* Stupid anti-spam testings... @ 2002-09-02 21:50 Matti Aarnio 2002-09-02 22:28 ` Andreas Dilger 0 siblings, 1 reply; 8+ messages in thread From: Matti Aarnio @ 2002-09-02 21:50 UTC (permalink / raw) To: linux-kernel Quite a many of vger's recipients are doing return-path verification testing for SMTP's MAIL FROM address. I would not mind that, EXCEPT that those bloody stupid things don't have any sane caches at all! VGER is sending 300+ messages per day to 3500+ recipients of linux-kernel list EVERY DAY, and every outgoing message is now getting oodles of those probes! Folks, when you deploy that kind of testers, DO VERIFY THAT THEY HAVE SANE CACHES! A positive result shall be cached for at least two hours, a negative result shall be cached for at least 30 minutes. That would send a dozen back-probes towards vger from recipient system, instead of present 300+ ! /Matti Aarnio -- who considers some cures worse than the original problem... ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Stupid anti-spam testings... 2002-09-02 21:50 Stupid anti-spam testings Matti Aarnio @ 2002-09-02 22:28 ` Andreas Dilger 2002-09-02 23:32 ` Matti Aarnio 0 siblings, 1 reply; 8+ messages in thread From: Andreas Dilger @ 2002-09-02 22:28 UTC (permalink / raw) To: Matti Aarnio; +Cc: linux-kernel On Sep 03, 2002 00:50 +0300, Matti Aarnio wrote: > Quite a many of vger's recipients are doing return-path verification > testing for SMTP's MAIL FROM address. > > I would not mind that, EXCEPT that those bloody stupid things don't > have any sane caches at all! VGER is sending 300+ messages per > day to 3500+ recipients of linux-kernel list EVERY DAY, and every > outgoing message is now getting oodles of those probes! > > Folks, when you deploy that kind of testers, DO VERIFY THAT THEY > HAVE SANE CACHES! A positive result shall be cached for at least > two hours, a negative result shall be cached for at least 30 minutes. Do you know if this is one of the default checks from spamassassin? I would imagine that a lot of people (including myself) have it installed, so it is possible that it (or some other widely-used tool) now does this sort of check out-of-the-box, and the people who are installing them have no idea about the kind of load it generates on vger. I doubt that there are a large number of people who are independently misconfiguring their mail setup this way If it is possible to track what tool is causing the problem and fixing the default setup of that tool at the source, it will probably solve 99% of the problems in one go (after the list knows to which version they should upgrade). Cheers, Andreas -- Andreas Dilger http://www-mddsp.enel.ucalgary.ca/People/adilger/ http://sourceforge.net/projects/ext2resize/ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Stupid anti-spam testings... 2002-09-02 22:28 ` Andreas Dilger @ 2002-09-02 23:32 ` Matti Aarnio 2002-09-02 23:48 ` Davide Libenzi ` (3 more replies) 0 siblings, 4 replies; 8+ messages in thread From: Matti Aarnio @ 2002-09-02 23:32 UTC (permalink / raw) To: linux-kernel On Mon, Sep 02, 2002 at 04:28:37PM -0600, Andreas Dilger wrote: ... > > Folks, when you deploy that kind of testers, DO VERIFY THAT THEY > > HAVE SANE CACHES! A positive result shall be cached for at least > > two hours, a negative result shall be cached for at least 30 minutes. > > Do you know if this is one of the default checks from spamassassin? No idea. I have seen these coming from Exim 4.10, Exim-something, some sendmail milter (whatever that is), etc.. Apparently the idea (which I have thought of long ago, and rejected as incomplete) has caught, and has multiple implementations... > I would imagine that a lot of people (including myself) have it > installed, so it is possible that it (or some other widely-used tool) > now does this sort of check out-of-the-box, and the people who are > installing them have no idea about the kind of load it generates on vger. > I doubt that there are a large number of people who are independently > misconfiguring their mail setup this way I can easily reduce the load impact it causes to vger by running the smtp server in "accept everything" mode without analyzing local addresses for existence. With a bit more work I can throw in local cache.. (which I probably have to do..) > If it is possible to track what tool is causing the problem and fixing > the default setup of that tool at the source, it will probably solve > 99% of the problems in one go (after the list knows to which version > they should upgrade). Raise some noise all around, there are multiple implementations of the idea. Some even with syntactically invalid tester codes (spaces put in place where they don't belong in RFC 821/2821); "works with sendmail" is NOT synonymous to "is syntactically correct." - a mister at blue-labs.org runs some sendmail-milter which does testing with invalid protocol syntax - usw-sf-list1.sourceforge.net use probably their own code usw-sf-fw2.sourceforge.net too... possibly more systems there.. - quetz.demon.co.uk tests from Exim 4.10 - somebody.symons.net tests from Exim 3.35 Right now something like 5-7 different systems are doing it. Try to imagine when all 3500 targets do it... BRRRRR... (Sure, VGER can handle it, no problem, but it is that much wasted cycles, and network traffic...) > Cheers, Andreas > Andreas Dilger /Matti Aarnio ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Stupid anti-spam testings... 2002-09-02 23:32 ` Matti Aarnio @ 2002-09-02 23:48 ` Davide Libenzi 2002-09-02 23:55 ` [ot] " Matt Bernstein ` (2 subsequent siblings) 3 siblings, 0 replies; 8+ messages in thread From: Davide Libenzi @ 2002-09-02 23:48 UTC (permalink / raw) To: Matti Aarnio; +Cc: linux-kernel On Tue, 3 Sep 2002, Matti Aarnio wrote: > On Mon, Sep 02, 2002 at 04:28:37PM -0600, Andreas Dilger wrote: > ... > > > Folks, when you deploy that kind of testers, DO VERIFY THAT THEY > > > HAVE SANE CACHES! A positive result shall be cached for at least > > > two hours, a negative result shall be cached for at least 30 minutes. > > > > Do you know if this is one of the default checks from spamassassin? > > No idea. I have seen these coming from Exim 4.10, Exim-something, > some sendmail milter (whatever that is), etc.. > > Apparently the idea (which I have thought of long ago, and rejected > as incomplete) has caught, and has multiple implementations... Personally i don't think this kind of tests are going to reduce the spam that much but a simple lookup in the subscribers database might help reducing the smtp-test traffic only for non-subscriber addresses. - Davide ^ permalink raw reply [flat|nested] 8+ messages in thread
* [ot] Re: Stupid anti-spam testings... 2002-09-02 23:32 ` Matti Aarnio 2002-09-02 23:48 ` Davide Libenzi @ 2002-09-02 23:55 ` Matt Bernstein 2002-09-03 2:53 ` Kevin P. Fleming 2002-09-03 2:27 ` Barry K. Nathan 2002-09-04 12:30 ` Henning P. Schmiedehausen 3 siblings, 1 reply; 8+ messages in thread From: Matt Bernstein @ 2002-09-02 23:55 UTC (permalink / raw) To: Matti Aarnio; +Cc: linux-kernel At 02:32 +0300 Matti Aarnio wrote: >On Mon, Sep 02, 2002 at 04:28:37PM -0600, Andreas Dilger wrote: >... >> Do you know if this is one of the default checks from spamassassin? > > No idea. I have seen these coming from Exim 4.10, Exim-something, > some sendmail milter (whatever that is), etc.. > > Apparently the idea (which I have thought of long ago, and rejected > as incomplete) has caught, and has multiple implementations... I only speak (and even then not officially) for Exim's implementation, which is "verify = sender/callout" in Exim 4. I will check to see what caches may or may not apply. (I think Exim might not cache this, in which case I'll try to get this caching onto the wish list.) Anyway I think this kind of paranoia is just silly. It's trivial to forge a valid sender address, so why bother checking anything other than a syntactically valid domain name? > - usw-sf-list1.sourceforge.net use probably their own code > usw-sf-fw2.sourceforge.net too... possibly more systems there.. These may well be Exim. > - quetz.demon.co.uk tests from Exim 4.10 > - somebody.symons.net tests from Exim 3.35 > > Right now something like 5-7 different systems are doing it. > Try to imagine when all 3500 targets do it... BRRRRR... > (Sure, VGER can handle it, no problem, but it is that much > wasted cycles, and network traffic...) In Exim's case the network traffic will be minimal: EHLO host.name MAIL FROM:<> RCPT TO:<sender@for.verify> RSET ..is about as much as you'll get. The wasted cycles will be more important. Sorry for the noise on the list.. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ot] Re: Stupid anti-spam testings... 2002-09-02 23:55 ` [ot] " Matt Bernstein @ 2002-09-03 2:53 ` Kevin P. Fleming 0 siblings, 0 replies; 8+ messages in thread From: Kevin P. Fleming @ 2002-09-03 2:53 UTC (permalink / raw) To: Matt Bernstein; +Cc: Matti Aarnio, linux-kernel Matt Bernstein wrote: > > Anyway I think this kind of paranoia is just silly. It's trivial to forge > a valid sender address, so why bother checking anything other than a > syntactically valid domain name? > Because, believe it or not, most spammers don't bother. The main server that I maintain (_NOT_ where I receive L-K) drops at least 20 messages a day at RCPT TO: time using this very check. Considering that's 50% of the spam we drop at RCPT TO: time, I'd say it's worth it. But I do agree, the systems doing the callouts should cache the results (I'm an Exim 4.10 user as well). ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Stupid anti-spam testings... 2002-09-02 23:32 ` Matti Aarnio 2002-09-02 23:48 ` Davide Libenzi 2002-09-02 23:55 ` [ot] " Matt Bernstein @ 2002-09-03 2:27 ` Barry K. Nathan 2002-09-04 12:30 ` Henning P. Schmiedehausen 3 siblings, 0 replies; 8+ messages in thread From: Barry K. Nathan @ 2002-09-03 2:27 UTC (permalink / raw) To: Matti Aarnio; +Cc: linux-kernel On Tue, Sep 03, 2002 at 02:32:30AM +0300, Matti Aarnio wrote: > some sendmail milter (whatever that is), etc.. I don't know if this helps, but it might: http://www.milter.org/about.shtml -Barry K. Nathan <barryn@pobox.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Stupid anti-spam testings... 2002-09-02 23:32 ` Matti Aarnio ` (2 preceding siblings ...) 2002-09-03 2:27 ` Barry K. Nathan @ 2002-09-04 12:30 ` Henning P. Schmiedehausen 3 siblings, 0 replies; 8+ messages in thread From: Henning P. Schmiedehausen @ 2002-09-04 12:30 UTC (permalink / raw) To: linux-kernel Matti Aarnio <matti.aarnio@zmailer.org> writes: > some sendmail milter (whatever that is), etc.. mail filter. The filtering API of sendmail 8.12+. You can e.g. attach SpamAssassin here... Regards Henning -- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20 ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2002-09-04 12:26 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-09-02 21:50 Stupid anti-spam testings Matti Aarnio 2002-09-02 22:28 ` Andreas Dilger 2002-09-02 23:32 ` Matti Aarnio 2002-09-02 23:48 ` Davide Libenzi 2002-09-02 23:55 ` [ot] " Matt Bernstein 2002-09-03 2:53 ` Kevin P. Fleming 2002-09-03 2:27 ` Barry K. Nathan 2002-09-04 12:30 ` Henning P. Schmiedehausen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox