Non English Spam
Erik Norgaard
norgaard at locolomo.org
Tue Oct 17 02:22:43 PDT 2006
Ted Mittelstaedt wrote:
> Spammers cannot forge the Received header that your own mailserver
> puts into the received message. The first Received line of the message
> is always legitimate.
Please read my reply to Ian, who commented exactly the same. The
Recieved headers are useless for filtering.
>> Accepting mail from a particular host should be done even before the
>> mail delivery starts.
>
> Don't know what your talking about here.
The first Received header line, which as you correctly mention is (the
only) reliable, is inserted by your own server based on the info from
the establishing connection and HELO command.
In this case you can decide to accept or reject the mail before
accepting the DATA. This is more efficient as you don't waste bandwidth
receiving data you will later reject.
Also this means that later filtering on the first Received field is
double work: You already accepted the mail based on that information.
In short: Writing header filtering rules for the Received field is
simply waste of time and proof of inefficiency.
>> Second: If you know postfix, you also know that header filtering is
>> independent of other checks, even the result of filtering on individual
>> header lines are independent.
>>
> I don't know Postfix. So what your saying is Postfix is so defective
> that you can't use it for filtering? No wonder I never bothered to
> deal with it.
Just as Sendmail, Postfix is not designed for spam filtering. Postfix
provides simple filtering mechanisms, keeping it simple postfix provides
an effective and reliable MTA that doesn't suffer the track record of
security bugs Sendmail does.
When the native filters does not suffice you can combine with any number
of "policy services": External filtering mechanisms such as postgrey,
spam assassin etc. This design is clean, reliable and easy to manage.
I mentioned a solution using the mechanisms supported natively by
postfix. OP had problems that spam assassin and procmail did not catch
these mails.
>> Basically what you say here is that spammers have every right to flood
>> mail servers as long as they do so compliant with the RFC's?
>
> I'm saying that you don't have the right to force other people to modify
> their content on messages that AREN'T spam just because your spam
> filters are too piss-poor to differentiate between an Asian charset message
> that is spam, and an Asian charset message that is a legitimate message.
Call it piss-poor, but it is very effective, and simple to implement. If
you have an effective alternative please do share.
OP requested a way to filter away the spam in foreign character sets
because for some reason these were not caught by Spam Assassin or
procmail. I gave a solution that solves that problem, and I mentioned
the problem of false negatives for this list.
Rather than get pissed, do try to offer an alternative solution to a
real problem.
>> I don't force anyone to conform to any arbitrary standards that I decide
>> upon, but I have every legitimate right to reject anything that doesn't
>> conform to my arbitrary standards.
>
> No argument there - but your crossing the line (or the other poster is
> crossing the line) when your talking about telling list subscribers to
> change charsets when they post.
I think you misread my original post. I brought up the issue exactly
because filtering on charsets causes false positives whichever way you
do it.
I don't have a particular desire to throw away legitimate mail, in fact
I'd like to solve that problem (and I think OP want that too), but so
far you have not contributed with a working alternative.
I asked politely if there were any consensus or best practices etc. on
this issue. You have the regular mail on "how to get the best results"
there are recommendations on how to use this list, they are not enforced
but only serve as guidelines.
I don't try to force people to use particular character sets, I merely
ask whether such recommendation exist for "the best results when using
the list", in which case filtering on charsets may be the least
imperfect solution (until you share your perfect filter, that is).
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
More information about the freebsd-questions
mailing list