+Marc Dequenes <duck@redhat.com> On Sun, Aug 12, 2018 at 6:26 AM Johan Bernhardsson <johan@kafit.se> wrote:
Several mails today that is pure spam ....
/Johan
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LMCREWRKSQDDJG...
-- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
Quack, On 08/12/18 19:28, Greg Sheremeta wrote:
+Marc Dequenes <mailto:duck@redhat.com>
On Sun, Aug 12, 2018 at 6:26 AM Johan Bernhardsson <johan@kafit.se <mailto:johan@kafit.se>> wrote:
Several mails today that is pure spam ....
I'm looking into it. This does not fare well, so please be patient. First, the antispam system is working well, but the results are sometimes far from perfect. For example: https://lists.ovirt.org/archives/list/users@ovirt.org/thread/HN35B675ZXZEHDJ... results in: Aug 11 08:36:04 mail spamd[6241]: spamd: clean message (2.9/5.0) for spamassassin:995 in 1.2 seconds, 10363 bytes. Aug 11 08:36:04 mail spamd[6241]: spamd: result: . 2 - DEAR_SOMETHING,DKIM_SIGNED,DKIM_VALID,HTML_MESSAGE,HTML_OBFUSCATE_10_20,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_PASS,T_DKIMWL_WL_MED scantime=1.2,size=10363,user=spamassassin,uid=995,required_score=5.0,rhost=localhost,raddr=::1,rport=33084,mid=<CALqC2RY5J9x137VqHirr_yyEXztgMU3mJoqSpwyf_EFeYmHC=Q@mail.gmail.com>,autolearn=no autolearn_force=no This is a pretty low score but because it pretty well redacted compared to common spam, it went through. I'm not sure how to address this problem because lowering the score too much is just gonna create false positives and be even more annoying. I've also seen a few @qq.com mails subscribed and AFAIK only spam comes from this domain and it was already banned (at least \d+@qq.com addresses) but I guess they learned how to subscribe before the ban. This can easily be fixed though. \_o<
On Tue, Aug 14, 2018 at 3:54 AM Marc Dequènes (Duck) <duck@redhat.com> wrote:
Quack,
On 08/12/18 19:28, Greg Sheremeta wrote:
+Marc Dequenes <mailto:duck@redhat.com>
On Sun, Aug 12, 2018 at 6:26 AM Johan Bernhardsson <johan@kafit.se <mailto:johan@kafit.se>> wrote:
Several mails today that is pure spam ....
I'm looking into it. This does not fare well, so please be patient.
First, the antispam system is working well, but the results are sometimes far from perfect. For example:
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/HN35B675ZXZEHDJ... results in: Aug 11 08:36:04 mail spamd[6241]: spamd: clean message (2.9/5.0) for spamassassin:995 in 1.2 seconds, 10363 bytes. Aug 11 08:36:04 mail spamd[6241]: spamd: result: . 2 -
DEAR_SOMETHING,DKIM_SIGNED,DKIM_VALID,HTML_MESSAGE,HTML_OBFUSCATE_10_20,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_PASS,T_DKIMWL_WL_MED
scantime=1.2,size=10363,user=spamassassin,uid=995,required_score=5.0,rhost=localhost,raddr=::1,rport=33084,mid=<CALqC2RY5J9x137VqHirr_yyEXztgMU3mJoqSpwyf_EFeYmHC= Q@mail.gmail.com>,autolearn=no autolearn_force=no
This is a pretty low score but because it pretty well redacted compared to common spam, it went through. I'm not sure how to address this problem because lowering the score too much is just gonna create false positives and be even more annoying.
I've also seen a few @qq.com mails subscribed and AFAIK only spam comes from this domain
That's not correct. qq.com is a widely used Chinese domain and I recall receiving more than one valid question from people using it.
and it was already banned (at least \d+@qq.com addresses) but I guess they learned how to subscribe before the ban. This can easily be fixed though.
\_o<
-- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
Quack, On 08/14/18 23:53, Greg Sheremeta wrote:
That's not correct. qq.com <http://qq.com> is a widely used Chinese domain and I recall receiving more than one valid question from people using it.
I checked and the rule is only for \d+\@qq\.com and was not applied to oVirt but another community. So we have no special rules on oVirt side concerning this domain. Do you have examples of real people using such an address with just a number before "@"? As for the post from Dan, I understand the mail was "stalled on qq.com" which means the problem is not on our side. Anyway, if a legitimate mail is rejected we can investigate; we would need more info to be able to find it in the logs and which rule triggered it though. \_o<
participants (3)
-
Greg Sheremeta -
Johan Bernhardsson -
Marc Dequènes (Duck)