At 08:16 AM 2002-05-20 -0600, Greg Woods wrote:
> > 2) is arguably a violation of 2822 [which to my reading *requires* that
> > sites accept email addressed to 'postmaster'].
>Yes, and of course the spammers know this, and so my postmaster account
>gets *tons* of spam. I am probably going to be forced to filter it just
>because of the sheer volume. I can't find the legitimate messages inside
>of the 300 or so spams my postmaster account receives daily.
As far as mailing lists go, the same problem exists. The bounces have to
get through to the -owner addresses. But you do not want to read the spam.
I use postfix, which allows me to set up different anti-spam rules for
different userids. Thus it is simple to set up a "restrictive" and a
"permissive" set of spam protections and use different rules for each (in
actual fact, I run 10 different levels for different classes of IDs and
sometimes for individual ids). As an example, my -owner addresses for my
lists use restrictive permissions, but since majordomo2 uses address
extensions for bounce detection, I use permissive anti-spam for the
*-owner\+\S+\@ (those of you who read regexp get the idea) so that I get
the bounces from even poorly setup sites. The -request address and the
list address (which are robots that can read spam without a problem) get
permissive checks, but addresses or even versions of same that are read by
humans get restrictive checks. I have personal addresses which get even
different checks, and so forth.
I have probably wimped, but someone who would normally get rejected by my
site can subscribe - by using the web site to subscribe. They can post,
since the posting addresses will let someone post, who has confirmed, in
almost all cases, even if they can't normally send mail to my system.
But, again, I am in the same dilemma. I have set up the postmaster and
abuse addresses to accept mail even from misconfigured sites -- they get
the least restrictive checks, the only thing that ever filters them is
occasional wild site filters --- I've had a couple of sites go nuts and
loop bouncing mail - they get dropped into a short term special filter so
that I can restrict them at the RFC821 interface, but they also get a
specific reason --- this happens *very* rarely.
I then filter the mail (even from postmaster) through maildrop to try and
reduce the spam I actually read in detail. For the postmaster addresses in
particular, I have found that checking the received line for reverse
translation mismatches and helo mismatches and also checking the rfc822
headers for mail sent openly to postmaster as opposed to bcc'd is really
good at sorting the spam sent to postmaster from the real e-mail sent to
These checks are surprisingly accurate. I'll admit that without the
country block for Korea and the rbl checks and the DNS checks, a ton of
spam gets through to the postmaster addresses. A custom perl script
displays just enough of the mail to allow me to make the spam-nospam
decision very quickly, and spam ends up at the appropriate site (bounced
and reported) whereas nonspam (what little does get falsely dropped into
this bucket) can be quickly pushed back into the mail mainstream, with a
tag such that it won't get refiltered.
A long time ago, it became clear to me that mail had to be dealt with by
the 90-10 rule. 90% of the mail had to be dealt with a keystroke (or less)
while 10% was worthy of a gui.
Without maildrop (or procmail) to presort the mail, this whole task would
be a lot harder.
Why is this appropriate to list-managers? It is especially important that
any system running a MLM have a contractible postmaster and abuse - and
there has to be a way to read it and find the real complaints while
skipping the fluff.
War is an ugly thing, but it is not the ugliest of things. The decayed and
degraded state of moral and patriotic feeling which thinks that nothing is
worth war is much worse. A man who has nothing for which he is willing to
fight, nothing he cares about more than his own personal safety, is a
miserable creature who has no chance of being free, unless made so by the
exertions of better men than himself. -- John Stuart Mill
Nick Simicich - firstname.lastname@example.org