-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace Spamhaus Zen Postfix blacklisting with stronger SpamAssassin scoring #1958
base: main
Are you sure you want to change the base?
Replace Spamhaus Zen Postfix blacklisting with stronger SpamAssassin scoring #1958
Conversation
Improves from default the score assigned to Spamhaus Zen blacklisted emails by creating miab_spamhaus_zen_scores.cf file with higher score values.
One effect of this would have been to place github's email (your pull request coment that was forwarded to me) into spam because the message contents contained "s18.pandaoo.ru". Headers on github's email:
|
Good point. I didn't experience this simply because these domains aren't normally in a body. Your comment came into my spam folder with Another way to look at this would be that emails containing blacklisted domains in the body will go to spam, which is the normal type of email that contains these domains. This behavior comes from modifying the |
What I find odd is that Spamassassin thinks the text "s18.pandaoo.ru" is a URI or URL and would even consider it at all:
But, it's just text. Embeded in a You can't even mention the name! Lord Voldemort |
Turns out there is a real problem with this body problem. Currently,
Whatever the problems of I have been concerned that Spamhaus is subject to some political games likely indirectly, but then they make the actual removal process from their list very opaque. And no matter who you are (e.g., dovecot.org), they do not remove you no matter if you never spammed, and they do not tell you why. So with this PR, users of |
Personally not fond of this PR, but I'll chip in anyway. I don't particularly understand why you would want to get rid of the zen blocklisting - I have to give it that the case of DBL is debatable, though. The Zen blocklist tracks IP addresses. If it's on the list, then you probably seriously don't want to receive mail from them (especially if it's on SBL or XBL). And if there's anyone operating a legit mail server with that IP, then maybe they have bigger issues to solve. In fact, the Zen blocklist is supposed to "kick in" before the server actually sends the mail. From the Spamhaus website:
|
The first time I became aware of issues with legitimate servers being blocked by Spamhaus was with the Dovecot mailing list. They had an IPv6 address listed and I emailed the admin to make sure they were aware. He responded that they had already filled out all of the forms and attempted other methods of communication but inexplicably remained on the list. He said their server, domain or IP address had never sent spam. The actual procedure for getting off of their list is "fill out a form" and wait. This means it is impossible for admins stuck on their list to actually know if they have taken the proper steps to be removed from the list, as the server can never send spam but be on the list. These are not people I feel should be in charge of blocking mail to a server. I've been running without them blocking mail to my server for years and I can't tell the difference between a Spamhaus listed spam or other spam unless I look at the headers. |
It seems like their process is to review the removal request within 24 hours.
There are some shady blacklists out there, but I don't think Spamhaus is one of them... |
I think most people have not had this experience, which is why Spamhaus is so broadly trusted. however, observing these problems in real time enlightened me to the fact that Spamhaus should not be the gatekeeper to messages sent to my server. |
For me this seems to be a bad tradeoff. I don't see why legitimate emails should get more likely to be classified as spam just so that some domains can receive mails. /e: I suspect, that the "damage" of this PR is higher than the benefit. But of course that is just a gut feeling and I have no data to back it up. /e2: One thing we can maybe consider: I think it is rather likely that a domain's name, especially from social networks, appears in the mailbody as well and so in your case chances are that the parler mail would be classified as spam as well. |
This PR removes
reject_rhsbl_sender dbl.spamhaus.org
andreject_rbl_client zen.spamhaus.org
frommain.cf
so the emails will be received by the server and adds custom score values tospamassassin
so it always marks Spamhaus Zen blacklisted emails as spam.I realize this is potentially a contentious PR...
In the process of adding DMARC checks for a recent PR, it was communicated that the project prefers receiving email and marking it as spam to rejecting emails. In the example of DMARC, this means receiving email even when the administrators of a domain configure their policies to instruct other admins to reject the email, which is how the server is now configured.
In the case of blacklists, blocking the receipt of blacklisted email is the equivalent of granting strangers the ability to control what can be received by a server, essentially creating an externally managed gateway. This seems arbitrary as there are legitimate real-world complaints about Spamhaus refusing to remove blacklisted servers that do not send spam.
More reasonable seems to be to configure MiaB to receive blacklisted emails but always send them to the spam folder.
I have been running with the Spamhaus Zen blacklist disabled for a long time (two or three years) and I have not observed an appreciable increase in the quantity of spam received by the server. Initially, I ran without using any custom
spamasassin
rules, and in that time a total of one Spamhaus Zen blacklisted spam arrived in an inbox because the blacklisted spam has so many other problems that even without special rules,spamassassin
will do its job of sending the spam to the spam folder.Typical Spamhaus Zen listed email (without custom rules):
One time, the spamscore was below 5.0:
With the score values in this PR, the above score would have been: