From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail
Date: Mon, 11 May 2015 20:36:18 +0000 [thread overview]
Message-ID: <robbat2-20150511T202812-158569369Z@orbis-terrarum.net> (raw)
In-Reply-To: <1626925.WQM6IekEy6@gongo>
On Mon, May 11, 2015 at 12:09:08PM +0200, Niels Dettenbach wrote:
> > As past long-standing practice, @Gentoo.org system-level mail handling for
> > incoming mail was officially to tag everything, and delete nothing.
> This is - for a public internet Mailer / MX - a VERY bad option - at least
> mail not fulfilling basic email standards should be blocked (as usual by the
> very most professional level mail services), because it could be (used)
> abusive by thirds.
There are people that still accept mail that violates standards?
My above statement is for mail that we ACCEPTED. If it violates
standards, it's already denied at SMTP time.
smtpd_restriction_classes = restrictive,permissive
restrictive =
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
check_sender_mx_access cidr:/etc/postfix/bogus_mx_records
check_sender_access pcre:/etc/postfix/sender_access_control.pcre
check_sender_access pcre:/etc/postfix/sender_access_control-aliases.pcre
check_helo_access pcre:/etc/postfix/helo_checks
reject_unverified_sender
check_client_access cidr:/etc/postfix/filter.cidr
permit
permissive =
permit
> > Unless there are any major objections, as of May 17th, Infra will start
> > dropping mail that scores more than 10.0 points in Spamassassin.
> >
> > If that is successful, I propose to drop the score point by 1 point every
> > month until it hits a score of 5.0 (so by mid-October, it will be dropping
> > mail that scores more than 5.0).
> This will work (depending form some of your SA setup details and how far you
> use all of the features, channels and possible extensions / third party
> services - i.e. DCC, Razor, Pyzor, "all" the different update channels, Bayes
> - while disabling DNSBLs and doing that still before in your mailer) until you
> go down 5.
See my other response, we've got pretty much all of the things going already.
--
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
next prev parent reply other threads:[~2015-05-11 20:36 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 4:26 [gentoo-dev] Anti-spam changes: proposal to drop spammy mail Robin H. Johnson
2015-05-11 7:29 ` Eray Aslan
2015-05-11 9:15 ` Tobias Klausmann
2015-05-11 19:31 ` Michael Orlitzky
2015-05-11 19:35 ` Kristian Fiskerstrand
2015-05-11 20:01 ` Michael Orlitzky
2015-05-11 20:08 ` Robin H. Johnson
2015-05-11 20:47 ` Michael Orlitzky
2015-05-12 5:19 ` Eray Aslan
2015-05-12 10:26 ` Rich Freeman
2015-05-12 10:39 ` Peter Stuge
2015-05-12 12:56 ` Niels Dettenbach
2015-05-11 9:38 ` Tony Vroon
2015-05-11 10:09 ` Niels Dettenbach
2015-05-11 20:36 ` Robin H. Johnson [this message]
2015-05-12 7:18 ` Niels Dettenbach
2015-05-11 12:39 ` Andrew Savchenko
2015-05-11 12:47 ` Niels Dettenbach
2015-05-11 20:27 ` Robin H. Johnson
2015-05-11 13:27 ` Charles Nérot
2015-05-11 13:37 ` C Bergström
2015-05-11 13:59 ` Rich Freeman
2015-05-11 14:44 ` C Bergström
2015-05-11 14:59 ` Rich Freeman
2015-05-11 15:21 ` C Bergström
2015-05-11 16:17 ` Alexis Ballier
2015-05-11 16:20 ` Ciaran McCreesh
2015-05-11 16:32 ` Alexis Ballier
2015-05-11 16:38 ` Michał Górny
2015-05-11 16:25 ` C Bergström
2015-05-11 16:19 ` Matthew Thode
2015-05-11 16:55 ` Rich Freeman
2015-05-11 17:06 ` C Bergström
2015-05-23 6:18 ` J. Roeleveld
2015-05-23 6:24 ` C Bergström
2015-05-23 11:05 ` Andrew Savchenko
2015-05-23 6:39 ` Niels Dettenbach (Syndicat.com)
2015-05-23 7:54 ` [gentoo-dev] " Duncan
2015-05-23 8:01 ` [gentoo-dev] " James Le Cuirot
2015-05-23 11:16 ` Rich Freeman
2015-05-23 12:32 ` Andrew Savchenko
2015-05-23 13:07 ` Rich Freeman
2015-05-23 13:34 ` Niels Dettenbach (Syndicat.com)
2015-05-23 14:20 ` Rich Freeman
2015-05-23 14:32 ` Niels Dettenbach (Syndicat.com)
2015-05-23 15:36 ` Rich Freeman
2015-05-23 14:23 ` Ciaran McCreesh
2015-05-23 14:29 ` Niels Dettenbach (Syndicat.com)
2015-05-23 16:24 ` Mike Frysinger
2015-05-11 21:10 ` Robin H. Johnson
2015-05-12 8:37 ` [gentoo-dev] Re: [gentoo-project] " Mike Frysinger
2015-05-12 8:58 ` [gentoo-dev] " Amadeusz Żołnowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=robbat2-20150511T202812-158569369Z@orbis-terrarum.net \
--to=robbat2@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox