From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 02BBC138CCF for ; Mon, 11 May 2015 20:36:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 15547E089F; Mon, 11 May 2015 20:36:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2ED07E0863 for ; Mon, 11 May 2015 20:36:20 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 05362340931 for ; Mon, 11 May 2015 20:36:19 +0000 (UTC) Received: (qmail 5384 invoked by uid 10000); 11 May 2015 20:36:18 -0000 Date: Mon, 11 May 2015 20:36:18 +0000 From: "Robin H. Johnson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail Message-ID: References: <1626925.WQM6IekEy6@gongo> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1626925.WQM6IekEy6@gongo> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: aa1b0b84-b57e-4105-acf8-12a1a952bce2 X-Archives-Hash: b40c7a5eb0e5e868f2f27b85b951af2b On Mon, May 11, 2015 at 12:09:08PM +0200, Niels Dettenbach wrote: > > As past long-standing practice, @Gentoo.org system-level mail handling for > > incoming mail was officially to tag everything, and delete nothing. > This is - for a public internet Mailer / MX - a VERY bad option - at least > mail not fulfilling basic email standards should be blocked (as usual by the > very most professional level mail services), because it could be (used) > abusive by thirds. There are people that still accept mail that violates standards? My above statement is for mail that we ACCEPTED. If it violates standards, it's already denied at SMTP time. smtpd_restriction_classes = restrictive,permissive restrictive = reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_recipient_domain check_sender_mx_access cidr:/etc/postfix/bogus_mx_records check_sender_access pcre:/etc/postfix/sender_access_control.pcre check_sender_access pcre:/etc/postfix/sender_access_control-aliases.pcre check_helo_access pcre:/etc/postfix/helo_checks reject_unverified_sender check_client_access cidr:/etc/postfix/filter.cidr permit permissive = permit > > Unless there are any major objections, as of May 17th, Infra will start > > dropping mail that scores more than 10.0 points in Spamassassin. > > > > If that is successful, I propose to drop the score point by 1 point every > > month until it hits a score of 5.0 (so by mid-October, it will be dropping > > mail that scores more than 5.0). > This will work (depending form some of your SA setup details and how far you > use all of the features, channels and possible extensions / third party > services - i.e. DCC, Razor, Pyzor, "all" the different update channels, Bayes > - while disabling DNSBLs and doing that still before in your mailer) until you > go down 5. See my other response, we've got pretty much all of the things going already. -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85