<div dir="ltr">Here it is: <a href="https://paste.fedoraproject.org/paste/BythbLi7ZT7MdYoHbnZF9g/raw">https://paste.fedoraproject.org/paste/BythbLi7ZT7MdYoHbnZF9g/raw</a><div> </div><div>Can't copy here, otherwise it gets block by SpamAssassin.</div></div><div class="gmail_extra"> <div class="gmail_quote">On Tue, Sep 5, 2017 at 9:47 PM, Bernie Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">These are probably getting a lower score due to SPF_PASS. If spammers nowadays learned to pass SPF, we should disable that rule or reduce its score. Can you share the full headers please? Il 5 settembre 2017 10:15:17 GMT-04:00, Samuel Cantero <<a href="mailto:scanterog@gmail.com">scanterog@gmail.com</a>> ha scritto: >Thanks a lot guys! > >It seems we still have some spam that can't be catched easily by >spamassassin. I find some of them in systems@. > > >*X-Spam-Status: No, score=1.3 required=3.5 >tests=HTML_MESSAGE,RDNS_NONE, >SPF_HELO_PASS,SPF_PASS,T_REMOTE_IMAGE * > >*X-Spam-Status: No, score=3.0 required=3.5 >tests=RDNS_NONE,SPF_HELO_PASS, >SPF_PASS,URIBL_BLACK* <div class="HOEnZb"><div class="h5">> >Yes, the score is low... > > >On Tue, Sep 5, 2017 at 1:07 AM, Sebastian Silva ><<a href="mailto:sebastian@fuentelibre.org">sebastian@fuentelibre.org</a>> >wrote: > >> Thanks Bernie for following up and pledging to continue your >leadership >> in this regard. >> >> My email-fu is also out of date, but count on me for help. >> >> Regards, >> Sebastian >> >> >> On 05/09/17 00:02, Bernie Innocenti wrote: >> > On 09/04/2017 09:26 AM, Sebastian Silva wrote: >> >> I'm not aware of how sunjammer treats mail. Bernie, did you set >this up >> >> originally? >> > Yes. We use Postfix + spamass-milter with a bunch of RBLs and other >> rules. >> > >> > The reason we're seeing mail with "X-Spam-Flag: YES" in mailman was >that >> > there are two distinct thresholds: the one in >/etc/spamassassin/<a href="http://local.cf" rel="noreferrer" target="_blank">local.cf</a> >> > causes mail to be flagged as spam when it reaches the score 3.5. >This >> > doesn't cause the mail to be rejected at SMTP time, just flagged so >that >> > local delivery rules can move it to a spam folder where users can >still >> > find it in case it was misclassified. >> > >> > Mailman doesn't have any knowledge of the SpamAssassin headers, but >> > there are per-list spam filtering rules. Looks like the >"X-Spam-Flag: >> > YES" rule was not present on sugar-devel (it's present on systems@ >and >> > other lists). So I just configured it to silently discard spam. You >can >> > change it here: >> > >> > <a href="http://lists.sugarlabs.org/admin/sugar-devel/privacy/spam" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/admin/sugar-devel/privacy/spam</a> >> > >> > >> > There's also a second threshold, which was conservatively set to >8.0, >> > which is used by spamass-milter to refuse incoming mail with a >permanent >> > error to the sender. The email in question had a score of 7.7, so >it >> > didn't make the cut. I lowered the threshold to 6, which should be >safe >> > enough. >> > >> > >> >> Maintaining mailservers is often time consuming and frustrating >because >> >> of spam. >> > Indeed :-( >> > >> > Even using with a well configured SpamAssassin, with DKIM and RBLs, >> > there is way too much spam that makes it through. The only way to >filter >> > spam effectively is to rely on signals from a massive number of >users to >> > train an advanced spam classifier (and SpamAssassin is an ancient >> > codebase mostly based on manually crafted rules). >> > >> > >> >> I don't even fully understand what James said (does gmail consider >this >> >> spam as originating from SL?). >> >> >> >> Perhaps we should disable mail processing altogether if no >sysadmin can >> >> manage it. >> >> >> >> While I am in infrastructure team, mail is just too time consuming >to >> >> configure for me. >> >> >> >> If there's no other volunteer I can look into scaling our mail >services >> >> down to just mailing lists. >> > My experience administering email is 6 years out of date, but I can >> > pledge to keep the current system running until we switch to >mailman3 >> > which (hopefully?) has a modern, well thought way to deal with >spam. >> > >> > There shouldn't be much to do for the forwarding email addresses, >since >> > spam filtering belongs in the receiving endpoint. >> > >> > The other thing that can get tricky is ensuring reliable delivery >on IPs >> > that can be used to send out occasional spam (from local email >accounts >> > or web apps). This is why we're not encouraging hosted email >accounts on >> > sunjammer. >> > >> > >> >> Regards, >> >> >> >> Sebastian >> >> >> >> >> >> On 03/09/17 17:14, James Cameron wrote: >> >>> This will do significant reputational damage to Sugar Labs mail >> >>> domain, identifying the mailman instance as an open relay, making >the >> >>> upcoming election harder to run. >> >>> >> >>> About a thousand messages so far. I'm intercepting with >procmail. >> >>> >> >>> Each has UTF <a href="http://6616c.com" rel="noreferrer" target="_blank">6616c.com</a> in subject, with remainder of subject and >body >> >>> text in Chinese. <a href="http://6616c.com" rel="noreferrer" target="_blank">6616c.com</a> is an alias for <a href="http://006cc.com" rel="noreferrer" target="_blank">006cc.com</a>, which >looks to >> >>> be gambling focused. >> >>> >> >> >> >> _______________________________________________ >> >> Systems mailing list >> >> <a href="mailto:Systems@lists.sugarlabs.org">Systems@lists.sugarlabs.org</a> >> >> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a> >> >> >> >> _______________________________________________ >> Systems mailing list >> <a href="mailto:Systems@lists.sugarlabs.org">Systems@lists.sugarlabs.org</a> >> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a> >> </div></div><div class="HOEnZb"><div class="h5">-- ベルニー Sent from my Android device with K-9 Mail. </div></div></blockquote></div> </div>