[Mageia-dev] The solution of the epoll voting issue

Michael Scherer misc at zarb.org
Fri Mar 11 04:57:01 CET 2011 

Hi,

when we voted for packagers representatives, several people had issues
with epoll and with mail being sent. It turn out that I found the
problem by chance tonight and it was a conjunction of several problems :

- our setup was ( and is still ) sub-optimally configured. We do check
spam when receiving mail, and also when sending mail. While this could
help the system by giving him normal mail ( ie ham ), this waste some
ressources. 

- we have a quite strict antispam, ie the latest version of
spamassassin, and we disabled nothing. There is a impressive range of
plugins nowadays.

For people that do not know the principle, spamassassin take the mail to
look, check it against a huge corpus of rules and plugins, and assign a
score for each. If the score cross a threshold, it is discarded ( or
tagged ). 

It seems that some ballots sent with Anne email ( being ennael1 at gmail ,
the 1 is important ) triggered 3 checks : 

 NML_ADSP_CUSTOM_MED=1.2

this one is related to DKIM ( a norm about cryptographic authentication,
see wikipedia for details ). I guess it was badly configured on our
side. 

 FREEMAIL_ENVFROM_END_DIGIT=2.223,

SA detected that the From was using gmail, a popular free webmail, and
that the email was finished by a number. And SA developpers think that
statically sign of a spam ( based on a corpus of spam, see with them for
the details ).

 FREEMAIL_REPLY=2.499, 

This one is slightly more subtle. SA detected that From: header was a
free webmail address, but that there was another email in body, and that
email was also a free webmail ( if you read your spam, you may have seen
this pattern : "I am John, the CTO of this foreign company, I want to
invest in your country, please answer me on
john at free_web_mail.example.org ", and that's what is detected right
now ). Again, that's based on their stats.


Total score : 4.924 ( there was a -1 as this was from a trusted ip, and
some 0.001 )

Score to be killed : 4.7 

Headshot.


So that explain why people who were affected were those on gmail, yahoo
or  laposte.net, and while the one with their own domain ( me, boklm,
etc ), were not affected. That doesn't explain why we didn't think to
look at this however :/

Sorry about that, now we established the problem was on our side.


So, what is plan to prevent this for next time. 
First, we will make sure that people who use epoll :
- are not scrubbed for spam ( but I tought I did it )
- do not use a email that will trigger SA checks.


A naive solution would be to lower the score on our server, but this
will not solve the problem that the rest of the network will use a
default spamassassin ( or a version with the same settings ), and so
would likely refuse the spam on their side.  So in the end, the result
will likely just make us receive more spam.

-- 
Michael Scherer

More information about the Mageia-dev mailing list