Thread: Can we please refuse mail to the list from list addresses?

From:
Andrew Sullivan
Date:

Hi,

Nobody replied to my previous mail with this question, but spammers are
getting better.

It seems to me we could reject mail that is destined to the list if it's
from the list address.  No?

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Magnus Hagander
Date:

On Mon, 2007-11-26 at 14:57 -0500, Andrew Sullivan wrote:
> Hi,
> 
> Nobody replied to my previous mail with this question, but spammers are
> getting better.
> 
> It seems to me we could reject mail that is destined to the list if it's
> from the list address.  No?

Only Marc can do anything about that.

In general, I'd say the postgresql.org mailservers shouldn't accept any
mail (unauthenticated) that's from an @postgresql.org address. But IIRC
someone was still relaying unauthenticated mail through there the last
time I proposed that :-) 

Not sure if the integration with the hub.org MXen might be causing
issues here - we certainly wouldn't want those to be affected if we
restrict things...

//Magnus


From:
Alvaro Herrera
Date:

Magnus Hagander wrote:

> In general, I'd say the postgresql.org mailservers shouldn't accept any
> mail (unauthenticated) that's from an @postgresql.org address. But IIRC
> someone was still relaying unauthenticated mail through there the last
> time I proposed that :-) 

I'm not sure what you're saying here.  In your enhanced world, if I send
an email from  to a pg list and relay it through
a Command Prompt server, will it bounce?

-- 
Alvaro Herrera                  http://www.amazon.com/gp/registry/5ZYLFMCVHXC
"Now I have my system running, not a byte was off the shelf;
It rarely breaks and when it does I fix the code myself.
It's stable, clean and elegant, and lightning fast as well,
And it doesn't cost a nickel, so Bill Gates can go to hell."


From:
Magnus Hagander
Date:

On Tue, 2007-11-27 at 16:35 -0300, Alvaro Herrera wrote:
> Magnus Hagander wrote:
> 
> > In general, I'd say the postgresql.org mailservers shouldn't accept any
> > mail (unauthenticated) that's from an @postgresql.org address. But IIRC
> > someone was still relaying unauthenticated mail through there the last
> > time I proposed that :-) 
> 
> I'm not sure what you're saying here.  In your enhanced world, if I send
> an email from  to a pg list and relay it through
> a Command Prompt server, will it bounce?

Yes. Unless the commandprompt server is configured to use SMTP AUTH
(which in the case of cmd could be an exception, but it can't be the
rule of course)

And yes, I'm aware that quite a number of people won't like that, but
doing similar things cuts a *lot* of spam at other sites I manage.

Anyway. Cutting mail from the list address to the list address will also
help, and it's certainly a good thing to do if we can't "go all the
way".

//Magnus



From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 20:24:07 +0100
Magnus Hagander <> wrote:

> 
> On Mon, 2007-11-26 at 14:57 -0500, Andrew Sullivan wrote:
> > Hi,
> > 
> > Nobody replied to my previous mail with this question, but spammers
> > are getting better.
> > 
> > It seems to me we could reject mail that is destined to the list if
> > it's from the list address.  No?
> 
> Only Marc can do anything about that.
> 
> In general, I'd say the postgresql.org mailservers shouldn't accept
> any mail (unauthenticated) that's from an @postgresql.org address.
> But IIRC someone was still relaying unauthenticated mail through
> there the last time I proposed that :-) 

Wouldn't that break when I send @postgresql through @commandprompt?

Joshua D. Drake




- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTHJDATb/zqfZUUQRAqCAAJ9y6dX8/fiEwEHDbGjJzN1Xz4SErgCgiOq9
x4jV3+0OMIOZ5kcP0FwrZMY=
=JWzV
-----END PGP SIGNATURE-----

From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 20:24:07 +0100 Magnus Hagander 
<> wrote:

>
> On Mon, 2007-11-26 at 14:57 -0500, Andrew Sullivan wrote:
>> Hi,
>>
>> Nobody replied to my previous mail with this question, but spammers are
>> getting better.
>>
>> It seems to me we could reject mail that is destined to the list if it's
>> from the list address.  No?
>
> Only Marc can do anything about that.
>
> In general, I'd say the postgresql.org mailservers shouldn't accept any
> mail (unauthenticated) that's from an @postgresql.org address. But IIRC
> someone was still relaying unauthenticated mail through there the last
> time I proposed that :-)

I do it all the time ... I send email as , through my own 
mail server here at home ...

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTHNE4QvfyHIvDvMRArydAJoDVBh28WFHnlxzIhArcRpH1C1mbgCcC58r
swN3XKrG2J+5I3WQBLeYD2o=
=v383
-----END PGP SIGNATURE-----



From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 20:38:40 +0100
Magnus Hagander <> wrote:


> > I'm not sure what you're saying here.  In your enhanced world, if I
> > send an email from  to a pg list and relay
> > it through a Command Prompt server, will it bounce?
> 
> Yes. Unless the commandprompt server is configured to use SMTP AUTH
> (which in the case of cmd could be an exception, but it can't be the
> rule of course)

Oh so you are saying that commandprompt.com would actually auth to
@hub.org for that particular case? 

I think this is a seriously bad idea... too many people auth in
different ways. Sometimes I auth through different boxes depending on
the environment etc...

> 
> And yes, I'm aware that quite a number of people won't like that, but
> doing similar things cuts a *lot* of spam at other sites I manage.
>

Well I would prefer to see a trigger that checks the recipient against
known users and aliases. If it doesn't match it is immediately bounced
and we never see it.


Sincerely,

Joshua D. Drake


- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTHRuATb/zqfZUUQRAqZNAKCtlUpLP4wc85Z22hS+zaTB8P0DiwCgpsky
boN2R2wSehRR9rbY/wd2LS4=
=bsju
-----END PGP SIGNATURE-----

From:
Magnus Hagander
Date:

On Tue, 2007-11-27 at 11:47 -0800, Joshua D. Drake wrote:
> > > I'm not sure what you're saying here.  In your enhanced world, if
> I
> > > send an email from  to a pg list and relay
> > > it through a Command Prompt server, will it bounce?
> > 
> > Yes. Unless the commandprompt server is configured to use SMTP AUTH
> > (which in the case of cmd could be an exception, but it can't be the
> > rule of course)
> 
> Oh so you are saying that commandprompt.com would actually auth to
> @hub.org for that particular case? 
> 
> I think this is a seriously bad idea... too many people auth in
> different ways. Sometimes I auth through different boxes depending on
> the environment etc...

Like I said, I'm aware that a lot of people don't like the idea :-)


> > And yes, I'm aware that quite a number of people won't like that, but
> > doing similar things cuts a *lot* of spam at other sites I manage.
> >
> 
> Well I would prefer to see a trigger that checks the recipient against
> known users and aliases. If it doesn't match it is immediately bounced
> and we never see it.

Uh, what? You'd need to check the *sender*, not the recipient? At least
that's where this thread started...
But yeah, that would also work, as long as there is a good way to
maintain that list. Shouldn't be too hard to do, but I'm unsure how it
would interface with the hub.org mail infrastructure. Marc?


That said, I still think we should check the recipient of the email on
all MXes, but that's a completely different thing that has also been
discussed before. (We do check them on the listserver)

//Magnus



From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 11:47:58 -0800 "Joshua D. Drake" 
<> wrote:

> Oh so you are saying that commandprompt.com would actually auth to
> @hub.org for that particular case?

It won't happen, so don't dwell on it too long :)

> Well I would prefer to see a trigger that checks the recipient against
> known users and aliases. If it doesn't match it is immediately bounced
> and we never see it.

You mean start bouncing all posts sent by someone not subscribed??


Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTHZF4QvfyHIvDvMRAnJKAKDboO+LNjAl3/DXC1DEg4NngnOFzQCg1nCL
OURerMZF/EKsfvpzDazYBjc=
=pfYc
-----END PGP SIGNATURE-----



From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 15:55:49 -0400
"Marc G. Fournier" <> wrote:


> > Well I would prefer to see a trigger that checks the recipient
> > against known users and aliases. If it doesn't match it is
> > immediately bounced and we never see it.
> 
> You mean start bouncing all posts sent by someone not subscribed??

In a utopian world :):
* If you are not subscribed it never makes it to the moderator. I
don't think it is unreasonable that if you want to send to -announce
that you will also receive from -announce for example.
* If you send email to an invalid user/alias multiple times within a
particular threshold your ip is banned automatically for 30 days
(something that CMD is working on for their server).
* The ability to forward messages that do get through to "something"
that allows automatic blacklisting so we never see them again.

Sincerely,

Joshua D. Drake




- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTHfyATb/zqfZUUQRAjEgAKCUaL4RDY/TdNUPJAGq0xWtJlWPbQCgghqs
t9bW6+gjssZGfDTjovDsZsQ=
=fo1G
-----END PGP SIGNATURE-----

From:
Alvaro Herrera
Date:

Magnus Hagander wrote:
> 
> On Tue, 2007-11-27 at 16:35 -0300, Alvaro Herrera wrote:
> > Magnus Hagander wrote:
> > 
> > > In general, I'd say the postgresql.org mailservers shouldn't accept any
> > > mail (unauthenticated) that's from an @postgresql.org address. But IIRC
> > > someone was still relaying unauthenticated mail through there the last
> > > time I proposed that :-) 
> > 
> > I'm not sure what you're saying here.  In your enhanced world, if I send
> > an email from  to a pg list and relay it through
> > a Command Prompt server, will it bounce?
> 
> Yes.

Hmm.  I'm trying to figure out if I can configure my MTA to relay mail
delivered by  using a different server than any
other email.

(I think it's rather trivial to do with GUI email clients.  Just set
your "identity" to point to the other SMTP server.)

If that can be made to work, then what we need is to set up SMTP AUTH in
a postgresql.org server.  Is that workable?  (Do we already have SMTP
AUTH somewhere?)

-- 
Alvaro Herrera                 http://www.amazon.com/gp/registry/DXLWNGRJD34J
Syntax error: function hell() needs an argument.
Please choose what hell you want to involve.


From:
Tom Lane
Date:

"Joshua D. Drake" <> writes:
>  * If you are not subscribed it never makes it to the moderator.

I don't think that's acceptable at all --- we'd be pretty much closing
ourselves off from the outside world.  It's particularly not acceptable
for pgsql-bugs.

>  * If you send email to an invalid user/alias multiple times within a
> particular threshold your ip is banned automatically for 30 days

That might be a good idea, though my own experience is that the spambot
hordes are now large enough that they can avoid spamming you very often
from the same IP.
        regards, tom lane


From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 15:30:54 -0500
Tom Lane <> wrote:

> "Joshua D. Drake" <> writes:
> >  * If you are not subscribed it never makes it to the moderator.
> 
> I don't think that's acceptable at all --- we'd be pretty much closing
> ourselves off from the outside world.  It's particularly not
> acceptable for pgsql-bugs.

O.k. then :)... how about a confirmation system. E.g;

I unknown user send bug report
I email system say thank you, a confirmation of your report has been
sent to your email with next steps
If (unknown user responds in kind to confirmation email); THENpost
ELSIF (after 7 days); DELETE

No moderation required.

> 
> >  * If you send email to an invalid user/alias multiple times within
> > a particular threshold your ip is banned automatically for 30 days
> 
> That might be a good idea, though my own experience is that the
> spambot hordes are now large enough that they can avoid spamming you
> very often from the same IP.
> 

25% reduction is 25% reduction :)

Sincerely,

Joshua D. Drake


>             regards, tom lane
> 
> ---------------------------(end of
> broadcast)--------------------------- TIP 2: Don't 'kill -9' the
> postmaster
> 


- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTH9GATb/zqfZUUQRAs/TAKCUKvHyABxI950mlJswsrF6hOLVagCglIYZ
LvkGaOzuoTDzgiEPhStd85g=
=CKdv
-----END PGP SIGNATURE-----

From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 20:55:07 +0100 Magnus Hagander 
<> wrote:

> Uh, what? You'd need to check the *sender*, not the recipient? At least
> that's where this thread started...
> But yeah, that would also work, as long as there is a good way to
> maintain that list. Shouldn't be too hard to do, but I'm unsure how it
> would interface with the hub.org mail infrastructure. Marc?

You've lost me here ... how would wnat interface?  This is all done internal to 
Majordomo2 ... nothing to do with the mail system itself ...

> That said, I still think we should check the recipient of the email on
> all MXes, but that's a completely different thing that has also been
> discussed before. (We do check them on the listserver)

We've been checking recipient on all MXs since it was discussed last time 
*scratch head*  Or am I missing something ... ?

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTINJ4QvfyHIvDvMRAoeiAJ91uifWG6JiBk8ihOgQlkJFVpM+AQCfeRDu
cofTbtivxnUOCOTqTuyvpgg=
=FnR4
-----END PGP SIGNATURE-----



From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 12:02:56 -0800 "Joshua D. Drake" 
<> wrote:

>  * If you are not subscribed it never makes it to the moderator. I
> don't think it is unreasonable that if you want to send to -announce
> that you will also receive from -announce for example.

I won't disagree, but that would break the usenet gateway, I fear ...

>  * If you send email to an invalid user/alias multiple times within a
> particular threshold your ip is banned automatically for 30 days
> (something that CMD is working on for their server).

Hrmmm, now that's an interesting one ... are you implementing it within some 
sort of policy server similar to greylisting, or some other way?

>  * The ability to forward messages that do get through to "something"
> that allows automatic blacklisting so we never see them again.

That one I dislike, only because I could see it somehow being abused :(

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTIPw4QvfyHIvDvMRArh6AJ0Vr16GB/uMEOFf0UZ9+h1R1vNJfQCaA4L1
zy5K9U753WzRL5ea2RDnkcM=
=6DDM
-----END PGP SIGNATURE-----



From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 17:12:43 -0300 Alvaro Herrera 
<-ip.org> wrote:

> If that can be made to work, then what we need is to set up SMTP AUTH in
> a postgresql.org server.  Is that workable?  (Do we already have SMTP
> AUTH somewhere?)

mail.postgresql.org

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTIQV4QvfyHIvDvMRAiE+AJ4hC/tadCHwE1AuZIN1J/6o+vaDhgCcDGGo
MAtUM3K3OeN26u0VdWuoSBg=
=juMx
-----END PGP SIGNATURE-----



From:
Magnus Hagander
Date:

On Tue, 2007-11-27 at 16:51 -0400, Marc G. Fournier wrote:
> > Uh, what? You'd need to check the *sender*, not the recipient? At least
> > that's where this thread started...
> > But yeah, that would also work, as long as there is a good way to
> > maintain that list. Shouldn't be too hard to do, but I'm unsure how it
> > would interface with the hub.org mail infrastructure. Marc?
> 
> You've lost me here ... how would wnat interface?  This is all done internal to 
> Majordomo2 ... nothing to do with the mail system itself ...

Andrew specifically asked if we could have these mails bounced *before*
they reached Majordomo. That's where it started. He only asked for
bouncing email that pretended to be from the list itself, though, which
is a lot less (and easier/safer to do) than what was suggested by both
me and JD. Perhaps Andrews suggestion can be implemented?


