Non English Spam
Erik Norgaard
norgaard at locolomo.org
Sun Oct 15 12:23:07 PDT 2006
Ian Smith wrote:
> Ted's talking about the _first_ Received header, see mine below. It's
> the only one you _can_ rely on, assuming your mailserver isn't lying to
> you. Subsequent headers, sure, all can be faked, trust noone .. :)
Filtering on the Received header entries is waste of time: Only the
first line is reliable, inserted by your own mail server, but in that
case you can filter on the connect or HELO, which is much better because
you don't waste bandwidth receiving the entire mail.
I actually had spammers DDOS my connection because I didn't reject the
large bulk part early enough. I temporarily had to block any connection
from China and Korea.
> > Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
> > by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with ESMTP id WAA18000
> > for <smithi at nimnet.asn.au>; Sun, 15 Oct 2006 22:02:19 +1000 (EST)
> > (envelope-from owner-freebsd-questions at freebsd.org)
>
> There's the verified IP address of the connecting peer mailserver, that
> IP's reverse resolution from DNS, and the HELO presented. Any and all
> of which can be analysed, looked up in maps, blacklisted, whitelisted,
> or filtered any way you want, no?
Maybe I didn't make clear how the filtering in Postfix works? Each
header line is unwrapped and then filtered independent of the others.
There is no info as to if that is the first or last Received line.
I can make a rule to reject the mail. And I can make a rule that accept
a given header line, but the remaining header will still be filtered and
possibly rejected.
I can't make a header check for Received cause checks for content-type
to be skipped.
Nor can I make incoming mail from white listed servers skip the header
checks. The two things are independent: The first applies when
establishing the connection: HELO, MAIL FROM, RCPT TO etc. The header
checks are invoked if the initial delivery request was accepted.
Yes, that sucks, but that's how Postfix works.
> > Second: If you know postfix, you also know that header filtering is
> > independent of other checks, even the result of filtering on individual
> > header lines are independent.
>
> Does that mean you can't black/grey/whitelist by connecting mailserver?
No, I'm only referring to the built in header filtering capabilities.
I have postgray too, and I do have freebsd white listed. Postgrey uses
the MAIL FROM and RCPT TO, so it takes effect even before the DATA command.
> > So the ideal you mention is not an option until a complete public list
> > of authorized mail servers is available and all mail relayed through
> > these requires authentication.
>
> That's the 'solution' the mega players appear to be proposing. And who
> then authorises whom to run mailservers? What about, er, us? Shudder.
Anarchy is great, but it assumes that everyone are "good". Evidently
this is not the case - unfortunately.
I'm one of 'us' and honestly, I don't see why it should be OK to set up
a mail server without any possibility of identifying the owner or
responsible, nor do I see this as a big problem:
You either relay mail through your provider's mail server (which
requires you to authenticate) or register your mail server with the
provider. The provider can then add your info to the whois database and
open your connection out.
This should be trivial to implement, but currently there is no legal
requirement or economic benefit for those capable to take action. For
the latter, the problem is that implementing such controls only benefits
everyone else.
> As Ted pointed out, various people often post perfectly intelligible
> messages in English in the various FreeBSD lists, reporting non-Roman
> charsets.
Which was exactly the problem I mentioned to OP - I mean not that
intelligible messages are posted :), but they are encoded in different
character sets.
> I could mention one regular poster (and committer) whose
> messages provide no charset information at all :)
Well, his messages would be accepted since there is no character set to
reject :)
I absolutely would prefer not to reject any mail on the FreeBSD list,
but the effect would be to accept non-FreeBSD mail that is obviously spam.
If you have a solution at hand that would not open the gates to spam,
please do share.
> Have you noticed a lot of non-Roman charset spam on the FreeBSD lists?
No, but as mentioned before: Distinguishing non-Roman charset FreeBSD
mail from non-Roman non-FreeBSD spam is the problem.
> Because it's unnecessary, as well as arbitary, to filter list messages
> by charset alone as an unassociated variable. Sure, it might be a hint
> in the mix to give some points. The FreeBSD lists are mostly incredibly
> spam free, but I doubt that much of that filtering is based on charsets.
As mentioned in my original post, the previous and above: The problem is
that filtering mail by charset while in many cases will reject what can
positively be identified as spam, in certain cases also rejects
legitimate mail sent to this list.
I am not the only one who wish to reject unreadable character sets, OP
was asking exactly that, and I was making the point that this will get
reject legitimate mail to the list.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
More information about the freebsd-questions
mailing list