Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail

["Robin H. Johnson" <robbat2@gentoo.org>]

On Mon, May 11, 2015 at 03:31:51PM -0400, Michael Orlitzky wrote:
> On 05/11/2015 03:29 AM, Eray Aslan wrote:
> > On Mon, May 11, 2015 at 04:26:01AM +0000, Robin H. Johnson wrote:
> >> TL;DR: As of May 17, @gentoo.org will drop incoming spammy mail instead of
> >> delivering it. Speak now or hold your peace.
> > 
> > Believe me I understand your pain.  Been there done that.  However,
> > dropping mail is never a good idea.  You are mucking with the
> > dependebility of the email.
> Is there some reason a pre-queue filter (with amavisd-new) wouldn't
> work? Then we could reject the spammy messages (at SMTP time) instead of
> silently dropping them.
By drop, I will clarify that they should ideally be rejected at SMTP
time, not silently dropped.

amavis settings for this in theory are:
$sa_kill_level_deflt = 20.0;
$sa_dsn_cutoff_level = 20.0;
$sa_crediblefrom_dsn_cutoff_level = 20.0;
$final_virus_destiny      = D_REJECT;
$final_banned_destiny     = D_REJECT;
$final_spam_destiny       = D_REJECT; 

(The other choices are D_PASS, D_BOUNCE, D_DISCARD)
D_REJECT is supposed to just reply to the SMTP error.

It's doing that, but it's ALSO sending a NDN, despite amavis settings to
the contrary.

Here's a quick test, with D_REJECT that show the NDN being sent (and rejected
since that address was probably faked).

May 11 20:00:45 woodpecker postfix/smtpd[21896]: E83DF34098C: client=unknown[183.93.114.52]
May 11 20:00:46 woodpecker postfix/cleanup[21836]: E83DF34098C: message-id=<>
May 11 20:00:46 woodpecker postfix/qmgr[21745]: E83DF34098C: from=<mldmh@bjchwa.com>, size=5678, nrcpt=1 (queue active)
May 11 20:00:53 woodpecker amavis[21935]: (21935-01) Blocked SPAM {RejectedInbound}, [183.93.114.52]:4758 [183.93.114.52] <mldmh@bjchwa.com> -> <$DEVNAME@gentoo.org>, Queue-ID: E83DF34098C, mail_id: 6k-hfYzAtEKp, Hits: 26.004, size: 5678, 6812 ms
May 11 20:00:53 woodpecker postfix/bounce[21847]: E83DF34098C: sender non-delivery notification: 7ECE534098D
May 11 20:00:53 woodpecker postfix/cleanup[21754]: 7ECE534098D: message-id=<20150511200053.7ECE534098D@smtp.gentoo.org>
May 11 20:00:53 woodpecker postfix/qmgr[21745]: 7ECE534098D: from=<>, size=7622, nrcpt=1 (queue active)
May 11 20:00:53 woodpecker postfix/qmgr[21745]: E83DF34098C: removed
May 11 20:00:53 woodpecker postfix/smtp[21837]: E83DF34098C: to=<$DEVNAME@gentoo.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=4.8/0/0.01/6.8, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=21935-01 - spam (in reply to end of DATA command))
May 11 20:01:25 woodpecker postfix/qmgr[21745]: 7ECE534098D: removed
May 11 20:01:25 woodpecker postfix/smtp[21773]: 7ECE534098D: to=<mldmh@bjchwa.com>, relay=mxbiz1.qq.com[184.105.206.87]:25, delay=32, delays=0/0/30/1, dsn=5.0.0, status=bounced (host mxbiz1.qq.com[184.105.206.87] said: 550 Mail content denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 (in reply to end of DATA command))

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85