[Beowulf] Register article on Opteron - disagree

Donald Becker becker at scyld.com
Mon Nov 22 13:40:00 PST 2004


On Mon, 22 Nov 2004, Robert G. Brown wrote:
> On Mon, 22 Nov 2004, Sean Dilda wrote:
> > On Mon, 2004-11-22 at 13:12, Robert G. Brown wrote:
> > > On Mon, 22 Nov 2004, Joe Landman wrote:
> > > 
> > > Well, I finally did it.  By hand, and with no inclusions beyond
> > > Patrick's original reply, I broke the 43K list limit and my rant is
> > > hence awaiting proctoring.
> > 
> > I think the real question is, why don't your emails normally wait for
> > proctoring?  From what I can tell, all emails to this list have to be
> > approved by hand, except for yours.

Not all list postings are held for approval, but many are.

The only way that a posting is automatically approved is if
   the person is on the white list
   the originating machine, email address and other header bits match
      the subscription
   the mail isn't automatically deleted as a virus or obvious spam
   the content is plain text.  Embedded XML, HTML, and URLs might
      trigger this rule, even on a non-MIME message

This means that even if you have your moderation bit enabled (and many
common list posters do have this enabled), your posting may still be held
or even automatically deleted.

> > Personally, I think if Don wants to limit posts to list member, that's
> > fine.  But he shouldn't choose a few list members to automatically get
> > their posts approved, and others who don't.

Don't have much experience running big lists, eh?  There are spammers
clever enough to subscribe before posting, along with "Astroturf"
posters generating pseudo-grass-roots interest in a product or project.

I have a few old mailing lists (e.g. "3c509") that I keep around mostly
to see what new approaches are being used.  The spammers have the
motivation and money to rapidly change their approach and bypass mail
filters.  Viruses now generate likely "From:" and "Subject:" lines,
often even matching the correct originating site and previous list topics.

> You might try joining the list several times with your most common email
> addresses (but simply turn off delivery to all but one) and see if that
> helps.

Hmmm, interesting approach.  Keep in mind that automatic approval is set 
on an account-by-account basis...

> I mean, Don COULD have a whitelist/blacklist/greylist set up

There are series of "milters" (mail filters), combined with the standard
mailman hold-for-moderation process.  Some of the milters automatically
discard mail, before it's even stored.  Before implementing this, the
server filled up the disk partition if I was gone for the weekend and a
new Microsoft virus hit.

Even if you are subscriber and on the whitelist, there are a bunch of
things that could push the score of your posting to the "moderate
level", or even to the auto-discard level.  Mismatched reverse-DNS or
numeric-IP-only originating machines are pretty bad for your initial score.
Posting from a black-listed IP address range is bad as well.  The
Spam Assassin score adds directly.  Long messages are always held for
moderation, but even very short or modestly long content bumps the score
up.

A single URL doesn't hurt much, but more than one does.  Anything
from .biz, .info or a whole slew of countries hurts as well.  If you are
posting from an ISP that adds advertising, the extra advertising lines
they add are very likely to cause your posting to be moderated, or might
even trigger a discard.

> Obviously he knows you personally and knows that you aren't a stealth
> spammer, so even if he does have moderation plus whitelisting set up,
> its just a matter of accident that you aren't whitelisted.

In cases like this, it would be nice to have a tool where you could ask
"why was this message moderated".  But there are two reasons why that
isn't likely in the near future:
  Spammers would use it to figure out how much they could get away with
     (as they have with Spam Assassin).
  Some discard and filter rules were added in response to a crisis, not
    integrated with a system.
     We had to implement Clam-AV a discard pre-filter, since large virus
     payloads would take Spam Assassin several seconds to process.
     A new round of Microsoft viruses would crush the machine.

We are currently "ahead", so I'm not motivated to change the current
process.  Very few undesirable messages get through, and approved
messages are sent to all reachable subscribers in less than five
minutes.  In the final tally, most people will accept moderation delays
in return for avoiding low content density.

-- 
Donald Becker				becker at scyld.com
Scyld Software	 			Scyld Beowulf cluster systems
914 Bay Ridge Road, Suite 220		www.scyld.com
Annapolis MD 21403			410-990-9993




More information about the Beowulf mailing list