Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail

[Niels Dettenbach <nd@syndicat.com>]

Am Montag, 11. Mai 2015, 04:26:01 schrieb Robin H. Johnson:
> This was a good early policy, as Gentoo was a much more reliable host than
> email providers a decade ago. This isn't true anymore, with the meteoric
> rise
> and success of gmail.
This is not true at all - but email service "reliability" was and is not a 
primarily question of the hosts OS nor some kjind of basic standard 
configuration of a mailer "package" (or ebuild).


> As past long-standing practice, @Gentoo.org system-level mail handling for
> incoming mail was officially to tag everything, and delete nothing.
This is - for a public internet Mailer / MX - a VERY bad option - at least 
mail not fulfilling basic email standards should be blocked (as usual by the 
very most professional level mail services), because it could be (used) 
abusive by thirds.


> A LOT of developers forward their mail now, to systems that
> refuse/temporarily blacklist the forwarding system because there is a lot
> of spam. Gmail is particularly strict in this regard, throttling mail to
> any recipient from the forwarding source.
Gmail is crap (from my opionion) - at least for really professional email 
users or at least users which need a reliable email service (includes the 
possibility to recieve or send out higher frequent emails or emails from more 
"exotic" sources).

We - as a email provider - recognized the development of the rate limiting 
policy by Google as well and it seems that Google is adapting that limits by 
the amount of mail which is send from google users into that "domains" (as far 
as this is correctly locatable for them, because by specs it is not 
really...). This works OK for source mail servers / domains which still have 
"typical" email users and their regular traffic (or what googles thinks about 
- i.e. what some kind of user deletes without reading or is (i.e. false) 
marking as "spam") going to different recipients at google too, but not very 
well for more specialized email systems (like mailing list weighted mail 
systems / MTAs or systems handling some kind of notifications for a larger 
amount of users / customers - (widely) independent from what type of mail they 
transport and how high the part amount of spam within is). 

For mail ISPs there is a contact where they can "complain" or "discuss" about 
limits with a mail server, but i did not know any case wher any answer was 
coming from them (does not mean that google did not recognizes it).

But if someone decied for google as his primarily email provider - he has to 
live with that policies from google, which might work OK for most peoples and 
their "most peoples traffic".


> Unless there are any major objections, as of May 17th, Infra will start
> dropping mail that scores more than 10.0 points in Spamassassin.
> 
> If that is successful, I propose to drop the score point by 1 point every
> month until it hits a score of 5.0 (so by mid-October, it will be dropping
> mail that scores more than 5.0).
This will work (depending form some of your SA setup details and how far you 
use all of the features, channels and possible extensions / third party 
services - i.e. DCC, Razor, Pyzor, "all" the different update channels, Bayes 
- while disabling DNSBLs and doing that still before in your mailer) until you 
go down 5. 

On 6 you typically will still get a lot of spam through (enough to make users 
work to sort it out regularly) while on 5 you definitely will loose ham - even 
if you still use the "usual" DNS based spam blocking lists (would let do this 
the mailer before SA usually because of performance/ressource reasons).

So typical "working" values are between 5 and 6.

But even then you will get spam, as long if you won't loose any ham "from time 
to time" - installing a filter solution like SA alone is just one part of a 
modern and working anti spam gateway with a zero false positive target policy 
(but might be enough to help your moderators here ß). 

Most important tasks are to set up the MTA/MDA far enough to block email which 
are not fulfilling the specs and/or coming from machines which doesnt it - the 
very most of spam should be catched here usually, but is is a dynamic tasks to 
know and/or find out which parts of the standards are important and which 
less, because there are still many used mail systems out which are not 
configured properly, but have a significant user base.

But there are very good reasons why more and more admins of smaller otherwise 
focussed admins decide to route their email traffic over a gateway mail 
service. Setting up a "just working" email system is a simple job today, but 
running a reliable internet email service on a more professional level is a 
real job which takes time and knowledge in maintaining that service - far over 
the setup details of a SMTP daemon (i.e. a proper DNS setup with PTR, DKIM, 
SPF, abuse contacts and so on) which often are out of scope of a typical 
admin.



hth a bit.
cheerioh,


Niels.



-- 
 ---
 Niels Dettenbach
 Syndicat IT & Internet
 http://www.syndicat.com
 PGP: https://syndicat.com/pub_key.asc
 ---