.
> If you sign up for mail from mailing lists, just discard mail that you
> don't want to read that comes in from us with Priority: bulk or List-*
> headers instead of bouncing it. A mailing list is little more than a
> glorified mail forwarder: bouncing forwarded mail is wrong.

As you are the package maintainer of spamass-milter, which is my weapon
of choice for rejecting messages together with postfix (hey same setup
as the list box! ;), please check the patch I just posted for
spamass-milter which does exactly that:


Please apply so that a lot of people can thank you for resolving this issue.

Now I only hope that people don't mind that the spam DOES end up in the
archives, but heck, that is not my problem that you are linking to
spamsites from there and advertising their products that way.


and now a couple of nasty comments on the reply:

>> [maybe the "Listmaster of the day" is able to read when other people get
>> involved in this]
> The listmasters are responsible for the lists. Sending mail to
> -project isn't particularly useful, as it's not on topic there. [For
> those on -project; this reply is going there just to see that someone
> has replied; I personally won't respond further, save via
> listmaster@.]

In other words: public comments (debian-project is described as
"Discussions about non-technical issues in the project") are not welcome.

Note that his is not a technical issue, it is a political one and
clearly there are a lot of other issues at hand. I do hope they get
resolved as Debian is such a great distribution to use. The politics
though is really nasty.

Further these comments are of course very helpful:
> We aren't going to close the lists that are currently open in the
> forseeable future. If this is a problem for you, feel free to
> unsubscribe.

Should I read this as "we don't want your help, go away" ?

As you might have noticed, the unsubscribe already happens, fully
automatically, by the list software, because it thinks one is bouncing
because of the spams. (Above patch solves that bit).

>> If you would change that little thing (making the lists
>> post-by-subscribers only) then that spam would not get forwarded by
>> the list because the spammers are not signed up in the first place
> Spammers have already signed up to our lists on multiple occasions.

Then either your mechanisms for protecting against that are really bad
or they did a custom job for it.

> Because we don't know that it's spam at the time we send them out,
> obviously. [And yes, this means that we're sending somewhere around 5%
> spam; we discard well over 99% of it, though, and we're constantly
> improving our setup to discard more and more of it.]

I already pointed this out the previous time I was complaining about
getting unsubscribed. liszt.debian.org seems to run the same setup:
postfix+spamassasin (though I dunno if you are using spamass-milter
there, but you should otherwise); it seems also that my setup does know
how to figure out that it is spam but yours doesn't.

Thus I'll recommend (again) the usage of:
That will really take care of your spam by adding a few more rules that
are really helpful.

>> And having to sign up every once in a while to a Debian list is
>> really annoying because you get kicked off because you are
>> forwarding spam.
> If you don't want to deal with the occasional spam that gets through,
> then feel free to unsubscribe.

It seems this need for people to unsubscribe (and thus not being able to
participate in Debian) is quite a hard tendency. Too many people already
in the project and nothing to do or something? Or didn't get your new
toys for xmas?

I really hope that the Debian community at large is quite a bit more
accepting to people trying to contribute to it. I still have a hope that
it is the case, but sometimes (well a lot of times) I can only see the
politics and not the technical merit anymore.

> Furthemore, the thresholds for
> automatic unsubscription are set fairly high anyway; the warning
> messages we send out are for your information only, as they often
> indicate mail misconfigurations at your end (or rarely, at ours.)

They are not set high enough apparently, otherwise I would not get
unsubscribed. See your archives, then you can easily count the number of
spams and the amount.

The biggest annoyance with the unsubscribes is that you don't even
notice it because you don't get a notification of it (though on the side
of the list, you are supposed to be dead then).

>> Just turn on the subscribe-only bit already, that makes it easy for
>> EVERYONE and solves all these crappy issues you are having.
> It doesn't solve the issues, it doesn't make it easier for everyone,
> nor is it a solution that we're going to employ on the lists that are
> currently open in the foreseeable future.

It DOES solve the issue, unless you have a subscriber who is spamming
you, but you can't do much against custom/targetted spam attacks.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: