Hi,
I think I've already posted about this, but I think there really needs to be done something.
About 75% or even more of the spam I'm getting arrives at my opensuse.org email, and on closer inspection has been directly delivered to the secondary MX for opensuse.org.
I take that spam, and feed it through spamcop.net which results in a complaint being sent to postmaster@suse.de, and I am getting the feeling that no one reads mails to that address, because in I don't know how many years I have gotten not a SINGLE reaction.
From the behaviour of "the system I can draw two conclusions:
1. that MX has no spam filter capabilities what so ever, not even something as simple as dns based block lists 2. no one gives a shit.
I have already posted on that suse internal tracker thing that was suggested to me last time I said anything - and also no real reaction other than someone answering in a truly noncommital way, see https://progress.opensuse.org/issues/55838
so ... can I have some numbers about the mail volume on the opensuse.org domains? do we have to deal with the mail servers for opensuse.org ourselves?
I mean, there is so much that *can* be done, spamassassin *with* DNS blacklists, postgrey, you name it.
Cheers MH
On 09/11/2019 13.49, Mathias Homann wrote:
Hi,
I think I've already posted about this, but I think there really needs to be done something.
About 75% or even more of the spam I'm getting arrives at my opensuse.org email, and on closer inspection has been directly delivered to the secondary MX for opensuse.org.
I take that spam, and feed it through spamcop.net which results in a complaint being sent to postmaster@suse.de, and I am getting the feeling that no one reads mails to that address, because in I don't know how many years I have gotten not a SINGLE reaction.
From the behaviour of "the system I can draw two conclusions:
- that MX has no spam filter capabilities what so ever, not even
something as simple as dns based block lists 2. no one gives a shit.
The opensuse.org mail address is a redirector only, so it has no capability to put spam on another folder. Thus it relies on the antispam services at your own ISP, at the destination real address you define.
Me, I would not like the redirector to block spam: it is up to me to decide what is spam. What if it bounces something that I want? As it is not an actual mail service, there is no way in which I can tune the filters for /my/ account.
Me, I would not like the redirector to block spam: it is up to me to decide what is spam. What if it bounces something that I want? As it is not an actual mail service, there is no way in which I can tune the filters for /my/ account.
I'm pretty sure that you would not want anything that came from a SMTP client that is on a blacklisted IP address, or not properlky re-sending its mail when the SMTP server tells it to "come back in five minutes".
Greylisting and dns based block lists should at least be an option.
cheers
MH
Mathias Homann wrote:
I think I've already posted about this, but I think there really needs to be done something.
About 75% or even more of the spam I'm getting arrives at my opensuse.org email, and on closer inspection has been directly delivered to the secondary MX for opensuse.org.
I take that spam, and feed it through spamcop.net which results in a complaint being sent to postmaster@suse.de, and I am getting the feeling that no one reads mails to that address, because in I don't know how many years I have gotten not a SINGLE reaction.
From the behaviour of "the system I can draw two conclusions:
- that MX has no spam filter capabilities what so ever, not even
something as simple as dns based block lists 2. no one gives a shit.
I have already posted on that suse internal tracker thing that was suggested to me last time I said anything - and also no real reaction other than someone answering in a truly noncommital way, see https://progress.opensuse.org/issues/55838
That was my reply, yes.
"And since the junk has already passed through a (poorly configured?) spamassassin, my local spamassassin thinks all is legit o.0"
This is really a problem in your setup, I suggest. Your spamassassin should _not_ trust any previously added X-SpamAssassion headers. It would make it dead-easy for spammers to circumvent the filtering.
I mean, there is so much that *can* be done, spamassassin *with* DNS blacklists, postgrey, you name it.
I would invite you to join the openSUSE Heroes and have a go, but the mail servers are run by SUSE-IT.
Am Samstag, 9. November 2019, 18:00:04 CET schrieb Per Jessen:
This is really a problem in your setup, I suggest.
my spamassassin does not ahve any any problems with emails coming through any other mail server. It's only mails that come through the suse-run MX for opensuse.org that manage to slip through.
Your spamassassin should _not_ trust any previously added X-SpamAssassion headers. It would make it dead-easy for spammers to circumvent the filtering.
It doesn't. Every SpamAssassin **removes** all previously inserted spam scoring information when analyzing an email.
I mean, there is so much that *can* be done, spamassassin *with* DNS blacklists, postgrey, you name it.
I would invite you to join the openSUSE Heroes and have a go, but the mail servers are run by SUSE-IT.
so how do I talk to **them** about this?
Cheers MH
*Mathias Homann* Mathias.Homann@openSUSE:.org[1] irc: [Lemmy] @ freenode, ircnet obs: lemmy04 keybase: https://keybase.io/lemmy%5B2] *gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102*
-------- [1] mailto:Mathias.Homann@eregion.de [2] https://keybase.io/lemmy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/11/2019 20.43, Mathias Homann wrote:
Am Samstag, 9. November 2019, 18:00:04 CET schrieb Per Jessen:
This is really a problem in your setup, I suggest.
my spamassassin does not ahve any any problems with emails coming through any other mail server. It's only mails that come through the suse-run MX for opensuse.org that manage to slip through.
Then there is something not right in your setup. All the mail sent to my o.o alias is filtered correctly both by my provider and by my setup.
There was an attempt to move the o.o mail aliases to a real server, but it stalled.
- -- Cheers / Saludos,
Carlos E. R. (from 15.1 x86_64 at Telcontar)
Mathias Homann wrote:
Am Samstag, 9. November 2019, 18:00:04 CET schrieb Per Jessen:
This is really a problem in your setup, I suggest.
my spamassassin does not ahve any any problems with emails coming through any other mail server. It's only mails that come through the suse-run MX for opensuse.org that manage to slip through.
Your spamassassin should _not_ trust any previously added X-SpamAssassion headers. It would make it dead-easy for spammers to circumvent the filtering.
It doesn't. Every SpamAssassin **removes** all previously inserted spam scoring information when analyzing an email.
I know. You clearly know too, which is why I don't undestand your comment:
"And since the junk has already passed through a (poorly configured?) spamassassin, my local spamassassin thinks all is legit o.0"
Am November 9, 2019 5:00:04 PM UTC schrieb Per Jessen per@computer.org:
I would invite you to join the openSUSE Heroes and have a go, but the mail servers are run by SUSE-IT.
But why? There is no need for this, if (someone from) the Heroes takes over.
Same for the public DNS, btw.
Just my 2 cent. Lars
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sunday, 2019-11-10 at 02:49 -0000, Lars Vogdt wrote:
Am November 9, 2019 5:00:04 PM UTC schrieb Per Jessen per@computer.org:
I would invite you to join the openSUSE Heroes and have a go, but the mail servers are run by SUSE-IT.
But why? There is no need for this, if (someone from) the Heroes takes over.
Same for the public DNS, btw.
I understand there is no infraestructure for it.
On the other hand, some months ago there was a proposal to separate the oo.mail to somewhere else, and not enough people wanted it, so nothing was done.
- -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar)
Am 2019-11-10 13:48, schrieb Carlos E. R.:
mail servers are run by SUSE-IT.
But why? There is no need for this, if (someone from) the Heroes takes over.
Same for the public DNS, btw.
I understand there is no infraestructure for it.
I was long enough in the team to know that there IS infrastructure for it. * VMs should not be a problem: could be created, if needed * official IPs are available (even in two different countries) * software (postfix/exim, bind, dnsmasq, powerdns, ...) is available on our distribution
It just needs someone who takes over and implements what is needed.
On the other hand, some months ago there was a proposal to separate the oo.mail to somewhere else, and not enough people wanted it, so nothing was done.
Well: this proposal wanted to give the users data out to another company. If the heroes set up an independent Email (and DNS) system, all data is still where it belongs to (means: Heroes/openSUSE administrate the Email alias table, logs and DNS entries).
Regards, Lars
Lars Vogdt wrote:
Am November 9, 2019 5:00:04 PM UTC schrieb Per Jessen per@computer.org:
I would invite you to join the openSUSE Heroes and have a go, but the mail servers are run by SUSE-IT.
But why? There is no need for this, if (someone from) the Heroes takes over.
Same for the public DNS, btw.
Completely agree, Lars. Just another entry on the todo list. A less than critical one, imho.
Am November 10, 2019 5:39:57 PM UTC schrieb Per Jessen per@computer.org:
Completely agree, Lars.
Thanks! Your agreement is indeed very important for me!
Just another entry on the todo list. A less than critical one, imho.
Depends :-)
With own DNS and MX, openSUSE would (again) become more independent.
I'm still sad that I left the heroes before these two steps were finished. To my excuse, I thought that running own DNS an MX is not so uncommon these days. But migrating existing machines may still be tricky. This is what I see now. Thus: if the heroes agree, I offer my help here.
Regards, Lars
Hello,
Am Dienstag, 12. November 2019, 07:41:12 CET schrieb Lars Vogdt:
Am November 10, 2019 5:39:57 PM UTC schrieb Per Jessen:
Completely agree, Lars.
Thanks! Your agreement is indeed very important for me!
Than you might be happy to hear that I also agree ;-)
Just another entry on the todo list. A less than critical one, imho.
Depends :-)
With own DNS and MX, openSUSE would (again) become more independent.
Agreed, and besides being more independent, it would make a few things "a bit" easier, especially when it comes to debugging a problem.
I'm still sad that I left the heroes before these two steps were finished. To my excuse, I thought that running own DNS an MX is not so uncommon these days. But migrating existing machines may still be tricky. This is what I see now.
I don't think that the difficulty level is the problem, even if some details might be more interesting[tm].
It's just the usual problem that everybody is busy with other things that look more important ;-)
Thus: if the heroes agree, I offer my help here.
Do you really think that someone says no?Quite the opposite - when can you start with this? ;-)
Of course I can't speak for the whole team, but I'd be _very_ surprised if someone would refuse your help.
Regards,
Christian Boltz
Am November 12, 2019 8:02:35 PM UTC schrieb Christian Boltz opensuse@cboltz.de:
Do you really think that someone says no?Quite the opposite - when can you start with this? ;-)
Of course I can't speak for the whole team, but I'd be _very_ surprised if someone would refuse your help.
Thanks!
Can I hope to see you both at the Heroes Meeting in Nuremberg this weekend?
Regards, Lars
PS: did you know that some Christmas Markets start already this weekend...? :-)
Hello,
Am Dienstag, 12. November 2019, 22:57:25 CET schrieb Lars Vogdt:
Can I hope to see you both at the Heroes Meeting in Nuremberg this weekend?
Yes, of course!
PS: did you know that some Christmas Markets start already this weekend...? :-)
Who needs a Christmas Market if there is a Kater Murr? ;-)
Regards,
Christian Boltz
Christian Boltz wrote:
Hello,
Am Dienstag, 12. November 2019, 22:57:25 CET schrieb Lars Vogdt:
Can I hope to see you both at the Heroes Meeting in Nuremberg this weekend?
Yes, of course!
Yep, I'll be there.
Hi all,
Being a recent attendee to this “forum", makes it hard for me to follow all that is available to understand and follow.
Additionally, I am often reluctant to jump in with my penny worth.
My original step into your world was because I tried several times to get into openSUSE, but failed on each occasion.
My hardware comprises a MacBook air and my still serviceable, 32 bit Inspiron 6400 Dell, and yet they all still remain empty of the world of openSUSE. Even a secure email platform would be something. Do I walk away from this, or is there a door in?
Regards to all,
Cy
On 9 Nov 2019, at 17:00, Per Jessen per@computer.org wrote:
Mathias Homann wrote:
I think I've already posted about this, but I think there really needs to be done something.
About 75% or even more of the spam I'm getting arrives at my opensuse.org email, and on closer inspection has been directly delivered to the secondary MX for opensuse.org.
I take that spam, and feed it through spamcop.net which results in a complaint being sent to postmaster@suse.de, and I am getting the feeling that no one reads mails to that address, because in I don't know how many years I have gotten not a SINGLE reaction.
From the behaviour of "the system I can draw two conclusions:
- that MX has no spam filter capabilities what so ever, not even
something as simple as dns based block lists 2. no one gives a shit.
I have already posted on that suse internal tracker thing that was suggested to me last time I said anything - and also no real reaction other than someone answering in a truly noncommital way, see https://progress.opensuse.org/issues/55838
That was my reply, yes.
"And since the junk has already passed through a (poorly configured?) spamassassin, my local spamassassin thinks all is legit o.0"
This is really a problem in your setup, I suggest. Your spamassassin should _not_ trust any previously added X-SpamAssassion headers. It would make it dead-easy for spammers to circumvent the filtering.
I mean, there is so much that *can* be done, spamassassin *with* DNS blacklists, postgrey, you name it.
I would invite you to join the openSUSE Heroes and have a go, but the mail servers are run by SUSE-IT.
-- Per Jessen, Zürich (5.9°C) Member, openSUSE Heroes.
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sunday, 2019-11-10 at 10:33 -0000, Cy O'Hara wrote:
Hi all,
Being a recent attendee to this “forum", makes it hard for me to follow all that is available to understand and follow.
Additionally, I am often reluctant to jump in with my penny worth.
My original step into your world was because I tried several times to get into openSUSE, but failed on each occasion.
My hardware comprises a MacBook air and my still serviceable, 32 bit Inspiron 6400 Dell, and yet they all still remain empty of the world of openSUSE. Even a secure email platform would be something. Do I walk away from this, or is there a door in?
The way Leap is done, it is impossible to support 32 bits.
Leap does not derive from Factory, it derives from the commercial distro, SLES. And the commercial distro decided not not produce a 32 bit kernel, so we are stuck without it.
However, Factory does have a 32 bit. And yes, SLES derives from factory.
But this is not what this thread is about, may be offtopic.
- -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar)
Cy O'Hara wrote:
Hi all,
Being a recent attendee to this “forum", makes it hard for me to follow all that is available to understand and follow.
Additionally, I am often reluctant to jump in with my penny worth.
My original step into your world was because I tried several times to get into openSUSE, but failed on each occasion.
My hardware comprises a MacBook air and my still serviceable, 32 bit Inspiron 6400 Dell, and yet they all still remain empty of the world of openSUSE. Even a secure email platform would be something. Do I walk away from this, or is there a door in?
Hi Cy
just some comments -
- don't be reluctant to jump in, there's no need, we don't bite (even if we do occasionally bark).
- top-posting is frowned upon, we prefer bottom posting with comments in-line.
- replying to a thread and changing the topic is called "thread hijacking" and it's just poor netiquette.
- this is the opensuse-project list, one of many mailing lists we operate. Picking the right one can be a little daunting - your question is much better put on e.g. opensuse, opensuse-support or in the opensuse forums. On this list we try to deal with the openSUSE project governance etc.
No barking intended :-)
Am Samstag, 9. November 2019, 13:49:35 CET schrieb Mathias Homann:
About 75% or even more of the spam I'm getting arrives at my opensuse.org email, and on closer inspection has been directly delivered to the secondary MX for opensuse.org.
on closer inspection, the spam complaint emails from spamcop are being sent to hostmaster@suse.de
Does anyone read that email address?
Cheers MH
*Mathias Homann* Mathias.Homann@openSUSE:.org[1] irc: [Lemmy] @ freenode, ircnet obs: lemmy04 keybase: https://keybase.io/lemmy%5B2] *gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102*
-------- [1] mailto:Mathias.Homann@eregion.de [2] https://keybase.io/lemmy
Am Donnerstag, 14. November 2019, 22:45:48 CET schrieb Mathias Homann:
Am Samstag, 9. November 2019, 13:49:35 CET schrieb Mathias Homann:
About 75% or even more of the spam I'm getting arrives at my opensuse.org email, and on closer inspection has been directly delivered to the secondary MX for opensuse.org.
on closer inspection, the spam complaint emails from spamcop are being sent to hostmaster@suse.de
Does anyone read that email address?
obviously not - spamcop by now is dev/null'ing mails that should be sent there.
I believe that is contrary to RFC-2142 which lists among others hostmaster@domain.tld as a requirement that any domain should have.
not too impressive, even more so when seeing that the SOA record for suse de is still pointing at hostmaster@microfocus.com...
Cheers MH
On Sat 2019-11-16, Mathias Homann wrote:
not too impressive, even more so when seeing that the SOA record for suse de is still pointing at hostmaster@microfocus.com...
As part of the carve out of SUSE from Micro Focus SUSE gradually is building up our own IT infrastructure and services.
That takes a bit, and while overall SUSE is now operating as an independent company, there are some services on the IT side that Micro Focus still provides during a transition period. Colleagues are working on reducing/removing that with high priority.
Just a bit of an explanation.