> > That said, I still think we should check the recipient of the email on
> > all MXes, but that's a completely different thing that has also been
> > discussed before. (We do check them on the listserver)
> 
> We've been checking recipient on all MXs since it was discussed last time 
> *scratch head*  Or am I missing something ... ?

Oh. I must have missed that information. If we do that now, that's
great! :-)

//Magnus



From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 12:34:14 -0800 "Joshua D. Drake" 
<> wrote:

> I unknown user send bug report
> I email system say thank you, a confirmation of your report has been
> sent to your email with next steps
> If (unknown user responds in kind to confirmation email); THEN
>  post
> ELSIF (after 7 days); DELETE
>
> No moderation required.

Ahhhh, that's a neat one ... really would help the spammers if you could 
automate the response side of things ... :)  There is a reason why spam filters 
tend to need to evolve: spammers are smart enough to program around them :)


- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTITA4QvfyHIvDvMRAox/AJ9HMVU2/d3U0H10BeAwvJCRfSPadACgkKlz
6BR4cUE285lNtmP+/VPkjhA=
=j8ym
-----END PGP SIGNATURE-----



From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 16:54:08 -0400
"Marc G. Fournier" <> wrote:

> 
> >  * If you send email to an invalid user/alias multiple times within
> > a particular threshold your ip is banned automatically for 30 days
> > (something that CMD is working on for their server).
> 
> Hrmmm, now that's an interesting one ... are you implementing it
> within some sort of policy server similar to greylisting, or some
> other way?

Right now I am considering filtering it via the syslog and then using
iptables but it could be done any number of ways, including just adding
a reject map.

> 
> >  * The ability to forward messages that do get through to
> > "something" that allows automatic blacklisting so we never see them
> > again.
> 
> That one I dislike, only because I could see it somehow being
> abused :(
> 

Yeah I knew that was going to come up but I think we need to be able to
trust our moderators, else why are they moderators? Besides we could
have an audit trail just in case.

Sincerely,

Joshua D. Drake

- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTIdTATb/zqfZUUQRAifHAJ9ebgN0IChVN/qvb3mNJYsQIaRZqgCfYaCt
QqdYn5o5FmJNNpUbxkLF6eE=
=/xCn
-----END PGP SIGNATURE-----

From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 21:57:06 +0100 Magnus Hagander 
<> wrote:

>
> On Tue, 2007-11-27 at 16:51 -0400, Marc G. Fournier wrote:
>> > Uh, what? You'd need to check the *sender*, not the recipient? At least
>> > that's where this thread started...
>> > But yeah, that would also work, as long as there is a good way to
>> > maintain that list. Shouldn't be too hard to do, but I'm unsure how it
>> > would interface with the hub.org mail infrastructure. Marc?
>>
>> You've lost me here ... how would wnat interface?  This is all done internal
>> to  Majordomo2 ... nothing to do with the mail system itself ...
>
> Andrew specifically asked if we could have these mails bounced *before*
> they reached Majordomo. That's where it started. He only asked for
> bouncing email that pretended to be from the list itself, though, which
> is a lot less (and easier/safer to do) than what was suggested by both
> me and JD. Perhaps Andrews suggestion can be implemented?

Actually, I think Andrew was specifically look at not getting this in the 
moderator queue, which is somethign that Majordomo2 can be configured to do ... 
we'd just need to add something like:

post
reject
/$LIST/i

to access_rules ... which would reject any messages coming from the list its 
being sent to ... we'd have to do something a bit more involved if we wanted to 
reject from any list, ie something like:

post
reject
//i OR //i

and Andrew will never see those posts ...

> Oh. I must have missed that information. If we do that now, that's
> great! :-)

*scratch head* weren't you the one that had asked for it? :)


- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTIdg4QvfyHIvDvMRAkFyAKDHtzOqk6QVga0XPGI1te3LDFqvOwCg5/q+
uBRJRaEOPdTXJMh+nJn5fyo=
=h2wz
-----END PGP SIGNATURE-----



From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 13:08:33 -0800 "Joshua D. Drake" 
<> wrote:

> Yeah I knew that was going to come up but I think we need to be able to
> trust our moderators, else why are they moderators? Besides we could
> have an audit trail just in case.

If someone had a desire to dive into some perl programming, Majordomo2 could be 
extended to allow for a 'BLACKLIST' option for admins, that would add to a 
list:blacklist sublist that could be used for this purpose ... anyone feel like 
writing some perl? :)


- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTIfa4QvfyHIvDvMRAjheAKCAo1+CI6HvgpH7IfF2TTCuIEZhyQCffZsk
Z5ik5Ch3JZyf37hc5WgU/Rk=
=ohdZ
-----END PGP SIGNATURE-----



From:
Magnus Hagander
Date:

On Tue, 2007-11-27 at 17:08 -0400, Marc G. Fournier wrote:
> > On Tue, 2007-11-27 at 16:51 -0400, Marc G. Fournier wrote:
> >> > Uh, what? You'd need to check the *sender*, not the recipient? At least
> >> > that's where this thread started...
> >> > But yeah, that would also work, as long as there is a good way to
> >> > maintain that list. Shouldn't be too hard to do, but I'm unsure how it
> >> > would interface with the hub.org mail infrastructure. Marc?
> >>
> >> You've lost me here ... how would wnat interface?  This is all done internal
> >> to  Majordomo2 ... nothing to do with the mail system itself ...
> >
> > Andrew specifically asked if we could have these mails bounced *before*
> > they reached Majordomo. That's where it started. He only asked for
> > bouncing email that pretended to be from the list itself, though, which
> > is a lot less (and easier/safer to do) than what was suggested by both
> > me and JD. Perhaps Andrews suggestion can be implemented?
> 
> Actually, I think Andrew was specifically look at not getting this in the 
> moderator queue, which is somethign that Majordomo2 can be configured to do ... 

Right, I don't think he cares how it's done, as long as he doesn't see
it :-)

> we'd just need to add something like:
> 
> post
> reject
> /$LIST/i
> 
> to access_rules ... which would reject any messages coming from the list its 
> being sent to ... we'd have to do something a bit more involved if we wanted to 
> reject from any list, ie something like:
> 
> post
> reject
> //i OR //i
> 
> and Andrew will never see those posts ...

Sounds like a good thing to do. I don't see anyway that it'd break any
legitimate mail.


> > Oh. I must have missed that information. If we do that now, that's
> > great! :-)
> 
> *scratch head* weren't you the one that had asked for it? :)

Yup, I was. It was still on my list of things I didn't think were
fixed :-)

//Magnus


From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 17:08:48 -0400
"Marc G. Fournier" <> wrote:
> to access_rules ... which would reject any messages coming from the
> list its being sent to ... we'd have to do something a bit more
> involved if we wanted to reject from any list, ie something like:
> 
> post
> reject
> //i OR //i
> 
> and Andrew will never see those posts ...
> 
> > Oh. I must have missed that information. If we do that now, that's
> > great! :-)
> 
> *scratch head* weren't you the one that had asked for it? :)

Actually yes I think he was ;)

Joshua D. Drake


- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTI4zATb/zqfZUUQRAnvtAKCrWrKHqpM5CPYGf6GTzCsewAg+vwCeIkdI
2xVQTLW7DEt7eHYXRnU9bZ0=
=9wO3
-----END PGP SIGNATURE-----

From:
Josh Berkus
Date:

Magnus,

> Yes. Unless the commandprompt server is configured to use SMTP AUTH
> (which in the case of cmd could be an exception, but it can't be the
> rule of course)

How can you tell if a server uses SMTP AUTH?  I relay my mail through 
authsmtp.com when I'm on the road.

-- 
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco


From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Tuesday, November 27, 2007 14:45:24 -0800 Josh Berkus <> 
wrote:

> Magnus,
>
>> Yes. Unless the commandprompt server is configured to use SMTP AUTH
>> (which in the case of cmd could be an exception, but it can't be the
>> rule of course)
>
> How can you tell if a server uses SMTP AUTH?  I relay my mail through
> authsmtp.com when I'm on the road.

Magnus' desire is taht all @postgresql.org would have to go *through* 
mail.postgresql.org, not through some third party smtp server, whether it is my 
desktop here, or authsmtp.com ...

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTKKF4QvfyHIvDvMRApLsAKDKT87hBpZsGzAwbgGK8JQn+wmQ6QCgw/Au
2kAy4RIR5BdfO3YKkwWhaKk=
=APpn
-----END PGP SIGNATURE-----



From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 27 Nov 2007 19:04:37 -0400
"Marc G. Fournier" <> wrote:

> >> Yes. Unless the commandprompt server is configured to use SMTP AUTH
> >> (which in the case of cmd could be an exception, but it can't be
> >> the rule of course)
> >
> > How can you tell if a server uses SMTP AUTH?  I relay my mail
> > through authsmtp.com when I'm on the road.
> 
> Magnus' desire is taht all @postgresql.org would have to go *through* 
> mail.postgresql.org, not through some third party smtp server,
> whether it is my desktop here, or authsmtp.com ...

Which I directly, loudly, pointedly and explicitly state:

- -1

Joshua D. Drake

:P




- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTKSAATb/zqfZUUQRAktPAJ9vrPMqnVGXnZh6KrIrF5vIqghlIQCcDl+K
XZtRiDD8kk8GLRJJjVyW418=
=XLhX
-----END PGP SIGNATURE-----

From:
Josh Berkus
Date:

Marc,

> Magnus' desire is taht all @postgresql.org would have to go *through*
> mail.postgresql.org, not through some third party smtp server, whether
> it is my desktop here, or authsmtp.com ...

Not practical.  When I'm on the road (about 150 days a year) hotels and 
cafe wireless often block port 25 and 143.  So I absolutely have to use a 
relay or I can't send mail at all.  Also, I don't know how many of the 
regional contacts might have MUAs or local networks which don't support 
direct SMTP.

-- 
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco


From:
Magnus Hagander
Date:

On Tue, Nov 27, 2007 at 03:33:33PM -0800, Josh Berkus wrote:
> Marc,
> 
> > Magnus' desire is taht all @postgresql.org would have to go *through*
> > mail.postgresql.org, not through some third party smtp server, whether
> > it is my desktop here, or authsmtp.com ...
> 
> Not practical.  When I'm on the road (about 150 days a year) hotels and 
> cafe wireless often block port 25 and 143.  So I absolutely have to use a 
> relay or I can't send mail at all.  Also, I don't know how many of the 
> regional contacts might have MUAs or local networks which don't support 
> direct SMTP.

Again, I know this. Though you'd certainly not use port 25 for it, you'd
use 587 (smtp submission). I use it all the time with other domains, never
had a problem.

But again, I know this won't happen. I'm just saying it would drastically
cut spam... (I know blocking that at other domains have dropped spam with
around 60-70% *before* it hits the traditional antispam)

//Magnus


From:
Dave Page
Date:

Joshua D. Drake wrote:
> On Tue, 27 Nov 2007 19:04:37 -0400
> "Marc G. Fournier" <> wrote:
> 
>>>> Yes. Unless the commandprompt server is configured to use SMTP AUTH
>>>> (which in the case of cmd could be an exception, but it can't be
>>>> the rule of course)
>>> How can you tell if a server uses SMTP AUTH?  I relay my mail
>>> through authsmtp.com when I'm on the road.
>> Magnus' desire is taht all @postgresql.org would have to go *through* 
>> mail.postgresql.org, not through some third party smtp server,
>> whether it is my desktop here, or authsmtp.com ...
> 
> Which I directly, loudly, pointedly and explicitly state:
> 
> -1

Same here. For once I strongly disagree with Magnus and whole heartedly
agree with JD :-)

/D


From:
Devrim GÜNDÜZ
Date:

Hi,


On Wed, 2007-11-28 at 08:43 +0000, Dave Page wrote:
> Same here. For once I strongly disagree with Magnus and whole
> heartedly agree with JD :-)

The earth will collapse soon :-P

Cheers,
--
Devrim GÜNDÜZ , RHCE
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: plPHP, ODBCng - http://www.commandprompt.com/

From:
Andrew Sullivan
Date:

On Tue, Nov 27, 2007 at 08:38:40PM +0100, Magnus Hagander wrote:
> 
> Yes. Unless the commandprompt server is configured to use SMTP AUTH
> (which in the case of cmd could be an exception, but it can't be the
> rule of course)

Why can't it be the rule?  It _oughta_ be the rule.  It's been an IETF
recommendation for some time now never to accept relay mail from MUAs on
port SMTP.

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Magnus Hagander
Date:

On Wed, Nov 28, 2007 at 10:22:12AM -0500, Andrew Sullivan wrote:
> On Tue, Nov 27, 2007 at 08:38:40PM +0100, Magnus Hagander wrote:
> > 
> > Yes. Unless the commandprompt server is configured to use SMTP AUTH
> > (which in the case of cmd could be an exception, but it can't be the
> > rule of course)
> 
> Why can't it be the rule?  It _oughta_ be the rule.  It's been an IETF
> recommendation for some time now never to accept relay mail from MUAs on
> port SMTP.

Oh, I wish it could be ;-) But read back int he archives for the screaming
protests from others :-)

//Magnus


From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Wednesday, November 28, 2007 10:22:12 -0500 Andrew Sullivan 
<> wrote:

> On Tue, Nov 27, 2007 at 08:38:40PM +0100, Magnus Hagander wrote:
>>
>> Yes. Unless the commandprompt server is configured to use SMTP AUTH
>> (which in the case of cmd could be an exception, but it can't be the
>> rule of course)
>
> Why can't it be the rule?  It _oughta_ be the rule.  It's been an IETF
> recommendation for some time now never to accept relay mail from MUAs on
> port SMTP.

Wait, I think we're talking two different things here ... at least, I hope JD 
is ... SMTP AUTH is required to send email *through* any of our servers, except 
MX ... but, what Magnus was proposing would have required CMD to setup their 
MTA to do an SMTP AUTH to postgresql.org's MTA to send @postgresql.org ...

ie. if  sent out email, it would deliver to his local MTA, 
with his local MTA connecting to postgresql.org MTA, who would then deliver it 
out to the world ...

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTbvQ4QvfyHIvDvMRAkBAAKCEH4lsO3uwrROPbiivIS82xTS+NgCgk8TQ
Z/HEFp8K8q+2BJn90eKqSgk=
=r3pg
-----END PGP SIGNATURE-----



From:
Andrew Sullivan
Date:

On Tue, Nov 27, 2007 at 03:33:33PM -0800, Josh Berkus wrote:
> 
> Not practical.  When I'm on the road (about 150 days a year) hotels and 
> cafe wireless often block port 25 and 143.  So I absolutely have to use a 

But they're mostly not blocking port 587, which is where mail is supposed to
be submitted to.  And if they _are_ blocking it, then they need to be hit
with a cluestick.

> direct SMTP.

Nobody should be using "direct SMTP" as such in this day and age.  That's
what the submission port is for.

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Andrew Sullivan
Date:

On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> Oh, I wish it could be ;-) But read back int he archives for the screaming
> protests from others :-)

So we've just given up on following BCPs now?  

ftp://ftp.rfc-editor.org/in-notes/rfc5068.txt

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Andrew Sullivan
Date:

On Wed, Nov 28, 2007 at 03:04:48PM -0400, Marc G. Fournier wrote:
> Wait, I think we're talking two different things here ... at least, I hope JD 
> is ... SMTP AUTH is required to send email *through* any of our servers, except 

Aha.

