Thread: Mailing list (lack of) spam filtering
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Here's another example of recent spam to the -bugs list. If we need help setting up spamassassin, please let me know. I can't imagine why we aren't catching items like this: http://rafb.net/p/8UQ9Oy96.html - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200901221104 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAkl4mWcACgkQvJuQZxSWSsgNbQCeJsokK2RBqr7Rp8rKZjUyO/4j lYAAnRpjV1G39q37fRB0G+iTQ7dIdR2l =IJG7 -----END PGP SIGNATURE-----
Greg Sabino Mullane wrote: > Here's another example of recent spam to the -bugs list. > If we need help setting up spamassassin, please let me > know. I can't imagine why we aren't catching items like this: > > http://rafb.net/p/8UQ9Oy96.html I agree. Our current situation is embarrasing. Please Marc don't ask for specific headers. The problem is not specific emails. The problem is that our setup in general is crap. It's not enough to just train Maia for a bunch of additional emails. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support
On Thu, 2009-01-22 at 13:20 -0300, Alvaro Herrera wrote: > Greg Sabino Mullane wrote: > > > Here's another example of recent spam to the -bugs list. > > If we need help setting up spamassassin, please let me > > know. I can't imagine why we aren't catching items like this: > > > > http://rafb.net/p/8UQ9Oy96.html > > I agree. Our current situation is embarrasing. How so? It seems to me that on the embarrassing meter this is about -2000 in comparison to the fact that we still don't have in place upgrades ;) > > Please Marc don't ask for specific headers. The problem is not specific > emails. The problem is that our setup in general is crap. It's not > enough to just train Maia for a bunch of additional emails. > This email makes me wonder what our expectations really are. I am not saying that our setup isn't crap. I actually don't have an opinion on that. What is an acceptable amount of spam delivery? How does that correlate with acceptable amounts of false positives? Do the lists moderators get more spam on the lists than on the their public emails? I am an announce moderator and I don't get that much spam on that list. Does anyone have any potential solutions? We could use spamhaus but we would have to be very careful because of the international nature of the project. We could add SORBS that might help a bit... thoughts? Thoughts? Sincerely, Joshua D. Drake -- PostgreSQL - XMPP: jdrake@jabber.postgresql.org Consulting, Development, Support, Training 503-667-4564 - http://www.commandprompt.com/ The PostgreSQL Company, serving since 1997
On Thu, 22 Jan 2009, Joshua D. Drake wrote: > Does anyone have any potential solutions? We could use spamhaus but we > would have to be very careful because of the international nature of the > project. We could add SORBS that might help a bit... thoughts? Right now, we are relying on spamassasin + greylisting ... way back when (I don't know how far back), we *had*: # reject_rbl_client dnsbl.sorbs.net, # reject_rbl_client relays.ordb.org, # reject_rbl_client opm.blitzed.org, # reject_rbl_client sbl.spamhaus.org, # reject_rbl_client list.dsbl.org, Not sure when we removed, nor why, but someone at some point must have complained ... I can re-add all of them, if ppl would like ... just say the word ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664
Greg, if you would like to look over how things are setup, I have no qualms about that, just email me offlist and I can give you access to look things over and make suggestions on how we can improve the setup ... I just checked, and we are running the latest version fo Spamassasin, as well as the 'rules_du_jour' is run once a day, but its possible I'm missing something obvious ... ... but, let's talk offlist and get you access so that you can do a review and point out anything I may have missed in the setup ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664
On Thu, 22 Jan 2009, Alvaro Herrera wrote: > Please Marc don't ask for specific headers. The problem is not specific > emails. The problem is that our setup in general is crap. It's not > enough to just train Maia for a bunch of additional emails. Do a bit of research before you put in comments about what you really have no knowledge of ... specifically, do some research into exactly *what* Maia is ... what should be quite embarressing to you is just how fast you jump onto things you really know nothing about ... I can subscribe to Greg's assertion that I'm missing something with the spamassassin setup, and will very happily work with him to see if we can tight it up further ... but *all* maia is is a front end to spamassassin, any spam scoring is done by Spamassassin itself ... Maia then takes that score and *quarantines* messages that score over a certain threshold, but Maia in no way manipulates that score ... In fact, even the 'training' you elude to is a simple call to 'sa-learn', Maia just provides me the interface to go *through* emails vs reading them out of a mailbox ... But, of course, if you did some research *first*, instead of running off at the mouth, you would have figured this out already on your own ... Almost as bad erading yoru stuff as reading stuff from AlDev ... abotu as informed ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664
On Thu, 2009-01-22 at 13:28 -0400, Marc G. Fournier wrote: > On Thu, 22 Jan 2009, Alvaro Herrera wrote: > But, of course, if you did some research *first*, instead of running off > at the mouth, you would have figured this out already on your own ... > > Almost as bad erading yoru stuff as reading stuff from AlDev ... abotu as > informed ... O.k. guys that is enough. We are all team members here. Joshua D. Drake -- PostgreSQL - XMPP: jdrake@jabber.postgresql.org Consulting, Development, Support, Training 503-667-4564 - http://www.commandprompt.com/ The PostgreSQL Company, serving since 1997
Joshua D. Drake wrote: > On Thu, 2009-01-22 at 13:28 -0400, Marc G. Fournier wrote: > > On Thu, 22 Jan 2009, Alvaro Herrera wrote: > > > But, of course, if you did some research *first*, instead of running off > > at the mouth, you would have figured this out already on your own ... > > > > Almost as bad erading yoru stuff as reading stuff from AlDev ... abotu as > > informed ... > > O.k. guys that is enough. We are all team members here. I re-read Greg's original email and it seemed perfectly reasonable to me. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
Yes, it was ... That is why I responded to *his* accepting any suggestions and/or guidance he could provide to improve the situation ... Sent from my iPhone On 22-Jan-09, at 14:48, Bruce Momjian <bruce@momjian.us> wrote: > Joshua D. Drake wrote: >> On Thu, 2009-01-22 at 13:28 -0400, Marc G. Fournier wrote: >>> On Thu, 22 Jan 2009, Alvaro Herrera wrote: >> >>> But, of course, if you did some research *first*, instead of >>> running off >>> at the mouth, you would have figured this out already on your >>> own ... >>> >>> Almost as bad erading yoru stuff as reading stuff from AlDev ... >>> abotu as >>> informed ... >> >> O.k. guys that is enough. We are all team members here. > > I re-read Greg's original email and it seemed perfectly reasonable to > me. > > -- > Bruce Momjian <bruce@momjian.us> http://momjian.us > EnterpriseDB http://enterprisedb.com > > + If your life is a hard drive, Christ can be your backup. + > > ---------------------------(end of > broadcast)--------------------------- > If the PostgreSQL.org mailing lists are down, use the auxillary list pgsysadmins@agliodbs.com
Scrappy wrote: > Yes, it was ... That is why I responded to *his* accepting any > suggestions and/or guidance he could provide to improve the > situation ... I made a mistake thinking you were replying to Greg, but someone told me the reply was about someone else, so I was wrong. --------------------------------------------------------------------------- > Sent from my iPhone > > On 22-Jan-09, at 14:48, Bruce Momjian <bruce@momjian.us> wrote: > > > Joshua D. Drake wrote: > >> On Thu, 2009-01-22 at 13:28 -0400, Marc G. Fournier wrote: > >>> On Thu, 22 Jan 2009, Alvaro Herrera wrote: > >> > >>> But, of course, if you did some research *first*, instead of > >>> running off > >>> at the mouth, you would have figured this out already on your > >>> own ... > >>> > >>> Almost as bad erading yoru stuff as reading stuff from AlDev ... > >>> abotu as > >>> informed ... > >> > >> O.k. guys that is enough. We are all team members here. > > > > I re-read Greg's original email and it seemed perfectly reasonable to > > me. > > > > -- > > Bruce Momjian <bruce@momjian.us> http://momjian.us > > EnterpriseDB http://enterprisedb.com > > > > + If your life is a hard drive, Christ can be your backup. + > > > > ---------------------------(end of > > broadcast)--------------------------- > > If the PostgreSQL.org mailing lists are down, use the auxillary list pgsysadmins@agliodbs.com -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
Marc G. Fournier wrote: > > Greg, if you would like to look over how things are setup, I have no > qualms about that, just email me offlist and I can give you access to > look things over and make suggestions on how we can improve the setup > ... I just checked, and we are running the latest version fo > Spamassasin, as well as the 'rules_du_jour' is run once a day, but its > possible I'm missing something obvious ... > > ... but, let's talk offlist and get you access so that you can do a > review and point out anything I may have missed in the setup ... a pretty simple question whould be to check if we are also running the latest *rulesets* for spamassassin (the are providing updated rulesets every few weeks which need to be installed using sa-update/sa-compile). I could also provide a simple nagios plugin for checking this ... Stefan
On Thu, 22 Jan 2009, Stefan Kaltenbrunner wrote: > a pretty simple question whould be to check if we are also running the > latest *rulesets* for spamassassin (the are providing updated rulesets > every few weeks which need to be installed using sa-update/sa-compile). > I could also provide a simple nagios plugin for checking this ... Simple answer: yes, I believe so ... part of the docs I went through for setting up Spamassassin was to setup a cron job: 01 00 * * * /usr/local/bin/rules_du_jour which I believe(d) was supposed to do this update daily ... ... but, that said, I didn't realize there was a nagios plug in for this, but now that you mention it, I just looked at ports and see it ... let me get it installed and added to my internal monitoring, and will ping you if I have any questions about setting it up ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664
Marc G. Fournier wrote: > On Thu, 22 Jan 2009, Stefan Kaltenbrunner wrote: > >> a pretty simple question whould be to check if we are also running the >> latest *rulesets* for spamassassin (the are providing updated rulesets >> every few weeks which need to be installed using >> sa-update/sa-compile). I could also provide a simple nagios plugin for >> checking this ... > > Simple answer: yes, I believe so ... part of the docs I went through for > setting up Spamassassin was to setup a cron job: > > 01 00 * * * /usr/local/bin/rules_du_jour > > which I believe(d) was supposed to do this update daily ... > > ... but, that said, I didn't realize there was a nagios plug in for > this, but now that you mention it, I just looked at ports and see it ... > let me get it installed and added to my internal monitoring, and will > ping you if I have any questions about setting it up ... well rules_du_jour is deprecated for a while now. sa-update is by default using the official SA-update channel (which is more like a virus pattern update really) and can support other sources as well. The Plugin I was talking about is specifically checking for new available patterns not if SA is up & running btw. Stefan
Stefan Kaltenbrunner wrote: > Marc G. Fournier wrote: >> Simple answer: yes, I believe so ... part of the docs I went through >> for setting up Spamassassin was to setup a cron job: >> >> 01 00 * * * /usr/local/bin/rules_du_jour >> >> which I believe(d) was supposed to do this update daily ... > well rules_du_jour is deprecated for a while now. Yeah, I noticed that too while digging on it, and this could explain why the filtering has been progressively worse. Maybe just changing the rule update mechanism would improve things again. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
Will look at sa-update when I get online in an hour or so ... Sent from my iPhone On 22-Jan-09, at 16:30, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > Marc G. Fournier wrote: >> On Thu, 22 Jan 2009, Stefan Kaltenbrunner wrote: >>> a pretty simple question whould be to check if we are also running >>> the latest *rulesets* for spamassassin (the are providing updated >>> rulesets every few weeks which need to be installed using sa- >>> update/sa-compile). I could also provide a simple nagios plugin >>> for checking this ... >> Simple answer: yes, I believe so ... part of the docs I went >> through for setting up Spamassassin was to setup a cron job: >> 01 00 * * * /usr/local/bin/rules_du_jour >> which I believe(d) was supposed to do this update daily ... >> ... but, that said, I didn't realize there was a nagios plug in for >> this, but now that you mention it, I just looked at ports and see >> it ... let me get it installed and added to my internal monitoring, >> and will ping you if I have any questions about setting it up ... > > well rules_du_jour is deprecated for a while now. sa-update is by > default using the official SA-update channel (which is more like a > virus pattern update really) and can support other sources as well. > The Plugin I was talking about is specifically checking for new > available patterns not if SA is up & running btw. > > > > > Stefan > > -- > Sent via pgsql-www mailing list (pgsql-www@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-www
