Welcome! Log In Create A New Profile

Advanced

[PHP-DEV] Re: Spam protection: false positives

Posted by Christoph M. Becker 
Christoph M. Becker
[PHP-DEV] Re: Spam protection: false positives
January 06, 2017 06:50PM
On 23.12.2016 at 23:48, Christoph M. Becker wrote:

> On 23.12.2016 at 22:41, Andrea Faulds wrote:
>
>> Andrea Faulds wrote:
>>
>>> Is my website in my signature illegal? SURBL doesn't blacklist it, yet
>>> the news server rejected a previous email containing it and one other
>>> domain.
>>>
>>> If this email gets through, the answer is "no".
>>
>> Is mentioning the wiki in an email body illegal? SURBL doesn't blacklist
>> it, yet the news server rejected a previous email containing it along
>> with my domain.
>>
>> I tried sending a follow-up test email with
>>
>> https colon slash slash wiki dot php dot net slash rfc slash
>> on_demand_name_mangling
>>
>> It did not get through.
>>
>> So, wiki dot php dot net is the issue, I guess.
>
> I'm afraid that all of php dot net is rejected currently. :-(

Apparently, this issue has been solved. Testing: https://wiki.php.net/.

--
Christoph M. Becker


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Ferenc Kovacs
[PHP-DEV] Re: Spam protection: false positives
January 06, 2017 07:40PM
On Fri, Jan 6, 2017 at 6:39 PM, Christoph M. Becker <[email protected]>
wrote:

> On 23.12.2016 at 23:48, Christoph M. Becker wrote:
>
> > On 23.12.2016 at 22:41, Andrea Faulds wrote:
> >
> >> Andrea Faulds wrote:
> >>
> >>> Is my website in my signature illegal? SURBL doesn't blacklist it, yet
> >>> the news server rejected a previous email containing it and one other
> >>> domain.
> >>>
> >>> If this email gets through, the answer is "no".
> >>
> >> Is mentioning the wiki in an email body illegal? SURBL doesn't blacklist
> >> it, yet the news server rejected a previous email containing it along
> >> with my domain.
> >>
> >> I tried sending a follow-up test email with
> >>
> >> https colon slash slash wiki dot php dot net slash rfc slash
> >> on_demand_name_mangling
> >>
> >> It did not get through.
> >>
> >> So, wiki dot php dot net is the issue, I guess.
> >
> > I'm afraid that all of php dot net is rejected currently. :-(
>
> Apparently, this issue has been solved. Testing: https://wiki.php.net/..
>
> --
> Christoph M. Becker
>

I've restarted ecelerity on lists.php.net after I wasn't able to send out
the 5.6.30RC1 announcement emails.
I'm not sure if that was the direct cause of the resolution or just a
coincidence.
I've looked into my emails and they were rejected by ecelerity with
sbl_hits=1, I've looked into our ecelerity config and here is the relevant
part:

Validate validate/omniti_tools url_ripper {
base="sbl-xbl.spamhaus.org"
max_lookups = 100
forward = true
bits [
0.0.0.2 = "sbl_hits"
0.0.0.4 = "xbl_hits"
]
address_headers = "Errors-To:From:Reply-To:Return-Path:Sender"
}


if anyof(
vctx :contains "sbl_hits" "",
vctx :contains "xbl_hits" ""
# vctx :contains "sc_surbl_hits" "",
# vctx :contains "ws_surbl_hits" "",
# vctx :contains "ph_surbl_hits" "",
# vctx :contains "ob_surbl_hits" "",
# vctx :contains "ab_surbl_hits" "",
# vctx :contains "jp_surbl_hits" ""
) {

if vctx_conn :is "p_esmtp" "true" {
ec_tarpit 40 "spam tarpit";
}
ec_action 550 text:
5.7.1 mail rejected by policy. SURBL hit
Spammy URLs in your message
See http://master.php.net/mail/why.php?why=SURBL
..
"spam:Spammy URLs in message";
stop;
}

unfortunatelly the validate/omniti_tools is a shared object which has an
exposed url_ripper function, but there is no available sourcecode or even
documentation what I could find, so I have no idea what does that exactly
do (I'm assuming it uses the sbl-xbl.spamhaus.org dns interface, but I
don't know how exactly it fetches the links from the message), and couldn't
find any of the domains mentioned in my email body on (php.net and
github.com) on the blacklist.

