From: "Charles Nérot" <charles@nerot.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail
Date: Mon, 11 May 2015 15:27:12 +0200 [thread overview]
Message-ID: <5550AE30.4060706@nerot.com> (raw)
In-Reply-To: <robbat2-20150511T030343-086083177Z@orbis-terrarum.net>
Hello,
Lot of thing are done for fighting spam : dnssec, dane, spf, dkim,
dmarc... All of this for "trusting real sender".
Some of them break smtp built in fonctionnality : spf break forwarding [1].
If you beleive in spf (gentoo.org have an spf dns entry) , two ways need
to be looked at :
- fixing real sender with SRS [1].
- stop forwarding mail and do POP (gmail can do it) or IMAP from your
favorite (web)mail client.
Dmarc dns entry with report activated can help you understand why google
blacklist you.
[1] http://www.openspf.org/SRS
Regards,
Charles Nérot
Le 11/05/2015 06:26, Robin H. Johnson a écrit :
> TL;DR: As of May 17, @gentoo.org will drop incoming spammy mail instead of
> delivering it. Speak now or hold your peace.
>
> Hi all,
>
> As past long-standing practice, @Gentoo.org system-level mail handling for
> incoming mail was officially to tag everything, and delete nothing.
>
> All deletion decisions were left to developers, via procmail/sieve/etc.
>
> This was a good early policy, as Gentoo was a much more reliable host than
> email providers a decade ago. This isn't true anymore, with the meteoric rise
> and success of gmail.
>
> A LOT of developers forward their mail now, to systems that refuse/temporarily
> blacklist the forwarding system because there is a lot of spam. Gmail is
> particularly strict in this regard, throttling mail to any recipient from the
> forwarding source.
>
> This is particularly acute, because more than 40% of the outgoing mail goes to
> Google (the 25% of destinations below is heavily represented because the very
> active devs send their mail to google).
>
> This unfortunate combination means that ~40% of mail sits in a backlog for a
> long time, and the active devs that use Gmail don't get their mail in a timely
> fashion.
>
> Unless there are any major objections, as of May 17th, Infra will start
> dropping mail that scores more than 10.0 points in Spamassassin.
>
> If that is successful, I propose to drop the score point by 1 point every month
> until it hits a score of 5.0 (so by mid-October, it will be dropping mail that
> scores more than 5.0).
>
> Stats on how mail is handled:
> -----------------------------
> ~260 active devs
> ~180 .forward files
>
> This breaks down to:
> ~70 procmail users
> ~10 sieve users
> 2 users with both forward and procmail
> 1 maildrop user
> ~100 devs that send mail outside of @gentoo.org (in their .forward)
>
> I didn't analyze the procmail/sieve/maildrop accounts further.
>
> I did break down the other forwarding destinations by domain:
> ~50 devs that forward directly to @gmail or @googlemail addresses
> ~10 devs that have their own domain hosted at gmail/googlemail
> ~40 devs with some other provider.
> 0 devs with yahoo, hotmail or msn domains as destinations :-).
>
> As a result, about 25% of dev mail destinations are actually Google.
>
> Amavis stats:
> -------------
> Here are the amavis summary stats for @gentoo.org incoming mail that was
> scanned for content (this happens before exploding to aliases and multiple
> recipients, so is a lot lower than you might otherwise expect).
>
> "SPAMMY" in this case is >= 5.5.
