Berkeley CSUA MOTD:Entry 39923
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/10 [General] UID:1000 Activity:popular
7/10    

2005/9/29-10/3 [Computer/SW/SpamAssassin] UID:39923 Activity:nil
9/28    So the spam brigade finally found me on here in a way that
        annoys me greatly.  It was okay before, but now it sucks.
        I still use PINE. I am open to any suggestions to please
        let me know...do I need to switch to something beside PINE?
        Spam Assassin?  What?   -maxmcc
        \_ To respond to all the posts in this thread in the laziest means
           possible: Milter plans are in place which will include global
           spamassassin and antivirus scanning.  We just lack time and
           manpower. - jvarga
        \_ You need to switch to something besides pine, but not because of
           spam.
           You can configure SpamAssassin for your account and still use
           a bad mail client.  -tom
           \_ tom, if you aren't going to be helpful, you can at least not
              be a jerk. -jrleek
              \_ Come on guys give tom a break. tom is in fact being helpful.
                 Perhaps his words are overly candid and blunt but are not
                 without merits. The clueless pp obviously needs serious help
                 and as tom correctly pointed out needs to use spamassassin.
                 \_ Wouldn't it make more sense to have something more global
                    where CSUA filters out spam instead of individual users
                    configuring their own spamassassin files? My .razor and
                    .spamassassin directories are getting big.
                    \_ Are you gonna pony up the cash to pay a part time admin
                       to run this sort of thing?  People don't realize that
                       for any decent sized machine, this sort of service is
                       a full time endeavor.
                       \_ Full time to run spamassassin? Isn't this the
                          sort of experience the students who run soda
                          need? I mean, some of us can do it for free,
                          but doesn't that defeat the purpose? Teach a
                          man to fish and all that.
                          \_ Spamassassin is insufficient (perhaps IMO) for
                             what the person above suggests.  Having the CSUA
                             automatically filter spam would 1) be a time sink
                             on admins and 2) suck.  The greylisting suggestion
                             below isn't a bad one, but implementing it across
                             the board (as root of late is wont to do) would,
                             again, suck.
                    \_ Seconded.  It should also auto-forward all spams to
                       spam@uce.gov.
              \_ Tom may be able to be helpful but he can't not be a jerk.
        \_ You can configure SpamAssassin to work with pine.  I'll be
           happy to send you my configuration if you email me. -jrleek
        \_ I got same issue.  Someone please give me a pointer on how to
           configure procmail... I want to send everything with Windows-1251
           encoding to spam...
           \_ Does CSUA use greylisting?  Might be an idea, worked wonders
              for me.  -John
              \_ care to elaborate on that a bit please?
                 \_ http://en.wikipedia.org/wiki/Greylisting
                    Advantage: stops almost all spam today.  Disadvantage:
                    sometimes delays legitimate mail, between a few minutes
                    and an hour or more.  Spammers can mostly circumvent it
                    if they try.
                    \_ Greylisting returns a 450 for every mail received and
                       enforces a delay of some small timeframe.  Generally
                       enforces a delay of a number of minutes.  Generally
                       even a short delay (1-5min) works to kill the fantastic
                       quantities of spam originating from forged addresses or
                       spam zombies.  As pp said, it delays _all_ mail as well
                       as blocking mail from misconfigured MTAs that don't
                       understand 450s.  Also what helped us was really severe
                       rate limiting of mail from all APNIC netblocks (no more
                       than x mails from a given IP to a given address within y
                       timeframe) and "cooling down" periods for IPs generating
                       too many 550s within, say, a minute.  Pp is correct
                       that greylisting does not stop determined spammers, but
                       generally it's too much effort for most of them.  -John
                       currently it's too much effort for most of them.  -John
                       \_ thanks, john.         -kngharv
                       \_ Poll: Should CSUA adopt greylisting?
                          Yes: ..
                          No : ..
                          \_ Greylisting can be rather heavy on memory usage.
                             Last I checked, soda doesn't exactly have a lot
                             of it.
                             \_ Maybe this should wait until the new soda
                                is put in place?
                             \_ How much does it have? How much does it
                                need? What will it cost?
                       \_ For me, pre-greylist = ~30 spam per day.  post-
                          grey-list = ~4 spam per day.
                    \_ Greylisting (or maybe just sendmail) pisses me off.
                       When you send a multi-recipient e-mail and one recip is
                       greylisting, all recips after that person block until
                       it goes through.  This could just be sendmail's sucky
                       sending semantics.   --dbushong
                       \_ How would sendmail's smtp greeting delay compare
                          for suck/gain tradeoff? --jon
2025/07/10 [General] UID:1000 Activity:popular
7/10    

You may also be interested in these entries...
2012/8/16-10/17 [Computer/SW/SpamAssassin] UID:54458 Activity:nil
8/16    Why does my Y! mail account always full of unfiltered spam
        mails (and they're obviously spams)? Why can't they do
        a better job like Google mail? Why does Y! mail charge
        for exporting email? Google mail doesn't do that.
	...
2010/8/13-9/7 [Computer/SW/SpamAssassin] UID:53924 Activity:nil
8/12    Ugg, no spamd any longer?  I figured I'd have to just give up on my
        soda address (sad, very sad) but Vacation doesn't seem to be installed
        either, so I can't even leave a mesg. to people telling them where
        tom mail me now.  Or can I ?  Any advice out there.  Or can we get
        spamassassin/spamd reinstalled or Vacation or... help....
        \_ Ha, gmail as spamassassin.  presently I am forwarding to gmail
	...
2009/12/8-26 [Politics/Domestic/Crime, Computer/SW/SpamAssassin] UID:53580 Activity:low
12/8    Old news, but new to me:
        Spam King kills himself and his family after escaping prison
        http://blogs.zdnet.com/security/?p=1553&tag=rbxccnbzd1
        Hopefully more spammers will take the hint.
        \_ I wish the same fate can go to all marketing and
           advertising folks, selling people things they don't
	...
2009/7/17-24 [Computer/SW/SpamAssassin] UID:53157 Activity:nil
7/17    Thanks to steven, et al. for restoring Soda. In lieu of www.csua providing
        status, could there be a text file with current status and future plans.
        I'm wondering if SpamAssassin is obsolete (and my procmailrc and scripts)
        and won't be restored, and what's filtering spam now.  thanks!
        \_ How do I buy steven a beer or donate gobs of money?
           \_ I got him a Hacker-Pschorr, he seems to like ales.  Prob IPAs
	...
2009/5/5-6 [Computer/SW/SpamAssassin, Computer/SW/Unix] UID:52948 Activity:moderate
5/4     Is mail still down? I don't seem to be getting any and vermouth
        is unavailable. I saw a note saying it was down Sunday, but it's
        almost Tuesday now.
        \_ exim4 decided it wanted to just die. With the same config file and
        everything. Steven spent all weekend and a lot of yesterday migrating
        to a VM. A side effect is that NFS is now no longer on Keg, so crashy
	...
Cache (1951 bytes)
en.wikipedia.org/wiki/Greylisting
mail transfer agent which uses greyli sting will "temporarily reject" any email from a sender it does not reco gnize. If the mail is legitimate, the originating server will try again to send it later, at which time the destination will accept it. If the m ail is from a spammer, it will probably not be retried. Greylisting requires little configuration and modest resources. It is des igned as a complement to existing defenses against spam, and not as a re placement. This is checked against the mail server's internal whitelist. If any of t his information has never been seen before, the email is greylisted for a set period of time (how much time is dependent on the server configura tion), and it is refused with a temporary rejection. RFC specifications f or e-mail delivery, a legitimate server will attempt to connect again la ter on to deliver the e-mail. Greylisting is effective because many mass e-mail tools utilized by spamm ers are not set up to handle temporary bounces (or any bounces, for that matter; they will never bother to retry a failed delivery), so the spam is never delivered. edit Advantages The main advantage from the user's point of view is that greylisting requ ires no additional configuration from his end. If the server utilizing g reylisting is configured appropriately, the end user will only notice a delay on the first message from a given sender. From a mail administrator's point of view, only minimal configuration is usually required on the mail server for greylisting to work. edit Disadvantages There is the possibility that poorly-configured e-mail systems will trans late the temporary reject as a permanent bounce and not deliver the mail , which would lead to legitimate mail being bounced. arms race between legitimate e-mail administrators and those who send bulk e-mail, the likelihood is that sp am tools which are thwarted by greylisting will be fixed to circumvent t his safeguard in the future.