<div dir="ltr">Here it is: <a href="https://paste.fedoraproject.org/paste/BythbLi7ZT7MdYoHbnZF9g/raw">https://paste.fedoraproject.org/paste/BythbLi7ZT7MdYoHbnZF9g/raw</a><div><br></div><div>Can't copy here, otherwise it gets block by SpamAssassin.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 5, 2017 at 9:47 PM, Bernie Innocenti <span dir="ltr"><<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">These are probably getting a lower score due to SPF_PASS.<br>
<br>
If spammers nowadays learned to pass SPF, we should disable that rule or reduce its score. Can you share the full headers please?<br>
<span class=""><br>
Il 5 settembre 2017 10:15:17 GMT-04:00, Samuel Cantero <<a href="mailto:scanterog@gmail.com">scanterog@gmail.com</a>> ha scritto:<br>
>Thanks a lot guys!<br>
><br>
>It seems we still have some spam that can't be catched easily by<br>
>spamassassin. I find some of them in systems@.<br>
><br>
><br>
</span>>*X-Spam-Status: No, score=1.3 required=3.5<br>
>tests=HTML_MESSAGE,RDNS_NONE,<br>
>SPF_HELO_PASS,SPF_PASS,T_<wbr>REMOTE_IMAGE *<br>
><br>
>*X-Spam-Status: No, score=3.0 required=3.5<br>
>tests=RDNS_NONE,SPF_HELO_<wbr>PASS,<br>
>SPF_PASS,URIBL_BLACK*<br>
<div class="HOEnZb"><div class="h5">><br>
>Yes, the score is low...<br>
><br>
><br>
>On Tue, Sep 5, 2017 at 1:07 AM, Sebastian Silva<br>
><<a href="mailto:sebastian@fuentelibre.org">sebastian@fuentelibre.org</a>><br>
>wrote:<br>
><br>
>> Thanks Bernie for following up and pledging to continue your<br>
>leadership<br>
>> in this regard.<br>
>><br>
>> My email-fu is also out of date, but count on me for help.<br>
>><br>
>> Regards,<br>
>> Sebastian<br>
>><br>
>><br>
>> On 05/09/17 00:02, Bernie Innocenti wrote:<br>
>> > On 09/04/2017 09:26 AM, Sebastian Silva wrote:<br>
>> >> I'm not aware of how sunjammer treats mail. Bernie, did you set<br>
>this up<br>
>> >> originally?<br>
>> > Yes. We use Postfix + spamass-milter with a bunch of RBLs and other<br>
>> rules.<br>
>> ><br>
>> > The reason we're seeing mail with "X-Spam-Flag: YES" in mailman was<br>
>that<br>
>> > there are two distinct thresholds: the one in<br>
>/etc/spamassassin/<a href="http://local.cf" rel="noreferrer" target="_blank">local.cf</a><br>
>> > causes mail to be flagged as spam when it reaches the score 3.5.<br>
>This<br>
>> > doesn't cause the mail to be rejected at SMTP time, just flagged so<br>
>that<br>
>> > local delivery rules can move it to a spam folder where users can<br>
>still<br>
>> > find it in case it was misclassified.<br>
>> ><br>
>> > Mailman doesn't have any knowledge of the SpamAssassin headers, but<br>
>> > there are per-list spam filtering rules. Looks like the<br>
>"X-Spam-Flag:<br>
>> > YES" rule was not present on sugar-devel (it's present on systems@<br>
>and<br>
>> > other lists). So I just configured it to silently discard spam. You<br>
>can<br>
>> > change it here:<br>
>> ><br>
>> > <a href="http://lists.sugarlabs.org/admin/sugar-devel/privacy/spam" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/<wbr>admin/sugar-devel/privacy/spam</a><br>
>> ><br>
>> ><br>
>> > There's also a second threshold, which was conservatively set to<br>
>8.0,<br>
>> > which is used by spamass-milter to refuse incoming mail with a<br>
>permanent<br>
>> > error to the sender. The email in question had a score of 7.7, so<br>
>it<br>
>> > didn't make the cut. I lowered the threshold to 6, which should be<br>
>safe<br>
>> > enough.<br>
>> ><br>
>> ><br>
>> >> Maintaining mailservers is often time consuming and frustrating<br>
>because<br>
>> >> of spam.<br>
>> > Indeed :-(<br>
>> ><br>
>> > Even using with a well configured SpamAssassin, with DKIM and RBLs,<br>
>> > there is way too much spam that makes it through. The only way to<br>
>filter<br>
>> > spam effectively is to rely on signals from a massive number of<br>
>users to<br>
>> > train an advanced spam classifier (and SpamAssassin is an ancient<br>
>> > codebase mostly based on manually crafted rules).<br>
>> ><br>
>> ><br>
>> >> I don't even fully understand what James said (does gmail consider<br>
>this<br>
>> >> spam as originating from SL?).<br>
>> >><br>
>> >> Perhaps we should disable mail processing altogether if no<br>
>sysadmin can<br>
>> >> manage it.<br>
>> >><br>
>> >> While I am in infrastructure team, mail is just too time consuming<br>
>to<br>
>> >> configure for me.<br>
>> >><br>
>> >> If there's no other volunteer I can look into scaling our mail<br>
>services<br>
>> >> down to just mailing lists.<br>
>> > My experience administering email is 6 years out of date, but I can<br>
>> > pledge to keep the current system running until we switch to<br>
>mailman3<br>
>> > which (hopefully?) has a modern, well thought way to deal with<br>
>spam.<br>
>> ><br>
>> > There shouldn't be much to do for the forwarding email addresses,<br>
>since<br>
>> > spam filtering belongs in the receiving endpoint.<br>
>> ><br>
>> > The other thing that can get tricky is ensuring reliable delivery<br>
>on IPs<br>
>> > that can be used to send out occasional spam (from local email<br>
>accounts<br>
>> > or web apps). This is why we're not encouraging hosted email<br>
>accounts on<br>
>> > sunjammer.<br>
>> ><br>
>> ><br>
>> >> Regards,<br>
>> >><br>
>> >> Sebastian<br>
>> >><br>
>> >><br>
>> >> On 03/09/17 17:14, James Cameron wrote:<br>
>> >>> This will do significant reputational damage to Sugar Labs mail<br>
>> >>> domain, identifying the mailman instance as an open relay, making<br>
>the<br>
>> >>> upcoming election harder to run.<br>
>> >>><br>
>> >>> About a thousand messages so far. I'm intercepting with<br>
>procmail.<br>
>> >>><br>
>> >>> Each has UTF <a href="http://6616c.com" rel="noreferrer" target="_blank">6616c.com</a> in subject, with remainder of subject and<br>
>body<br>
>> >>> text in Chinese. <a href="http://6616c.com" rel="noreferrer" target="_blank">6616c.com</a> is an alias for <a href="http://006cc.com" rel="noreferrer" target="_blank">006cc.com</a>, which<br>
>looks to<br>
>> >>> be gambling focused.<br>
>> >>><br>
>> >><br>
>> >> ______________________________<wbr>_________________<br>
>> >> Systems mailing list<br>
>> >> <a href="mailto:Systems@lists.sugarlabs.org">Systems@lists.sugarlabs.org</a><br>
>> >> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/<wbr>listinfo/systems</a><br>
>> >><br>
>><br>
>> ______________________________<wbr>_________________<br>
>> Systems mailing list<br>
>> <a href="mailto:Systems@lists.sugarlabs.org">Systems@lists.sugarlabs.org</a><br>
>> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/<wbr>listinfo/systems</a><br>
>><br>
<br>
</div></div><div class="HOEnZb"><div class="h5">--<br>
ベルニー<br>
Sent from my Android device with K-9 Mail.<br>
</div></div></blockquote></div><br></div>