From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KiWU2-00053g-VE for garchives@archives.gentoo.org; Wed, 24 Sep 2008 15:40:55 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0663DE04F8; Wed, 24 Sep 2008 15:40:54 +0000 (UTC) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by pigeon.gentoo.org (Postfix) with SMTP id 9E364E04F8 for ; Wed, 24 Sep 2008 15:40:53 +0000 (UTC) Received: (qmail invoked by alias); 24 Sep 2008 15:40:51 -0000 Received: from krlh-5d856439.pool.einsundeins.de (EHLO aldous.mblan) [93.133.100.57] by mail.gmx.net (mp019) with SMTP; 24 Sep 2008 17:40:51 +0200 X-Authenticated: #428074 X-Provags-ID: V01U2FsdGVkX1+EImcGfuOEqi/1MaDtmdSMwwPcOFyoEcyFcp+Jw/ giMA15smF7HM6M Received: by aldous.mblan (Postfix, from userid 1000) id F04B614F5B9; Wed, 24 Sep 2008 17:40:50 +0200 (CEST) Date: Wed, 24 Sep 2008 17:40:50 +0200 From: Matthias Bethke To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] SPAM protection by requesting confirmation Message-ID: <20080924154050.GI28730@aldous> References: <000201c91cc6$e3ef8f80$9700000a@dbshzbmemjzd2d> <48D7B8F9.8090009@gentoo.org> <200809221953.59988.bangert@gentoo.org> <20080923192534.GF1757@home.power> <48D96385.2070305@vanalteren.nl> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="adJ1OR3c6QgCpb/j" Content-Disposition: inline In-Reply-To: <48D96385.2070305@vanalteren.nl> User-Agent: Mutt/1.5.16 (2007-06-09) X-Y-GMX-Trusted: 0 X-FuHaFi: 0.59 X-Archives-Salt: 86f1015b-8bdc-4bbc-af52-6692a3195f1c X-Archives-Hash: 1e23b5107a71e847c78f9c981dd3e094 --adJ1OR3c6QgCpb/j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Ramon, on Tue, Sep 23, 2008 at 11:45:41PM +0200, you wrote: > I would recommend not to implement such a tool. >=20 > 1) I wouldn't send you mail anymore if you made me jump through hoops to > confirm that me is actually I. > 2) I personally think it's a stupid way of dealing with the problem > 3) I can't see any way to get them to work with lists I agree that this is not a good solution, however there is a pretty simple rule that would make any such autoresponding tool work with mailing lists: just don't reply to anything with a "Precedence: bulk" header. Of course while that's a failsafe way for out-of-office programs, you'd need to effectively whitelist bulk mails, giving spammers the possibility of bypassing your filter. They're not very likely to do that but it's a small part of why this "solution" is bad. Once in a while we come across a customer with such a system at work (ISP abuse dept.), and it's usually not very nice. Our ticket system sends some notification (like "You've probably been hacked/have a trojan, check this and that"), the autoresponder comes back with "please confirm your mail by doing XY") which a) pisses off the operator because they have to manually check the ticket and b) probably doesn't work anyway because that the ticket system (having an automatically-set subject and stuff like that) can't do it anyway. So the account will likely be locked and we just wait for the customer to call. What you can easily do, in order of personal (well, I don't run my own mail server any more) preference: - block dialup ranges - use IP blacklists like SORBS - use SpamAssassin, possibly with more blacklists like SURBL - check DomainKeys and/or SPF headers for scoring - use greylisting cheers, Matthias --=20 I prefer encrypted and signed messages. KeyID: FAC37665 Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665 --adJ1OR3c6QgCpb/j Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREDAAYFAkjaX4IACgkQSNkXAPrDdmU2XwCggGL38WXx1UqG4qxbPoie0OnH XCAAoKc5UM5O2o6DFUnu3L92szEy22Au =R6qo -----END PGP SIGNATURE----- --adJ1OR3c6QgCpb/j--