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 'k, just ran: /usr/local/bin/sa-update --nogpg; /usr/local/etc/rc.d/amavisd restart Actually, that is what is now in cron to run every night at 22:59 .. from the command line, I added the -D option, and it seemed to do a bunch of processing ... rules_du_jour now removed ... See if that doesn't help ... - --On Thursday, January 22, 2009 16:46:14 -0400 Scrappy <scrappy@hub.org> wrote: > Will look at sa-update when I get online in an hour or so ... > > Sent from my iPhone > > On 22-Jan-09, at 16:30, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > >> Marc G. Fournier wrote: >>> On Thu, 22 Jan 2009, Stefan Kaltenbrunner wrote: >>>> a pretty simple question whould be to check if we are also running >>>> the latest *rulesets* for spamassassin (the are providing updated >>>> rulesets every few weeks which need to be installed using sa- >>>> update/sa-compile). I could also provide a simple nagios plugin >>>> for checking this ... >>> Simple answer: yes, I believe so ... part of the docs I went >>> through for setting up Spamassassin was to setup a cron job: >>> 01 00 * * * /usr/local/bin/rules_du_jour >>> which I believe(d) was supposed to do this update daily ... >>> ... but, that said, I didn't realize there was a nagios plug in for >>> this, but now that you mention it, I just looked at ports and see >>> it ... let me get it installed and added to my internal monitoring, >>> and will ping you if I have any questions about setting it up ... >> >> well rules_du_jour is deprecated for a while now. sa-update is by >> default using the official SA-update channel (which is more like a >> virus pattern update really) and can support other sources as well. >> The Plugin I was talking about is specifically checking for new >> available patterns not if SA is up & running btw. >> >> >> >> >> Stefan >> >> -- >> Sent via pgsql-www mailing list (pgsql-www@postgresql.org) >> To make changes to your subscription: >> http://www.postgresql.org/mailpref/pgsql-www > > ---------------------------(end of broadcast)--------------------------- > If the PostgreSQL.org mailing lists are down, use the auxillary list > pgsysadmins@agliodbs.com - -- Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkl45yAACgkQ4QvfyHIvDvMrqQCbBTMwwN2hybRDWJTG1sMzGreo zScAn3MK9sVh8vio9BsOE6dSfTzhkaXN =xB9v -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 "Joshua D. Drake" asked: >> I agree. Our current situation is embarrasing. > > How so? It seems to me that on the embarrassing meter this is about > -2000 in comparison to the fact that we still don't have in place > upgrades ;) Well, I wouldn't call it embarassing. It's not a public matter, after all, except when people like me raise the issue on public lists like -www. It's more of a moderation annoyance (see below). > What is an acceptable amount of spam delivery? How does that correlate > with acceptable amounts of false positives? Do the lists moderators get > more spam on the lists than on the their public emails? I am an announce > moderator and I don't get that much spam on that list. I agree that announce does that not get much spam. I don't know the reason for this, but it gets < 1% of what the other lists get. I certainly see more spam in the moderation queue than on my public emails, but the latter are heavily filtered, so I don't know if that is relevant. The danger is that us moderators are more likely to miss a legitimate message if it's buried in 200 other spam emails (which is roughly the current ratio for lists like -general). "Marc G. Fournier" wrote: > Greg, if you would like to look over how things are setup, I have no > qualms about that, just email me offlist and I can give you access to look > things over and make suggestions on how we can improve the setup Thanks, Marc, will do. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200901251645 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAkl83Y0ACgkQvJuQZxSWSsg5XACguU4QF/XjLIUuZsQY8htyfKFC WkAAoP7aMX2BOCQ8tHkpGXChC8bq729k =yP6X -----END PGP SIGNATURE-----