> MX ... but, what Magnus was proposing would have required CMD to setup their 
> MTA to do an SMTP AUTH to postgresql.org's MTA to send @postgresql.org ...

Well, this is possible, but it does make the mail server admin rather more
troublesome.

> 
> ie. if  sent out email, it would deliver to his local MTA, 
> with his local MTA connecting to postgresql.org MTA, who would then deliver it 
> out to the world ...

Right.  In the anti-spam world these days, very few people are doing reverse
matching (that is, very few people compare the reverse lookup of the From:
address to the domain of the MTA whence the mail is coming).  It'll be
interesting to see what happens as SPF or DKIM -- the two loaded foot-guns
of the mail world -- take off, because then signing practices will start to
be important, and I suspect we'll find that mail not signed with the right
keys will all be classed as spam anyway.  So then you'll _have_ to use the
domain's own mail servers, or things won't be signed correctly (because I
assume that we're not going to be sharing the server's private keys widely
:-)  

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Alvaro Herrera
Date:

Andrew Sullivan wrote:
> On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> > Oh, I wish it could be ;-) But read back int he archives for the screaming
> > protests from others :-)
> 
> So we've just given up on following BCPs now?  
> 
> ftp://ftp.rfc-editor.org/in-notes/rfc5068.txt

Hmm.  Suppose I'm using the mutt MUA, and I have a Postfix instance
running in my local machine.  So mutt does submission to Postfix
locally, and Postfix delivers to the MTA that my company has set up for
me.

What port should my local Postfix use to deliver to my company's email
server?


With Magnus proposal to ban email from @postgresql.org addresses that
wasn't delivered through mail.postgresql.org, I would not be allowed to
use my local Postfix server.  Instead I would have to configure mutt to
deliver through mail.postgresql.org whenever I'm using my
 identity.  This would be a pain whenever the
network was down, for example.

Am I misunderstanding something?

-- 
Alvaro Herrera                               http://www.PlanetPostgreSQL.org/
"La persona que no quería pecar / estaba obligada a sentarseen duras y empinadas sillas    / desprovistas, por ciertode
blandosatenuantes"                          (Patricio Vogel)
 


From:
Magnus Hagander
Date:

On Thu, Nov 29, 2007 at 07:19:44AM -0500, Andrew Sullivan wrote:
> On Wed, Nov 28, 2007 at 03:04:48PM -0400, Marc G. Fournier wrote:
> > ie. if  sent out email, it would deliver to his local MTA, 
> > with his local MTA connecting to postgresql.org MTA, who would then deliver it 
> > out to the world ...
> 
> Right.  In the anti-spam world these days, very few people are doing reverse
> matching (that is, very few people compare the reverse lookup of the From:
> address to the domain of the MTA whence the mail is coming).  It'll be
> interesting to see what happens as SPF or DKIM -- the two loaded foot-guns
> of the mail world -- take off, because then signing practices will start to
> be important, and I suspect we'll find that mail not signed with the right
> keys will all be classed as spam anyway.  So then you'll _have_ to use the
> domain's own mail servers, or things won't be signed correctly (because I
> assume that we're not going to be sharing the server's private keys widely
> :-)  

Yeah. I still don't see why you shouldn't be using the mailservers
belonging to the domain you're sending from.. ;-) 

(Yes, I realise there's a bunch of people out there who don't want to, so
there's no need to re-iterate the fact that you don't)


//Magnus


From:
Magnus Hagander
Date:

On Thu, Nov 29, 2007 at 07:14:18AM -0500, Andrew Sullivan wrote:
> On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> > Oh, I wish it could be ;-) But read back int he archives for the screaming
> > protests from others :-)
> 
> So we've just given up on following BCPs now?  

Yes.

//Magnus


From:
Magnus Hagander
Date:

On Thu, Nov 29, 2007 at 09:25:48AM -0300, Alvaro Herrera wrote:
> Andrew Sullivan wrote:
> > On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> > > Oh, I wish it could be ;-) But read back int he archives for the screaming
> > > protests from others :-)
> > 
> > So we've just given up on following BCPs now?  
> > 
> > ftp://ftp.rfc-editor.org/in-notes/rfc5068.txt
> 
> Hmm.  Suppose I'm using the mutt MUA, and I have a Postfix instance
> running in my local machine.  So mutt does submission to Postfix
> locally, and Postfix delivers to the MTA that my company has set up for
> me.
> 
> What port should my local Postfix use to deliver to my company's email
> server?
> 
> 
> With Magnus proposal to ban email from @postgresql.org addresses that
> wasn't delivered through mail.postgresql.org, I would not be allowed to
> use my local Postfix server.  Instead I would have to configure mutt to
> deliver through mail.postgresql.org whenever I'm using my
>  identity.  This would be a pain whenever the
> network was down, for example.
> 
> Am I misunderstanding something?

You'd configure your postfix to deliver your @postgresql.org mail using
smtp submission with smtp auth through the postgresql.org servers, and the
other ones through whatever the manager for that domain requests.

So you'd still be using your local postfix server, and not be affected by a
network-is-down anymore than you are now.

//Magnus


From:
Alexey Klyukin
Date:

Alvaro Herrera wrote:
> Andrew Sullivan wrote:
> > On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> > > Oh, I wish it could be ;-) But read back int he archives for the screaming
> > > protests from others :-)
> > 
> > So we've just given up on following BCPs now?  
> > 
> > ftp://ftp.rfc-editor.org/in-notes/rfc5068.txt
> 
> Hmm.  Suppose I'm using the mutt MUA, and I have a Postfix instance
> running in my local machine.  So mutt does submission to Postfix
> locally, and Postfix delivers to the MTA that my company has set up for
> me.
> 
> What port should my local Postfix use to deliver to my company's email
> server?

Depends on the settings at the company mailserver, 25 is the most common
choice if SSL is not used.

> 
> 
> With Magnus proposal to ban email from @postgresql.org addresses that
> wasn't delivered through mail.postgresql.org, I would not be allowed to
> use my local Postfix server.  Instead I would have to configure mutt to
> deliver through mail.postgresql.org whenever I'm using my
>  identity.  This would be a pain whenever the
> network was down, for example.
> 
> Am I misunderstanding something?

Well, I think you would have to setup your postfix to deliver emails
from @postgresql.org via mail.postgresql.org instead of your current
SMTP server. Of course you would have to set SMTP authentication from
your local postfix to mail.postgresql.org if it is required by the
latter.

> 
> -- 
> Alvaro Herrera                               http://www.PlanetPostgreSQL.org/
> "La persona que no quería pecar / estaba obligada a sentarse
>  en duras y empinadas sillas    / desprovistas, por cierto
>  de blandos atenuantes"                          (Patricio Vogel)
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings

-- 
Alexey Klyukin                         http://www.commandprompt.com/
The PostgreSQL Company - Command Prompt, Inc.


From:
Alvaro Herrera
Date:

Magnus Hagander wrote:
> On Thu, Nov 29, 2007 at 07:14:18AM -0500, Andrew Sullivan wrote:
> > On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> > > Oh, I wish it could be ;-) But read back int he archives for the screaming
> > > protests from others :-)
> > 
> > So we've just given up on following BCPs now?  
> 
> Yes.

Huh, this one is from Nov. 2007.