--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
Ferenc Kovacs
[PHP-DEV] Re: Spam protection: false positives
January 06, 2017 08:00PM
On Fri, Jan 6, 2017 at 7:34 PM, Ferenc Kovacs <[email protected]> wrote:

>
>
> On Fri, Jan 6, 2017 at 6:39 PM, Christoph M. Becker <[email protected]>
> wrote:
>
>> On 23.12.2016 at 23:48, Christoph M. Becker wrote:
>>
>> > On 23.12.2016 at 22:41, Andrea Faulds wrote:
>> >
>> >> Andrea Faulds wrote:
>> >>
>> >>> Is my website in my signature illegal? SURBL doesn't blacklist it, yet
>> >>> the news server rejected a previous email containing it and one other
>> >>> domain.
>> >>>
>> >>> If this email gets through, the answer is "no".
>> >>
>> >> Is mentioning the wiki in an email body illegal? SURBL doesn't
>> blacklist
>> >> it, yet the news server rejected a previous email containing it along
>> >> with my domain.
>> >>
>> >> I tried sending a follow-up test email with
>> >>
>> >> https colon slash slash wiki dot php dot net slash rfc slash
>> >> on_demand_name_mangling
>> >>
>> >> It did not get through.
>> >>
>> >> So, wiki dot php dot net is the issue, I guess.
>> >
>> > I'm afraid that all of php dot net is rejected currently. :-(
>>
>> Apparently, this issue has been solved. Testing: <https://wiki.php.net/
>> >.
>>
>> --
>> Christoph M. Becker
>>
>
> I've restarted ecelerity on lists.php.net after I wasn't able to send out
> the 5.6.30RC1 announcement emails.
> I'm not sure if that was the direct cause of the resolution or just a
> coincidence.
> I've looked into my emails and they were rejected by ecelerity with
> sbl_hits=1, I've looked into our ecelerity config and here is the relevant
> part:
>
> Validate validate/omniti_tools url_ripper {
> base="sbl-xbl.spamhaus.org"
> max_lookups = 100
> forward = true
> bits [
> 0.0.0.2 = "sbl_hits"
> 0.0.0.4 = "xbl_hits"
> ]
> address_headers = "Errors-To:From:Reply-To:Return-Path:Sender"
> }
>
>
> if anyof(
> vctx :contains "sbl_hits" "",
> vctx :contains "xbl_hits" ""
> # vctx :contains "sc_surbl_hits" "",
> # vctx :contains "ws_surbl_hits" "",
> # vctx :contains "ph_surbl_hits" "",
> # vctx :contains "ob_surbl_hits" "",
> # vctx :contains "ab_surbl_hits" "",
> # vctx :contains "jp_surbl_hits" ""
> ) {
>
> if vctx_conn :is "p_esmtp" "true" {
> ec_tarpit 40 "spam tarpit";
> }
> ec_action 550 text:
> 5.7.1 mail rejected by policy. SURBL hit
> Spammy URLs in your message
> See http://master.php.net/mail/why.php?why=SURBL
> .
> "spam:Spammy URLs in message";
> stop;
> }
>
> unfortunatelly the validate/omniti_tools is a shared object which has an
> exposed url_ripper function, but there is no available sourcecode or even
> documentation what I could find, so I have no idea what does that exactly
> do (I'm assuming it uses the sbl-xbl.spamhaus.org dns interface, but I
> don't know how exactly it fetches the links from the message), and couldn't
> find any of the domains mentioned in my email body on (php.net and
> github.com) on the blacklist.
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>

and I wanted to mention that we should really-really move away from
ecelerity it is a closed source product, which we have an old unsupported
version on lists.php.net (from the version number it seems it can be even a
custom built one by wez) and nobody else but Wez is familiar with it, who
is rarely around the php project anymore, so would be nice replacing this
one with postfix as we(Sascha mostly) did it for the php.net MX
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
Sorry, only registered users may post in this forum.

Click here to login