The method behind the madness
in [Postfix]
|
From: "Steve" on 18 Jan 2010 19:06 -------- Original-Nachricht -------- > Datum: Mon, 18 Jan 2010 17:17:43 -0500 > Von: "Mark Nernberg (gmail account)" <marknernberg(a)gmail.com> > An: Steve <steeeeeveee(a)gmx.net> > CC: "postfix-users(a)postfix.org" <postfix-users(a)postfix.org> > Betreff: Re: The method behind the madness > > > On Jan 18, 2010, at 17:05, "Steve" <steeeeeveee(a)gmx.net> wrote: > > > > > -------- Original-Nachricht -------- > >> Datum: Mon, 18 Jan 2010 11:30:49 -0800 > >> Von: "Daniel L. Miller" <dmiller(a)amfes.com> > >> An: Postfix users <postfix-users(a)postfix.org> > >> Betreff: Re: The method behind the madness > > > >> Stan Hoeppner wrote: > >>> Daniel L. Miller put forth on 1/18/2010 12:51 PM: > >>> > >>> > >>>> A point - and a good one for initialization of the whitelist. > >>>> However, > >>>> this does not address the need to add new addresses to the list > >>>> automatically. Example - our company changes insurance brokers, > >>>> and > >>>> needs to receive forms from the new broker. Such communications > >>>> should > >>>> not be reliant on the IT department "unlocking" the mail server - > >>>> just > >>>> the act of the office manager's sending an e-mail to the broker > >>>> should > >>>> be sufficient. > >>>> > >>> > >>> Daniel, it seems you're looking for feature perfection in rev. > >>> 0.1.1 of > >> an as > >>> yet created home brew software solution. Do you think you might be > >> setting your > >>> sights a bit high? > >> And what's wrong with setting your sights high? Or wanting to plan > >> things out before diving in? > >>> Is this because you already have a solution that does all > >>> these things perfectly, and you're _expecting_ your new home brew > >> solution to do > >>> the same right from the start? > >>> > >> Yes - ASSP. But I'd like to implement it as a "pure" Postfix > >> solution > >> instead of a proxy server. > >>> If you _need_ a home brew solution _now_, start small and inelegant, > >> getting > >>> most of the functionality you want/need. This can be done with > >>> simple > >> scripts > >>> and cron. After it's working relatively well, _then_ spend time > >> creating the > >>> "elegant" solution. JMHO. > >>> > >> > >> But the main thing is having OP-maintained lists is exactly what I'm > >> trying to avoid and completely misses the point of having an > >> auto-whitelist. > >> > > It's not hard to write a small Perl script doing that automatically. > > I have done that and my current implementation is 132 LOC. It's > > ultra easy and stores the AWL data in MySQL. One does not need to be > > a rocket science to code that in Perl. Just a small Postfix policy > > service that returns every time a DUNNO but uses the data from the > > Postfix policy delegation to feed the AWL. > > > > > > I have achieved this with a slightly hacked TMDA (www.tmda.net). if > you want my modifications, contact me off-list. > Asking Google for help about a solution that does already AWL for Postfix lead me to this page: http://www.terena.org/~visser/awl.php The script there (http://www.terena.org/~visser/whitelist_sasl.pl) could be used as a base for doing a AWL service in a Postfix policy. No need to go on and use TMDA. The Perl script above is sure not perfect (what ever perfect might be) but it's small and easy to extend. It is mentioning SA but at the end you could change it to fill up any database you like and you can tweak the SQL till it fits your needs. I find that much easier then using such a big think as TMDA. -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser
From: marknernberg on 18 Jan 2010 19:06 -- sent from my mobile phone On Jan 18, 2010, at 18:54, wietse(a)porcupine.org (Wietse Venema) wrote: > Stan Hoeppner: > [ Charset ISO-8859-1 unsupported, converting... ] >> Mark Nernberg (gmail account) put forth on 1/18/2010 4:50 PM: >>> >>> >>> On Jan 18, 2010, at 17:48, Stan Hoeppner <stan(a)hardwarefreak.com> >>> wrote: >>> >>>> Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: >>>> >>>>> I have achieved this with a slightly hacked TMDA (www.tmda.net). >>>>> if you >>>>> want my modifications, contact me off-list. >>>> >>>> I'm surprised you actually mentioned a solution whose core >>>> feature is >>>> challenge/response. C/R is one of those "cures" that far is worse >>>> than the disease. >>>> >>>> -- >>>> Stan >>> >>> I got rid of the C/R ... I wanted auto whitelisting & some of the >>> other >>> features. hence my modifications. >> >> From: >> http://tmda.sourceforge.net/cgi-bin/moin.cgi/TmdaFaq#head-0b1aee3c2decf32a26ffcc12b397f9d3cec3fdc0 >> >> How do I setup an "auto-whitelist"? > > I'm sure that it is possible to MODIFY the TMDA source code such > that it will handle auto-whitelisting without challenge-response. > > Conceptually, it's as simple as 1) never sending the challenge and > 2) skipping the "was this challenge confirmed" check. > > After that change, there is a lot of code that can be deleted > because it is no longer used. > > Given the choice between starting from scratch, and starting with > code that already works, the choice should be clear. The only reason > to write Postfix in the first place was that I could not live with > the alternatives. > > Wietse the code did not need to be modified to skip the challenge - that's configurable in the users' and global .config files. I do challenge *some* emails, but anyone I send to is auto-whitelisted without hassle - their replies cone through without challenge. further, I've set the config to add a header such that known senders will skip certain spam checks (but not AV) vis-a-vis having spamassassin look for the added header. my modifications were to make LDAP functionality work right.
From: "Steve" on 18 Jan 2010 19:15 -------- Original-Nachricht -------- > Datum: Mon, 18 Jan 2010 19:06:13 -0500 > Von: "Mark Nernberg (gmail account)" <marknernberg(a)gmail.com> > An: Postfix users <postfix-users(a)postfix.org> > CC: Postfix users <postfix-users(a)postfix.org> > Betreff: Re: The method behind the madness > > > -- > sent from my mobile phone > > > > On Jan 18, 2010, at 18:54, wietse(a)porcupine.org (Wietse Venema) wrote: > > > Stan Hoeppner: > > [ Charset ISO-8859-1 unsupported, converting... ] > >> Mark Nernberg (gmail account) put forth on 1/18/2010 4:50 PM: > >>> > >>> > >>> On Jan 18, 2010, at 17:48, Stan Hoeppner <stan(a)hardwarefreak.com> > >>> wrote: > >>> > >>>> Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: > >>>> > >>>>> I have achieved this with a slightly hacked TMDA (www.tmda.net). > >>>>> if you > >>>>> want my modifications, contact me off-list. > >>>> > >>>> I'm surprised you actually mentioned a solution whose core > >>>> feature is > >>>> challenge/response. C/R is one of those "cures" that far is worse > >>>> than the disease. > >>>> > >>>> -- > >>>> Stan > >>> > >>> I got rid of the C/R ... I wanted auto whitelisting & some of the > >>> other > >>> features. hence my modifications. > >> > >> From: > >> > http://tmda.sourceforge.net/cgi-bin/moin.cgi/TmdaFaq#head-0b1aee3c2decf32a26ffcc12b397f9d3cec3fdc0 > >> > >> How do I setup an "auto-whitelist"? > > > > I'm sure that it is possible to MODIFY the TMDA source code such > > that it will handle auto-whitelisting without challenge-response. > > > > Conceptually, it's as simple as 1) never sending the challenge and > > 2) skipping the "was this challenge confirmed" check. > > > > After that change, there is a lot of code that can be deleted > > because it is no longer used. > > > > Given the choice between starting from scratch, and starting with > > code that already works, the choice should be clear. The only reason > > to write Postfix in the first place was that I could not live with > > the alternatives. > > > > Wietse > > the code did not need to be modified to skip the challenge - that's > configurable in the users' and global .config files. > > I do challenge *some* emails, but anyone I send to is auto-whitelisted > without hassle - their replies cone through without challenge. > further, I've set the config to add a header such that known senders > will skip certain spam checks (but not AV) vis-a-vis having > spamassassin look for the added header. > You don't seem to be very confident in your Anti-Spam solution if you skip certain senders. Does your Anti-Spam solution not have an mechanism to automatically skip checking mails form senders you communicate often? > my modifications were to make LDAP functionality work right. -- GRATIS f�r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
From: LuKreme on 19 Jan 2010 10:48 On 18-Jan-2010, at 17:15, Steve wrote: > You don't seem to be very confident in your Anti-Spam solution if you skip certain senders. Does your Anti-Spam solution not have an mechanism to automatically skip checking mails form senders you communicate often? Oh, I dunno. I have manually whitelisted most of m friends and family out of spam checks. First off, there's no reason to run their messages through the check, so it's a waste of processor time. Second of all, there are sometimes false positives (like when I get sent .ppt files which seem to often trigger SA's thresholds). Yes, the AWL does a lot to eliminate these problems, but it's not perfect. -- ##########################
From: "Steve" on 19 Jan 2010 20:10
-------- Original-Nachricht -------- > Datum: Tue, 19 Jan 2010 08:48:14 -0700 > Von: LuKreme <kremels(a)kreme.com> > An: postfix-users(a)postfix.org > Betreff: Re: The method behind the madness > On 18-Jan-2010, at 17:15, Steve wrote: > > You don't seem to be very confident in your Anti-Spam solution if you > skip certain senders. Does your Anti-Spam solution not have an mechanism to > automatically skip checking mails form senders you communicate often? > > > Oh, I dunno. I have manually whitelisted most of m friends and family out > of spam checks. > I never do that. It's so easy to fake and I like it when the Anti-Spam solution does that automatically for me (based on the internal ruleset of the Anti-Spam solution). > First off, there's no reason to run their messages through the check, so > it's a waste of processor time. > I have another opinion on that. The Anti-Spam solution I use has normally 0.01 seconds (or less but could be more as well) per message when classifying a mail for Ham/Spam. Every processing of a message allows me to increase the accuracy of the solution. If the engine makes errors then I correct them and the engine learns. Whitelisting all friends, family members, etc from the beginning is taking away from me the possibility to get better results in the future. I want my Anti-Spam engine to learn. I want it to work and get better. I want it to learn who is my friend and who not. I want it to whitelist my friends/family members only if they don't send me Spam. If the engine thinks they send me Spam then I want the engine to adapt and learn. If the solution is constantly making errors in that regard then this would not tighten my confidence in the solution and I personally would soon look for another solution. That's how I think about it. Don't get me wrong. I am not saying tha t my viewpoint is the only valid viewpoint and that yours is absolutely wrong and and and. I just tried to bring closer to you how I see that topic and how I handle it. Without judging which approach is the better one. I know that any approach is right and in the same time wrong. There is none universal valid approach. > Second of all, there are sometimes false > positives (like when I get sent .ppt files which seem to often trigger SA's > thresholds). > Would that not be a opportunity to look at SA and try to find a way to improve the PPT handling? > Yes, the AWL does a lot to eliminate these problems, but it's not perfect. > I understand. > -- > ########################## Steve -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser |