Re: RCVD_IN_DNSWL_LOW

On Wed, 17 Oct 2007, Matthias Leisi wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Dan Mahoney, System Admin schrieb:
>
>> Livejournal's purely a mail forwarding service (i.e. there's no way to
>> POP/IMAP that account)
>
> As far as I know, there are mails originating from LJ itself (eg
> notifications etc)?

No, Livejournal also gives you a yourusername@livejournal.com email address. Yes, they do also originate mail (for which we have things like SPF (which they do), DomainKeys, DKIM (which they don't, and in fact they may have an error for) -- as well as some of the more esoteric things like HashCash, GnuPG-signing, etc etc.)

>> and if they can't effect proper controls on how
>> mail is sent through them, then they shouldn't be trusted at all.

>> On my end, I have degrees of control (false MXes, Blacklists,
>> whitelists, greylists, sender callbacks, etc). I have no such control
>> over the LJ MX'es.
>
> Correct. But by setting (in your local.cf or equivalent)
>
> | trusted_networks 204.9.177.18
>
> you are telling SpamAssassin that this relay is not operated by a
> spammer and that it should apply all black-/whitelist rules etc. to the
> IP address one more hop away. Then, in the context of SpamAssassin, you
> regain full control of connection-oriented rules.

interesting point, I suppose. Kinda breaks the logic of "trusted networks". On the same note, would it not be more useful to, instead of using the static trusted_networks configuration, to use the DNSWL to determine if that logic should be in play? Or some kind of database of known forwarding services that work in such a manner?

> That's not fully equivalent to having the actual "spamming connection"
> to deal with, but as close as it gets -- if you need it "closer", you
> should not use forwarding services.
>
> Forwarding services are edge case in spamfiltering. Usually, such a
> service is itself perfectly trustworthy and not the actual source of
> spam, and care must be taken not to unduly penalize these services for
> forwarded spam.

The problem therein lies in the fact that LJ notifications (comment notifications, friendslist notifications, account verification emails, etc) are passed through the exact same MXes as the username@livejournal.com forwarding service.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

>> I've proposed a reporting plugin on the sa-users list, that allows (both
>> for yourself, as well as other whitelists) for the list-owner to be
>> notified with details of high-spam activity (at which point, I guess,
>> you guys could pass that on to your whitelisted groups, and/or adjust
>> categories accordingly.
>
> As I've answered before: That's already on the todo list. However, the
> main problem is not the plugin per se (technically, that is rather
> simple), but identifying trustworthy submitters.

I suppose that depends on what we submit. If it's something verifiable (like, messageID:originating ip:spam level, it's easy). Just as with spamcop, one can choose to omit the message-id so that the spammers cannot track who is the spamtrap and listwash, but such reports could be given a lower precedence.

--

"You're a nomad billygoat!"

-Juston, July 18th, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  
http://www.gushi.org
---------------------------