> 26 May 3 Blocked INFECTED
> 1609 May 3 Passed CLEAN
> 1564 May 3 Passed SPAMMY
> 35 May 4 Blocked INFECTED
> 4129 May 4 Passed CLEAN
> 2304 May 4 Passed SPAMMY
> 2 May 4 Passed UNCHECKED
> 42 May 5 Blocked INFECTED
> 4458 May 5 Passed CLEAN
> 3183 May 5 Passed SPAMMY
> 4 May 5 Passed UNCHECKED
> 43 May 6 Blocked INFECTED
> 10 May 6 Blocked MTA-BLOCKED
> 5027 May 6 Passed CLEAN
> 3443 May 6 Passed SPAMMY
> 47 May 7 Blocked INFECTED
> 2 May 7 Blocked MTA-BLOCKED
> 4657 May 7 Passed CLEAN
> 3119 May 7 Passed SPAMMY
> 2 May 7 Passed UNCHECKED
> 35 May 8 Blocked INFECTED
> 5025 May 8 Passed CLEAN
> 2936 May 8 Passed SPAMMY
> 21 May 9 Blocked INFECTED
> 2497 May 9 Passed CLEAN
> 1765 May 9 Passed SPAMMY
> 16 May 10 Blocked INFECTED
> 2059 May 10 Passed CLEAN
> 2033 May 10 Passed SPAMMY
>
> Score analysis of 1 week of incoming mail to amavis:
> ----------------------------------------------------
> ~51k unique mails were scored, with a rough breakdown as follows:
>
> ~17k < 0.0
> ~13k 0.0 - 5.0
> ~7k 5.0 - 10.0
> ~5k 10.0 - 20.0
> ~5k 20.0 - 30.0
> ~3k > 30.0
>
next prev parent reply other threads:[~2015-05-11 13:27 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 4:26 [gentoo-dev] Anti-spam changes: proposal to drop spammy mail Robin H. Johnson
2015-05-11 7:29 ` Eray Aslan
2015-05-11 9:15 ` Tobias Klausmann
2015-05-11 19:31 ` Michael Orlitzky
2015-05-11 19:35 ` Kristian Fiskerstrand
2015-05-11 20:01 ` Michael Orlitzky
2015-05-11 20:08 ` Robin H. Johnson
2015-05-11 20:47 ` Michael Orlitzky
2015-05-12 5:19 ` Eray Aslan
2015-05-12 10:26 ` Rich Freeman
2015-05-12 10:39 ` Peter Stuge
2015-05-12 12:56 ` Niels Dettenbach
2015-05-11 9:38 ` Tony Vroon
2015-05-11 10:09 ` Niels Dettenbach
2015-05-11 20:36 ` Robin H. Johnson
2015-05-12 7:18 ` Niels Dettenbach
2015-05-11 12:39 ` Andrew Savchenko
2015-05-11 12:47 ` Niels Dettenbach
2015-05-11 20:27 ` Robin H. Johnson
2015-05-11 13:27 ` Charles Nérot [this message]
2015-05-11 13:37 ` C Bergström
2015-05-11 13:59 ` Rich Freeman
2015-05-11 14:44 ` C Bergström
2015-05-11 14:59 ` Rich Freeman
2015-05-11 15:21 ` C Bergström
2015-05-11 16:17 ` Alexis Ballier
2015-05-11 16:20 ` Ciaran McCreesh
2015-05-11 16:32 ` Alexis Ballier
2015-05-11 16:38 ` Michał Górny
2015-05-11 16:25 ` C Bergström
2015-05-11 16:19 ` Matthew Thode
2015-05-11 16:55 ` Rich Freeman
2015-05-11 17:06 ` C Bergström
2015-05-23 6:18 ` J. Roeleveld
2015-05-23 6:24 ` C Bergström
2015-05-23 11:05 ` Andrew Savchenko
2015-05-23 6:39 ` Niels Dettenbach (Syndicat.com)
2015-05-23 7:54 ` [gentoo-dev] " Duncan
2015-05-23 8:01 ` [gentoo-dev] " James Le Cuirot
2015-05-23 11:16 ` Rich Freeman
2015-05-23 12:32 ` Andrew Savchenko
2015-05-23 13:07 ` Rich Freeman
2015-05-23 13:34 ` Niels Dettenbach (Syndicat.com)
2015-05-23 14:20 ` Rich Freeman
2015-05-23 14:32 ` Niels Dettenbach (Syndicat.com)
2015-05-23 15:36 ` Rich Freeman
2015-05-23 14:23 ` Ciaran McCreesh
2015-05-23 14:29 ` Niels Dettenbach (Syndicat.com)
2015-05-23 16:24 ` Mike Frysinger
2015-05-11 21:10 ` Robin H. Johnson
2015-05-12 8:37 ` [gentoo-dev] Re: [gentoo-project] " Mike Frysinger
2015-05-12 8:58 ` [gentoo-dev] " Amadeusz Żołnowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5550AE30.4060706@nerot.com \
--to=charles@nerot.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox