From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/20110311/003222.html | 144 ++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 zarb-ml/mageia-dev/20110311/003222.html (limited to 'zarb-ml/mageia-dev/20110311/003222.html') diff --git a/zarb-ml/mageia-dev/20110311/003222.html b/zarb-ml/mageia-dev/20110311/003222.html new file mode 100644 index 000000000..b54c6e135 --- /dev/null +++ b/zarb-ml/mageia-dev/20110311/003222.html @@ -0,0 +1,144 @@ + + + + [Mageia-dev] The solution of the epoll voting issue + + + + + + + + + +

[Mageia-dev] The solution of the epoll voting issue

+ Michael Scherer + misc at zarb.org +
+ Fri Mar 11 04:57:01 CET 2011 +

+
+ +
Hi,
+
+when we voted for packagers representatives, several people had issues
+with epoll and with mail being sent. It turn out that I found the
+problem by chance tonight and it was a conjunction of several problems :
+
+- our setup was ( and is still ) sub-optimally configured. We do check
+spam when receiving mail, and also when sending mail. While this could
+help the system by giving him normal mail ( ie ham ), this waste some
+ressources. 
+
+- we have a quite strict antispam, ie the latest version of
+spamassassin, and we disabled nothing. There is a impressive range of
+plugins nowadays.
+
+For people that do not know the principle, spamassassin take the mail to
+look, check it against a huge corpus of rules and plugins, and assign a
+score for each. If the score cross a threshold, it is discarded ( or
+tagged ). 
+
+It seems that some ballots sent with Anne email ( being ennael1 at gmail ,
+the 1 is important ) triggered 3 checks : 
+
+ NML_ADSP_CUSTOM_MED=1.2
+
+this one is related to DKIM ( a norm about cryptographic authentication,
+see wikipedia for details ). I guess it was badly configured on our
+side. 
+
+ FREEMAIL_ENVFROM_END_DIGIT=2.223,
+
+SA detected that the From was using gmail, a popular free webmail, and
+that the email was finished by a number. And SA developpers think that
+statically sign of a spam ( based on a corpus of spam, see with them for
+the details ).
+
+ FREEMAIL_REPLY=2.499, 
+
+This one is slightly more subtle. SA detected that From: header was a
+free webmail address, but that there was another email in body, and that
+email was also a free webmail ( if you read your spam, you may have seen
+this pattern : "I am John, the CTO of this foreign company, I want to
+invest in your country, please answer me on
+john at free_web_mail.example.org ", and that's what is detected right
+now ). Again, that's based on their stats.
+
+
+Total score : 4.924 ( there was a -1 as this was from a trusted ip, and
+some 0.001 )
+
+Score to be killed : 4.7 
+
+Headshot.
+
+
+So that explain why people who were affected were those on gmail, yahoo
+or  laposte.net, and while the one with their own domain ( me, boklm,
+etc ), were not affected. That doesn't explain why we didn't think to
+look at this however :/
+
+Sorry about that, now we established the problem was on our side.
+
+
+So, what is plan to prevent this for next time. 
+First, we will make sure that people who use epoll :
+- are not scrubbed for spam ( but I tought I did it )
+- do not use a email that will trigger SA checks.
+
+
+A naive solution would be to lower the score on our server, but this
+will not solve the problem that the rest of the network will use a
+default spamassassin ( or a version with the same settings ), and so
+would likely refuse the spam on their side.  So in the end, the result
+will likely just make us receive more spam.
+
+-- 
+Michael Scherer
+
+
+ + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1