1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] The solution of the epoll voting issue
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20The%20solution%20of%20the%20epoll%20voting%20issue&In-Reply-To=%3C1299815821.12163.123.camel%40akroma.ephaone.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="003219.html">
<LINK REL="Next" HREF="003223.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] The solution of the epoll voting issue</H1>
<B>Michael Scherer</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20The%20solution%20of%20the%20epoll%20voting%20issue&In-Reply-To=%3C1299815821.12163.123.camel%40akroma.ephaone.org%3E"
TITLE="[Mageia-dev] The solution of the epoll voting issue">misc at zarb.org
</A><BR>
<I>Fri Mar 11 04:57:01 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="003219.html">[Mageia-dev] Yet another list of missing packages
</A></li>
<LI>Next message: <A HREF="003223.html">[Mageia-dev] Contributors using real name/working email? or not? or maybe?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#3222">[ date ]</a>
<a href="thread.html#3222">[ thread ]</a>
<a href="subject.html#3222">[ subject ]</a>
<a href="author.html#3222">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hi,
when we voted for packagers representatives, several people had issues
with epoll and with mail being sent. It turn out that I found the
problem by chance tonight and it was a conjunction of several problems :
- our setup was ( and is still ) sub-optimally configured. We do check
spam when receiving mail, and also when sending mail. While this could
help the system by giving him normal mail ( ie ham ), this waste some
ressources.
- we have a quite strict antispam, ie the latest version of
spamassassin, and we disabled nothing. There is a impressive range of
plugins nowadays.
For people that do not know the principle, spamassassin take the mail to
look, check it against a huge corpus of rules and plugins, and assign a
score for each. If the score cross a threshold, it is discarded ( or
tagged ).
It seems that some ballots sent with Anne email ( being <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">ennael1 at gmail</A> ,
the 1 is important ) triggered 3 checks :
NML_ADSP_CUSTOM_MED=1.2
this one is related to DKIM ( a norm about cryptographic authentication,
see wikipedia for details ). I guess it was badly configured on our
side.
FREEMAIL_ENVFROM_END_DIGIT=2.223,
SA detected that the From was using gmail, a popular free webmail, and
that the email was finished by a number. And SA developpers think that
statically sign of a spam ( based on a corpus of spam, see with them for
the details ).
FREEMAIL_REPLY=2.499,
This one is slightly more subtle. SA detected that From: header was a
free webmail address, but that there was another email in body, and that
email was also a free webmail ( if you read your spam, you may have seen
this pattern : "I am John, the CTO of this foreign company, I want to
invest in your country, please answer me on
<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">john at free_web_mail.example.org</A> ", and that's what is detected right
now ). Again, that's based on their stats.
Total score : 4.924 ( there was a -1 as this was from a trusted ip, and
some 0.001 )
Score to be killed : 4.7
Headshot.
So that explain why people who were affected were those on gmail, yahoo
or laposte.net, and while the one with their own domain ( me, boklm,
etc ), were not affected. That doesn't explain why we didn't think to
look at this however :/
Sorry about that, now we established the problem was on our side.
So, what is plan to prevent this for next time.
First, we will make sure that people who use epoll :
- are not scrubbed for spam ( but I tought I did it )
- do not use a email that will trigger SA checks.
A naive solution would be to lower the score on our server, but this
will not solve the problem that the rest of the network will use a
default spamassassin ( or a version with the same settings ), and so
would likely refuse the spam on their side. So in the end, the result
will likely just make us receive more spam.
--
Michael Scherer
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="003219.html">[Mageia-dev] Yet another list of missing packages
</A></li>
<LI>Next message: <A HREF="003223.html">[Mageia-dev] Contributors using real name/working email? or not? or maybe?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#3222">[ date ]</a>
<a href="thread.html#3222">[ thread ]</a>
<a href="subject.html#3222">[ subject ]</a>
<a href="author.html#3222">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|