-- 
Alvaro Herrera                          Developer, http://www.PostgreSQL.org/
"La soledad es compañía"


From:
Magnus Hagander
Date:

On Thu, Nov 29, 2007 at 09:45:16AM -0300, Alvaro Herrera wrote:
> Magnus Hagander wrote:
> > On Thu, Nov 29, 2007 at 07:14:18AM -0500, Andrew Sullivan wrote:
> > > On Wed, Nov 28, 2007 at 04:55:00PM +0100, Magnus Hagander wrote:
> > > > Oh, I wish it could be ;-) But read back int he archives for the screaming
> > > > protests from others :-)
> > > 
> > > So we've just given up on following BCPs now?  
> > 
> > Yes.
> 
> Huh, this one is from Nov. 2007.

That one may be, but it's not like it's a *new* concept that you shouldn't
have end-users connecting and sending email on port 25...

//Magnus


From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Thursday, November 29, 2007 13:53:06 +0100 Magnus Hagander 
<> wrote:

> That one may be, but it's not like it's a *new* concept that you shouldn't
> have end-users connecting and sending email on port 25...

Is anyone arguing that?  I always connect / send on port 25 ...

Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTrdk4QvfyHIvDvMRAiVnAKC8wUNW+NNT3p/LhikatdhAGj22nQCgsG9e
dg6GW6cshCWxl0ZPzGC9N0Q=
=120q
-----END PGP SIGNATURE-----



From:
Alvaro Herrera
Date:

Marc G. Fournier wrote:

> - --On Thursday, November 29, 2007 13:53:06 +0100 Magnus Hagander 
> <> wrote:
> 
> > That one may be, but it's not like it's a *new* concept that you shouldn't
> > have end-users connecting and sending email on port 25...
> 
> Is anyone arguing that?  I always connect / send on port 25 ...

The IETF is.  What they are saying is that you are helping the spammers
by not using 587.

-- 
Alvaro Herrera                 http://www.amazon.com/gp/registry/CTMLCN8V17R4
"That sort of implies that there are Emacs keystrokes which aren't obscure.
I've been using it daily for 2 years now and have yet to discover any key
sequence which makes any sense."                        (Paul Thomas)


From:
"Joshua D. Drake"
Date:

Andrew Sullivan wrote:
> On Tue, Nov 27, 2007 at 03:33:33PM -0800, Josh Berkus wrote:
>> Not practical.  When I'm on the road (about 150 days a year) hotels and 
>> cafe wireless often block port 25 and 143.  So I absolutely have to use a 
> 
> But they're mostly not blocking port 587, which is where mail is supposed to
> be submitted to.  And if they _are_ blocking it, then they need to be hit
> with a cluestick.

Your point? Most companies need to be hit with a cluestick, that doesn't 
mean they don't do it. There is a very large free wifi provider near me 
that actually blocks anything that doesn't have www. E.g; they don't 
block ports, they blocks names!


> 
>> direct SMTP.
> 
> Nobody should be using "direct SMTP" as such in this day and age.  That's
> what the submission port is for.
> 

That may be correct but it certainly isn't reality.

Joshua D. Drake

> A
> 



From:
"Joshua D. Drake"
Date:

Magnus Hagander wrote:
> On Thu, Nov 29, 2007 at 07:19:44AM -0500, Andrew Sullivan wrote:
>> On Wed, Nov 28, 2007 at 03:04:48PM -0400, Marc G. Fournier wrote:
>>> ie. if  sent out email, it would deliver to his local MTA, 
>>> with his local MTA connecting to postgresql.org MTA, who would then deliver it 
>>> out to the world ...
>> Right.  In the anti-spam world these days, very few people are doing reverse
>> matching (that is, very few people compare the reverse lookup of the From:
>> address to the domain of the MTA whence the mail is coming).  It'll be
>> interesting to see what happens as SPF or DKIM -- the two loaded foot-guns
>> of the mail world -- take off, because then signing practices will start to
>> be important, and I suspect we'll find that mail not signed with the right
>> keys will all be classed as spam anyway.  So then you'll _have_ to use the
>> domain's own mail servers, or things won't be signed correctly (because I
>> assume that we're not going to be sharing the server's private keys widely
>> :-)  
> 
> Yeah. I still don't see why you shouldn't be using the mailservers
> belonging to the domain you're sending from.. ;-) 

That's silly. Do you have any idea how many mailservers I would have to 
have configured? If I auth to my main smtp... my email should be 
accepted, period.

Sincerely,

Joshua D. Drake



From:
"Joshua D. Drake"
Date:

Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> - --On Thursday, November 29, 2007 13:53:06 +0100 Magnus Hagander 
> <> wrote:
> 
>> That one may be, but it's not like it's a *new* concept that you shouldn't
>> have end-users connecting and sending email on port 25...
> 
> Is anyone arguing that?  I always connect / send on port 25 ...

As do I. I have a couple of canucks that use port 2525 (or 250, I can't 
recall) to get around the stupid cable provider restriction but other 
than that we are all 25.

Joshua D. Drake


From:
"Joshua D. Drake"
Date:

Alvaro Herrera wrote:
> Marc G. Fournier wrote:
> 
>> - --On Thursday, November 29, 2007 13:53:06 +0100 Magnus Hagander 
>> <> wrote:
>>
>>> That one may be, but it's not like it's a *new* concept that you shouldn't
>>> have end-users connecting and sending email on port 25...
>> Is anyone arguing that?  I always connect / send on port 25 ...
> 
> The IETF is.  What they are saying is that you are helping the spammers
> by not using 587.
> 

O.k. what I don't understand is, "how" are we helping spammers? It isn't 
like we allow relaying without auth.

Joshua D. Drake


From:
Magnus Hagander
Date:

On Thu, Nov 29, 2007 at 07:57:32AM -0800, Joshua D. Drake wrote:
> Magnus Hagander wrote:
> >On Thu, Nov 29, 2007 at 07:19:44AM -0500, Andrew Sullivan wrote:
> >>On Wed, Nov 28, 2007 at 03:04:48PM -0400, Marc G. Fournier wrote:
> >>>ie. if  sent out email, it would deliver to his 
> >>>local MTA, with his local MTA connecting to postgresql.org MTA, who 
> >>>would then deliver it out to the world ...
> >>Right.  In the anti-spam world these days, very few people are doing 
> >>reverse
> >>matching (that is, very few people compare the reverse lookup of the From:
> >>address to the domain of the MTA whence the mail is coming).  It'll be
> >>interesting to see what happens as SPF or DKIM -- the two loaded foot-guns
> >>of the mail world -- take off, because then signing practices will start 
> >>to
> >>be important, and I suspect we'll find that mail not signed with the right
> >>keys will all be classed as spam anyway.  So then you'll _have_ to use the
> >>domain's own mail servers, or things won't be signed correctly (because I
> >>assume that we're not going to be sharing the server's private keys widely
> >>:-)  
> >
> >Yeah. I still don't see why you shouldn't be using the mailservers
> >belonging to the domain you're sending from.. ;-) 
> 
> That's silly. Do you have any idea how many mailservers I would have to 
> have configured? If I auth to my main smtp... my email should be 
> accepted, period.

As long as you send from your main address, yes.

(BTW, you only need to configure one mailserver. As long as *you* are sure
with it, that server would be configured to relay messages that it knew
were authenticated using smtp-auth to another server. It's not even
hard to do....)

//Magnus


From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Thursday, November 29, 2007 07:59:56 -0800 "Joshua D. Drake" 
<> wrote:

> Alvaro Herrera wrote:
>> Marc G. Fournier wrote:
>>
>>> - --On Thursday, November 29, 2007 13:53:06 +0100 Magnus Hagander
>>> <> wrote:
>>>
>>>> That one may be, but it's not like it's a *new* concept that you shouldn't
>>>> have end-users connecting and sending email on port 25...
>>> Is anyone arguing that?  I always connect / send on port 25 ...
>>
>> The IETF is.  What they are saying is that you are helping the spammers
>> by not using 587.
>>
>
> O.k. what I don't understand is, "how" are we helping spammers? It isn't like
> we allow relaying without auth.