Gerald
Am Donnerstag, 21. November 2019, 20:55:50 CET schrieb Gerald Pfeifer:
On Sat 2019-11-16, Mathias Homann wrote:
not too impressive, even more so when seeing that the SOA record for suse de is still pointing at hostmaster@microfocus.com...
As part of the carve out of SUSE from Micro Focus SUSE gradually is building up our own IT infrastructure and services.
That takes a bit, and while overall SUSE is now operating as an independent company, there are some services on the IT side that Micro Focus still provides during a transition period. Colleagues are working on reducing/removing that with high priority.
they don't actually provide - hostmaster@suse.de and postmaster@suse.de both do not work right now, hostmaster@suse.de bounces after being aliased onto a nonexisting @suse.de address, and postmaster@suse.de isn't read by anyone.
*not* a good thing.
Seriously, updating the relevant whois and dns entries should have been one of the first things.
Cheers MH
Mathias Homann wrote:
Am Donnerstag, 21. November 2019, 20:55:50 CET schrieb Gerald Pfeifer:
On Sat 2019-11-16, Mathias Homann wrote:
not too impressive, even more so when seeing that the SOA record for suse de is still pointing at hostmaster@microfocus.com...
As part of the carve out of SUSE from Micro Focus SUSE gradually is building up our own IT infrastructure and services.
That takes a bit, and while overall SUSE is now operating as an independent company, there are some services on the IT side that Micro Focus still provides during a transition period. Colleagues are working on reducing/removing that with high priority.
they don't actually provide - hostmaster@suse.de and postmaster@suse.de both do not work right now, hostmaster@suse.de bounces after being aliased onto a nonexisting @suse.de address, and postmaster@suse.de isn't read by anyone.
*not* a good thing.
Feel free to open tickets if you want. I'm not sure if hostmaster@suse is really required when the DNS is provided by Microfocus. Unless you have seen hostmaster@suse in an SOA record somewhere?
postmaster - yeah, that ought to go to someone.
Seriously, updating the relevant whois and dns entries should have been one of the first things.
Seriously - update to what? Nothing has changed in that respect.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Friday, 2019-11-22 at 09:23 +0100, Per Jessen wrote:
Mathias Homann wrote:
Seriously, updating the relevant whois and dns entries should have been one of the first things.
Seriously - update to what? Nothing has changed in that respect.
Whois has been updated today :-)
But the abuse address is not suse nor opensuse :-?
- -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar)
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Friday, 2019-11-22 at 09:23 +0100, Per Jessen wrote:
Mathias Homann wrote:
Seriously, updating the relevant whois and dns entries should have been one of the first things.
Seriously - update to what? Nothing has changed in that respect.
Whois has been updated today :-)
Which domain? I don't see that any of them (suse.de, suse.com) have changed.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 22/11/2019 20.21, Per Jessen wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Friday, 2019-11-22 at 09:23 +0100, Per Jessen wrote:
Mathias Homann wrote:
Seriously, updating the relevant whois and dns entries should have been one of the first things.
Seriously - update to what? Nothing has changed in that respect.
Whois has been updated today :-)
Which domain? I don't see that any of them (suse.de, suse.com) have changed.
opensuse
Hum. I made an error, I looked at .com
cer@Telcontar:~> whois opensuse.com
Registrar URL: http://www.markmonitor.com
Last update of whois database: 2019-11-22T10:55:15Z <<<
cer@Telcontar:~> whois opensuse.org
Registrar URL: http://www.markmonitor.com
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Last update of WHOIS database: 2019-11-22T20:12:27Z <<<
But yes, also modified today. Also suse.com:
cer@Telcontar:~> whois suse.com
Last update of whois database: 2019-11-22T20:16:06Z <<<
- -- Cheers / Saludos,
Carlos E. R. (from 15.1 x86_64 at Telcontar)
On Fri 2019-11-22, Carlos E. R. wrote:
Last update of whois database: 2019-11-22T10:55:15Z <<<
Please read carefully: That *database* as such has been updated today. You will see the same for other .com domains (such as my own). That does not mean the domain has been updated.
In any case: Let's focus on openSUSE and progressing openSUSE on this list and improve the signal to noise ratio.
Thank you, Gerald
-
Carlos E. R. -
Carlos E.R. -
Christian Boltz -
Cy O'Hara -
Gerald Pfeifer -
Lars Vogdt -
Mathias Homann -
Per Jessen