during the last moonths I get more mails from the debian-user list marked as spam than before.
[...]
Below I send the header of an example of such a mail, maybe you can see the reason?
X-Original-To: lists-debian-devel@bendel.debian.org
Delivered-To: lists-debian-devel@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id B720220598
for <lists-debian-devel@bendel.debian.org>; Wed, 6 Mar 2024
[...]
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: debian-devel@lists.debian.org, debian-python@lists.debian.org,
wnpp@debian.org
Subject: *****SPAM***** Bug#1065537: ITP: bleak-retry-connector -- Connector for Bleak Clients that handles transient connection failures
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP
id 4269vZOl098298
for <hans.ullrich@loop.de>; Wed, 6 Mar 2024 09:57:37 +0000
Hi folks,
during the last moonths I get more mails from the debian-user list marked as spam than before. Something must have changed.
I examined the header of the mails, but did not see any unusual.
Below I send the header of an example of such a mail, maybe you can see the reason?
On my computer I am also using spamassassin, and my own score is set to 3.4, so even so it should not considered as spam.
X-Spam-Flag: YES
X-SPAM-FACTOR: DKIM
Authentication-Results: mail104c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (4096-bit key) header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on bendel.debian.org X-Spam-Level:
X-Spam-Status: No, score=-6.7 required=4.0 tests=BODY_INCLUDES_PACKAGE,
DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,LDO_WHITELIST,
T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
version=3.4.2
X-Virus-Scanned: at lists.debian.org with policy bank en-ht X-Amavis-Spam-Status: No, score=-8.561 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, BODY_INCLUDES_PACKAGE=-2, DKIM_INVALID=0.1,
DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
LDO_WHITELIST=-5, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=ham autolearn_force=no
X-Bogosity: Ham, tests=bogofilter, spamicity=0.053994, version=1.2.5
--- snap ---
Does one see any reason, why this is considered as spam???
you perhaps subscribed to one of the "Resent-*" lists ?
Subject: *****SPAM***** Bug#1065537: ITP: bleak-retry-connector -- Connector for Bleak Clients that handles transient connection failures
The mark "*****SPAM*****" does not appear in the archive
https://lists.debian.org/debian-devel/2024/03/msg00076.html
All in all it looks like a legit message, not like spam.
So the suspect would sit after Debian's mail servers.
The only Received header i see between Debian and you is:
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail104c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP
id 4269vZOl098298
for <hans.ullrich@loop.de>; Wed, 6 Mar 2024 09:57:37 +0000
It looks like either megamailservers.eu or your own processing added
the spam mark to the subject.
Have a nice day :)
Thomas
X-Spam-Flag: YES
X-SPAM-FACTOR: DKIM
What sets these two headers?
I changed nothing and suddenly many mails from debian-user
(but not all, only some) are recognized as spam.
Authentication-Results: mail104c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (4096-bit key) header.d=4angle.com header.i=@4angle.com header.b="bS+3bWmq"
List-Unsubscribe: <mailto:debian-devel-request@lists.debian.org?subject=unsubscribe>
Hi Thomas,
you perhaps subscribed to one of the "Resent-*" lists ?
Not as far as I know.
Subject: *****SPAM***** Bug#1065537: ITP: bleak-retry-connector -- Connector for Bleak Clients that handles transient connection
failures
The mark "*****SPAM*****" does not appear in the archive
This line is set by spamassassin on my own computer, when a spam mail
is marked as spam. Then it will be filtered out. But I can not see,
WHJY it is recognised as apam!
https://lists.debian.org/debian-devel/2024/03/msg00076.html
All in all it looks like a legit message, not like spam.
So the suspect would sit after Debian's mail servers.
The only Received header i see between Debian and you is:
Received: from bendel.debian.org (bendel.debian.org
[82.195.75.100])
by mail104c50.megamailservers.eu (8.14.9/8.13.1) with
ESMTP id 4269vZOl098298
for <hans.ullrich@loop.de>; Wed, 6 Mar 2024 09:57:37
+0000
It looks like either megamailservers.eu or your own processing added
the spam mark to the subject.
Hmm, suspicious. I changed nothing and suddenly many mails from
debian-user (but not all, only some) are recognized as spam. And I
can not see, why they are. Thre are no URLs in it, no suspicous gifs
or any other content. Just quite normal mails. And some are flagged
as spam, some not. Weired.....
Re: *****SPAM***** Re: Spam from the list?
In-Reply-To: <20240306112253.55e25711@earth.stargate.org.uk>
Date: Wed, 6 Mar 2024 11:22:53 +0000
From: Brad Rogers <brad@fineby.me.uk>
Message-ID: <20240306112253.55e25711@earth.stargate.org.uk>
It should be well trained
But until then suddenly the false positives increased from one day to >another, although I had changed nothing.
On Wed, 06 Mar 2024 13:53:49 +0100
Hans <hans.ullrich@loop.de> wrote:
Hello Hans,
It should be well trained
Spam training is an ongoing process....
But until then suddenly the false positives increased from one day to >another, although I had changed nothing.
....because the spam changes. What's coming now is new, and SA has not
seen it before. You have to train it. Equally, what you consider ham
can change - for example, when you subscribe to a new mailing list that caters to a subject not encountered by you before because of, say, taking
up a new hobby.
I've been using my spam filtering set up for years too, and I still get
the occasional false positive. I mark them as ham to (hopefully)
improve spam filtering here.
HI Brad,
I do not believe, it is a training problem. Why? Well, your formerly
mail was marked as spam. So I marked it as ham. Now, your second mail
again is marked as spam.
We know, there is nothing unusual with your mail, but it is again
marked as spam. Even, when I explicity marked your mails as ham!
Thus the problem is not on my computer.
I believe, what Thomas said: Megamail or my mailprovider is setting
the X- Spam-Flag to YES, and my spamassassin is recognizing this and
marks this as spam.
The solution would be, either to make megamails or my provider make
things correctly (but I have no atom bombs to force them) , or delete
my rule, to check the X-Spam-Flag (which I actually do not want).
Important is: The cause is not at debian server (which is fine!) and
not on my system (which is also fine), but on the provider server.
To know this, I think we can safely close this issue.
We have learnt some things (which is always important) and could find
the reason.
Thank you all for your help and input!!
Hi all,
I believe, I found the reason, why mails are marked as spam and others not.
All spam mails shjow this entry in the header:
--- sninp ---
Authentication-Results: mail35c50.megamailservers.eu; spf=none smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key) header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: <bounce-debian-devel=hans.ullrich=loop.de@lists.debian.org> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 425I9ZEK112497
for <hans.ullrich@loop.de>; Tue, 5 Mar 2024 18:09:37 +0000
--- snap ---
White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
However, I am not much experienced with DKIM, but as far as I read, it has soemthing to do with key exchanges.
But who must exchange keys? I see also bendel.debian.org and a bounce message.
Can that be the reason, that bendel.debian.org and megameilservers.eu has some
problems with the keys?
On both I can not take a look and have no influence to it, but mayme the admins
of bendel.debian.org do know more.
Thanks for reading this,
Best regards
Hans
--- sninp ---
Authentication-Results: mail35c50.megamailservers.eu; spf=none smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key) header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: <bounce-debian-devel=hans.ullrich=loop.de@lists.debian.org> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 425I9ZEK112497
for <hans.ullrich@loop.de>; Tue, 5 Mar 2024 18:09:37 +0000
--- snap ---
White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
Hi,
On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
--- sninp ---
Authentication-Results: mail35c50.megamailservers.eu; spf=none
smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: <bounce-debian-devel=hans.ullrich=loop.de@lists.debian.org>
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id
425I9ZEK112497
for <hans.ullrich@loop.de>; Tue, 5 Mar 2024 18:09:37 +0000
--- snap ---
White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.
In this specific example your problem is that a mail came through
the Debian bug tracking system (which pretends to be the original
sender) and on the way out was DKIm signed by debian.org and then
went through Debian's list servers. Somewhere in there the DKIM
signature was broken.
I don't rate your chances of getting the operators of
bugs.debian.org and lists.debian.org to agree to preserve DKIM since
I know at least some of them are severely opposed to DKIM.
Your mailbox provider really should not be rejecting everything that
has a broken DKIm signature. This email from me will probably have a
broken DKIM signature.
Thanks,
Andy
Hi,
On Thu, Mar 07, 2024 at 09:44:51AM +0100, Hans wrote:
--- sninp ---
Authentication-Results: mail35c50.megamailservers.eu; spf=none smtp.mailfrom=lists.debian.org
Authentication-Results: mail35c50.megamailservers.eu;
dkim=fail reason="signature verification failed" (2048-bit key) header.d=debian.org header.i=@debian.org header.b="pDp/TPD5"
Return-Path: <bounce-debian-devel=hans.ullrich=loop.de@lists.debian.org> Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by mail35c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 425I9ZEK112497
for <hans.ullrich@loop.de>; Tue, 5 Mar 2024 18:09:37 +0000
--- snap ---
White mails get the dkim=pass and spam mails got dkim=fail (as you see above).
A great many legitimate emails will fail DKIM so it is not a great
idea to reject every email that does so. I don't think that you are
going to have a good time using Internet mailing lists while your
mail provider rejects mails with invalid DKIM, so if I were you I'd
work on fixing that rather than trying to get everyone involved to
correctly use DKIM.
And some dkim seems setup with the intention that it should not be used
for mailinglusts:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=dow.land;
s=20210720;
h=From:In-Reply-To:References:Subject:To:Message-Id:Date:
Content-Type:Content-Transfer-Encoding:Mime-Version:Sender:Reply-To:Cc:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
AFAICT, it's a problem at the originator causing failures, either
something wrong with dkim setup or too strict set of headers.
I shall be checking what this does when it gets back to me. One of the problems with dkim is that you assume it still works, it's hard to know
what others actually see...
[...] I argue that at present it
isn't a good idea to just reject all DKIM failures like OP's mailbox
provider appears to be doing.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 31:32:26 |
Calls: | 6,669 |
Calls today: | 1 |
Files: | 12,216 |
Messages: | 5,338,151 |