And is there a reason to assume spammers are that stupid as to not switch to 
using 587 if that does become some sort of standard?

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTvAX4QvfyHIvDvMRAmhtAJ97bBsqCO6MlZgsh0qFg8pqlDA75QCfeXKA
oeVm3oeg1PSnPrcAO+c0vkc=
=NwIm
-----END PGP SIGNATURE-----



From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Thursday, November 29, 2007 17:24:46 +0100 Magnus Hagander 
<> wrote:

> (BTW, you only need to configure one mailserver. As long as *you* are sure
> with it, that server would be configured to relay messages that it knew
> were authenticated using smtp-auth to another server. It's not even
> hard to do....)

'k, now you've lost me ... isn't that what JD and I (and JoshB) are doing now 
as it is?  AUTHng to our local server and letting that relay to another server?

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTvBn4QvfyHIvDvMRAl6gAJ9bJKcTQEs+vhPseZUSnFz2z+rk+wCgoy36
Xo1qsW8g86eZhJAhMEzCer8=
=qiiT
-----END PGP SIGNATURE-----



From:
Andrew Sullivan
Date:

On Thu, Nov 29, 2007 at 07:55:23AM -0800, Joshua D. Drake wrote:
> Your point? Most companies need to be hit with a cluestick, that doesn't 
> mean they don't do it. There is a very large free wifi provider near me 
> that actually blocks anything that doesn't have www. E.g; they don't 
> block ports, they blocks names!

The only way that will ever improve is if (1) people point out why what
they're doing is stupid and (2) people who are willing to pay for real ISP
service stop using them.  The IETF has, for instance, been using Hiltons a
lot recently, and as a result the general brain-deadedness of their in-room
ISP service has been going down.  It costs real money to hire non-stupid
DBAs; why would we assume that the cheapest ISP knows what it's doing?

> >Nobody should be using "direct SMTP" as such in this day and age.  That's
> >what the submission port is for.
> 
> That may be correct but it certainly isn't reality.

Everyone who continues to insist that this "reality" must continue is a
willing contributor to the spambot world.  There is a well-defined, clear
facility for you to show that your mail is legit.  If you are unwilling to
use it, you are just contributing to the problem.  That said, I agree with
you.  (The publication of the recent BCP may be enough to get my own ISP to
fix their stupidity :( -- see the headers!)

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Andrew Sullivan
Date:

On Thu, Nov 29, 2007 at 09:25:48AM -0300, Alvaro Herrera wrote:
> 
> Hmm.  Suppose I'm using the mutt MUA, and I have a Postfix instance
> running in my local machine.  So mutt does submission to Postfix
> locally, and Postfix delivers to the MTA that my company has set up for
> me.
> 
> What port should my local Postfix use to deliver to my company's email
> server?

Ideally, the submit port.  But if you have a completely controlled network,
smtp is ok.  That's the idea.

> With Magnus proposal to ban email from @postgresql.org addresses that
> wasn't delivered through mail.postgresql.org, I would not be allowed to
> use my local Postfix server.  Instead I would have to configure mutt to

No, this is not part of that BCP, and I realised (after I sent my note) that
we were talking about two different things.  The idea is that your mail
server authenticates _you_, and also that it authenticates what domains
you're going to send from, which means that it is willing to pass along mail
From: those domains.  The latter is complicated, and will be made worse by
signing tricks.

There is something to be said for rejecting mail from users that are not
subscribed, and that also are not authenticated anywhere in their relay
series.  

But as Marc noted (and sorry I didn't reply yesterday.  Server issues here
again -- I never really fixed things properly, as I haven't had time, so it
serves me right -- prevented me reading mail yesterday) I wasn't advocating
that; what I was suggesting was simply rejecting mail to the list from the
list address itself.  This is a list manager trick.

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
"Joshua D. Drake"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 29 Nov 2007 12:49:03 -0500
Andrew Sullivan <> wrote:

> On Thu, Nov 29, 2007 at 07:55:23AM -0800, Joshua D. Drake wrote:
> > Your point? Most companies need to be hit with a cluestick, that
> > doesn't mean they don't do it. There is a very large free wifi
> > provider near me that actually blocks anything that doesn't have
> > www. E.g; they don't block ports, they blocks names!
> 
> The only way that will ever improve is if (1) people point out why
> what they're doing is stupid and (2) people who are willing to pay
> for real ISP service stop using them.  The IETF has, for instance,
> been using Hiltons a lot recently, and as a result the general
> brain-deadedness of their in-room ISP service has been going down.
> It costs real money to hire non-stupid DBAs; why would we assume that
> the cheapest ISP knows what it's doing?

I don't but... :) unless they are going to pay me to fix it, I am going
to use an ssh tunnel to get around it and ignore them. No it doesn't
help the greater good, but I have work to do and am not going to sit on
the phone with some lame isp trying to explain to them why they are
idiots. I have better things to do.

> 
> > >Nobody should be using "direct SMTP" as such in this day and age.
> > >That's what the submission port is for.
> > 
> > That may be correct but it certainly isn't reality.
> 
> Everyone who continues to insist that this "reality" must continue is
> a willing contributor to the spambot world.  There is a well-defined,
> clear facility for you to show that your mail is legit.  If you are
> unwilling to use it, you are just contributing to the problem.  That
> said, I agree with you.  (The publication of the recent BCP may be
> enough to get my own ISP to fix their stupidity :( -- see the
> headers!)

Could you explain the actual different please? A spambot can't use CMD
to send email, how does the submission port make any difference?

Joshua D. Drake



- -- 
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTv0FATb/zqfZUUQRAnEsAJ9pWWPMqhk34b60Nm2yye1bKbekkACeO/jz
YHvZG2egDGxCZd6lnuO6ov4=
=R97a
-----END PGP SIGNATURE-----

From:
Andrew Sullivan
Date:

On Thu, Nov 29, 2007 at 09:45:16AM -0300, Alvaro Herrera wrote:
> Huh, this one is from Nov. 2007.

Yes.  It took rather a long time to establish, because that's what "BCP"
means.  The message submission port 587 is included in RFC 2476, which is
from _1998_.  You think the Postgres community has problems with obsolete
assumptions?  You should spend some time working on IETF protocols!

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Andrew Sullivan
Date:

On Thu, Nov 29, 2007 at 01:38:01PM +0100, Magnus Hagander wrote:
> Yeah. I still don't see why you shouldn't be using the mailservers
> belonging to the domain you're sending from.. ;-) 

This issue is rather more complicated.  Not everyone uses either a
co-operative MTA or a MUA that will do -hook redirection.

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Andrew Sullivan
Date:

On Thu, Nov 29, 2007 at 01:00:07PM -0400, Marc G. Fournier wrote:
> And is there a reason to assume spammers are that stupid as to not switch to 
> using 587 if that does become some sort of standard?

Um, that you can't?  One of the points of the new port was that it _only_
allowed authenticated submission.

I'll be posting something in the wider thread soon, however, that outlines
what I think the issues are, and what I think might be done.

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Thursday, November 29, 2007 13:39:09 -0500 Andrew Sullivan 
<> wrote:

> On Thu, Nov 29, 2007 at 01:00:07PM -0400, Marc G. Fournier wrote:
>> And is there a reason to assume spammers are that stupid as to not switch to
>> using 587 if that does become some sort of standard?
>
> Um, that you can't?  One of the points of the new port was that it _only_
> allowed authenticated submission.

'k, sorry, you did say that in your last to me ... but, wouldn't *that* imply 
that it is suddenly now okay to open up port 25?  What I think is losing me 
here is why add a new port, when port 25 itself *should* already be 'only 
allowed authenticated'?  Or, when you say "Only", do you mean even from the 
local network, no exceptions?

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHTxMW4QvfyHIvDvMRArDVAJwNJMvepPIw50CtwNXTR7IUOAPGkgCeMSMz
HeVH90KtgbllK7BxEGMpbX4=
=y8GF
-----END PGP SIGNATURE-----



From:
Magnus Hagander
Date:

Marc G. Fournier wrote:
> 
> 
> --On Thursday, November 29, 2007 13:39:09 -0500 Andrew Sullivan 
> <> wrote:
> 
>> On Thu, Nov 29, 2007 at 01:00:07PM -0400, Marc G. Fournier wrote:
>>> And is there a reason to assume spammers are that stupid as to not switch to
>>> using 587 if that does become some sort of standard?
>> Um, that you can't?  One of the points of the new port was that it _only_
>> allowed authenticated submission.
> 
> 'k, sorry, you did say that in your last to me ... but, wouldn't *that* imply 
> that it is suddenly now okay to open up port 25?  What I think is losing me 
> here is why add a new port, when port 25 itself *should* already be 'only 
> allowed authenticated'?  Or, when you say "Only", do you mean even from the 
> local network, no exceptions?

587 is access from anywhere, *always* authenticated, and can relay.
25 is for local delivery only, can *never* relay, but does not need auth.

At least that's how I understand it - I may have missed some details :-)

//Magnus


From:
Andrew Sullivan
Date:

Hi all,

It appears that I caused a ruckus with my suggestion.  It hasn't helped that
I have, I think, encouraged a rather different discussion.  This message is
intended to disambiguate the various threads of this discussion, lay to rest
at least one, and to make a promise about others.

A.  What I asked for

What I actually asked for was that we reject mail From:
<> destined for <>.  I
suggested this, because the spammers have obviously figured out that they
can send mail with the From: and To: headers the same, and evade many spam
traps.  Since lists should _never_ send mail to themselves (it'd be a loop),
this is an obvious optimisation.  Marc says he can do this; I dunno whether
it's been done, but I think his suggestion should be implemented. 

B.  What else came out

As it turns out, this discussion raised several other issues.  I think they
are the following:

1.    SMTP Auth

Everyone agrees this should be and is happening, so we don't need to discuss
it more.

2.    SMTP Submit vs. "Classic" SMTP 

While it is possible to authenticate SMTP while relaying, there is a current
push in the Internet operator community to end the practice of MUA->MTA
submission on port 25.  The reasons for this are somewhat complicated.  I'd
like to propose that we not be distracted by this conversation while the
current release is happening.  Therefore, I propose that we postpone that
discussion until some time in January.

In order to allow people to prepare for any such discussion, there are some
sub-questions that arise:
a.  Do we allow email that is unauthenticated with SMTP Auth fromany domain to go to any list without moderation
(irrespectiveofsubscription)?b.  Do we allow email that is unauthenticated with SMTP Auth frompostgresql.org domains to
goto any list without moderation(irrespective of subscription)?c.  Do we reject email that is unauthenticated with SMTP
Authwith aTo: to the lists?d.  Do we regard email with a From: address in the postgresql.orgdomain that is
unauthenticated(by any server) to be legitimate (andtherefore in or out of spam-control attempts)?e.  Do we regard
emailwith a From: address in the postgresql.orgdomain that is not SMTP-Auth authenticated _at all_ to belegitimate?f.
Dowe regard email with a From: address in the postgresql.orgdomain that is not authenticated _at the postgresql.org
mailservers_to be legitimate?  (Consider SMTP Auth atnon-postgresql.org mail servers, such as hub.org
orcommandprompt.com.)g. Do we regard email with a From: address in the postgresql.orgdomain that is not authenticated
bythe postgresql.org submitservice at the time of MUA->MTA delivery to be legitimate?h.  What do our answers to the
abovemean for various email signingsystems (such as SPF and DKIM)?
 

Every one of the above may be answered in different ways, and the union of
them entails various listmail policies that we may or may not like.  Since
the possible set of policies is so large, I offer to put together a proposed
set of policies, with justifications, some time in January (after the
release is behind us); that ought to eliminate the number of options that
need to be included (I think some of the above questions have obvious
answers).

Is this ok with others?

A

-- 
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke


From:
Magnus Hagander
Date:

Andrew Sullivan wrote:
> Hi all,
> 
> It appears that I caused a ruckus with my suggestion.  It hasn't helped that
> I have, I think, encouraged a rather different discussion.  This message is
> intended to disambiguate the various threads of this discussion, lay to rest
> at least one, and to make a promise about others.
> 
> A.  What I asked for
> 
> What I actually asked for was that we reject mail From:
> <> destined for <>.  I
> suggested this, because the spammers have obviously figured out that they
> can send mail with the From: and To: headers the same, and evade many spam
> traps.  Since lists should _never_ send mail to themselves (it'd be a loop),
> this is an obvious optimisation.  Marc says he can do this; I dunno whether
> it's been done, but I think his suggestion should be implemented. 

Yes, please do if not done already!


> B.  What else came out
> 
> As it turns out, this discussion raised several other issues.  I think they
> are the following:
> 
> 1.    SMTP Auth
> 
> Everyone agrees this should be and is happening, so we don't need to discuss
> it more.

Eh. I think we agree that it should be, but it certainly isn't. But I
agree with the not need to discuss anymore.


<snip>

> Every one of the above may be answered in different ways, and the union of
> them entails various listmail policies that we may or may not like.  Since
> the possible set of policies is so large, I offer to put together a proposed
> set of policies, with justifications, some time in January (after the
> release is behind us); that ought to eliminate the number of options that
> need to be included (I think some of the above questions have obvious
> answers).
> 
> Is this ok with others?

+1

//Magnus


From:
"Marc G. Fournier"
Date:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On Thursday, November 29, 2007 23:41:05 +0100 Magnus Hagander 
<> wrote:

>> 1.    SMTP Auth
>>
>> Everyone agrees this should be and is happening, so we don't need to discuss
>> it more.
>
> Eh. I think we agree that it should be, but it certainly isn't. But I
> agree with the not need to discuss anymore.

Where isn't it happening?  All of our servers are setup to require SMTP AUTH on 
port 25, do you know of one that isn't?  Andrew did not say "all email from 
@postgresql.org should go through mail.postgresql.org", only that nobody should 
be running Open Relays, which, to the best of my knowledge (and Andrew's, and 
JDs), none of us are ...

- ----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email .                               MSN . 
Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHT0Vt4QvfyHIvDvMRArfoAJ4qcqYe8RUjn0nDzhZCTf3og76NbQCeNaIx
19psEIhCzOCXFPo1f2gZBsg=
=OQpB
-----END PGP SIGNATURE-----



From:
Dave Page
Date:

Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> - --On Thursday, November 29, 2007 23:41:05 +0100 Magnus Hagander 
> <> wrote:
> 
>>> 1.    SMTP Auth
>>>
>>> Everyone agrees this should be and is happening, so we don't need to discuss
>>> it more.
>> Eh. I think we agree that it should be, but it certainly isn't. But I
>> agree with the not need to discuss anymore.
> 
> Where isn't it happening?  All of our servers are setup to require SMTP AUTH on 
> port 25, do you know of one that isn't?  Andrew did not say "all email from 
> @postgresql.org should go through mail.postgresql.org", only that nobody should 
> be running Open Relays, which, to the best of my knowledge (and Andrew's, and 
> JDs), none of us are ...

No, but some (many?) ISPs don't use SMTP auth for outgoing mail from 
customers known to be originating on their own network. So they're not 
really open per-se, but they aren't using SMTP AUTH.

/D