logs archiveIRC Archive / Freenode / #exim / 2015 / July / 27 / 1
cebka
hello, I'm working on porting exim 4.86 into FreeBSD ports and it seems that my old XCLIENT patch is somehow broken or at least suspicious. so, I'm wondering if anybody uses it to test/adopt it for 4.86
jgh_
pretty unlikely. From reading the postfix page on it, it looks like a proxying feature?
cebka
yes, it is
I was using it with nginx SMTP proxy and afterwards with rspamd SMTP proxy
rjek
Is it something to communicate the original IP address by a proxy?
Like HTTP's X-Forward-For?
cebka
yes, that's the way to pass the original IP, hostname, HELO and some other stuff
and it is essential when you have, for example, a balancing proxy
rjek
Also for Wieste's DNS BL frontend
jgh_
why do you need a proxy? what's the use-case? For ref, there was a little discussion back in 2008 - http://www.gossamer-threads.com/lists/exim/users/78658
rjek
cebka: I thought the traditional way of doing balancing was to simply have multiple MX records with the same priority...
cebka
jgh_: DNS resolving is the main issue
jgh_: + DNSBL
+ pipelining
all that stuff is handled way better by lightweight proxy than by exim/postfix
we had that for like 40 MX and thousands of messages per second
         

jgh_
which of those does exim not do natively? "Way better" - feature, performance?
cebka
performance, scaleability
I'm not aware of exim, to tell the truth, but it had reduced load on those MXes significantly AFAIR
jgh_
hmm. You've tried horizontally scaling over multiple exim instances, via MXs ?
cebka
then I was asked by a friend of mine to port this to exim, so I did the patch and have maintained it for a long time
jgh_: MXs are hundred percent broken
rjek
That's a pretty controversial point of view :)
cebka
jgh_: priorities are ignored by broken MTAs, RR is broken by many end resolvers
that's practice
but I really don't care, I can remove this patch from the ports and forget about it if noone needs it
however, I'm pretty sure that I'd have some angry reports that I would have broken their mail systems I'm afraid
jgh_
you could offer it to the mainline, via an RFE at bugs.exim.org No certainty of acceptance; we'd want to see some people wanting it
YamakasY
ok, what can we check to get mails to hotmail in the inbox instead of the spamfolder
jgh_
cebka: if you do go that route, please identify the version or commit-hash it successfully applied against
cebka
it applies now
but with some pretty large offset and fuzz
jgh_
YamakasY: your spamfolder, or hotmail's one?
cebka
and well, I'm not going to open bug report, as it's not my problem indeed. but I'll try to find some users and ask them to do it
jgh_
cebka: "successfully". As in, known working
rjek
I would be interested in this XCLIENT feature, as I currently have an ugly hack involving socket activation
cebka
jgh_: that's what I'm looking for: some happy users of my patch ;)
jgh_
there's code for "Proxy Protocol v2" currently in exim, which sounds like it plays in that space
rjek: ^^
rjek
jgh_: I'll have a look, ta.
cebka
I'm really waiting for milter support in exim, to tell the truth
but I completely understand how intrusive it should be
jgh_
one of the devs started work on that some time back, but moved on before he got anywhere, I'm afraid
YamakasY
jgh_: hotmails one :)
         

jgh_
see the channel Topic
cebka
jgh_: yes, I've seen the discussion
rjek
The topic is slightly wrong. It should say "Google, Hotmail, Yahoo, etc. do not know what they are doing"
jgh_
heh
or don't care
cebka
(Action) nods
especially gmail gyus...
YamakasY
jgh_: yeah ok, I'm onto that but are there some new tricks for it ?
henk
YamakasY: We dont know, ask them. In general: find every antispam measure possible and make sure your mails can not be affected by them. (;
rjek
I think that's called printing your email out and posting it
YamakasY
henk: hehe, yes all is fine, DKIM, SPF, etc etc... I need to check how as I can add my range to their program but I wonder if that really works
cebka
I'm receiving like 20+ messages per day with absolutely valid DKIM, SPF and even DMARC. but they are all bloody spam
rjek
I give DKIM-signed mail 0.1 points in SpamAssassin
cebka
+0.1 or -0.1?
rjek
+0.1
YamakasY
why so low ?
rjek
Because it's only a slight indicator of spam :)
henk
errr? o_O
YamakasY
I mean, DKIM is ok to check, it's a positive thing
I mean, everyone can set it up but still
rjek
Absolutely loads and loads of spam from throw-away .eu, .info, .us etc domains with valid DKIM, SPF, and DMARC
cebka
in rspamd, I have +1 for DKIM_REJECT and -1 for DKIM_ALLOW
but it seems to be incorrect now
ASN reputations seems to be the last resort for now
rjek
I keep meaning to set up a BGP stream -> DNS thing
cebka
but it is too dagerous in terms of FP
henk
rjek: Should I add you to the list in the topic?
YamakasY
(Action) uses info domains
rjek
henk: My decision to /add/ points for DKIM-signed mail was driven by statistics: ie, actually looking at proportions of spam vs. ham that was DKIM signed.
YamakasY
I wonder if spam is really "managable" these days
cebka
I personally consider false positives more dangerous than false negatives
YamakasY
depends in which way you see that
cebka
it's better to pass some spam than to reject innocent (and potentially important) messages
YamakasY
POV is always an issue in analytics
henk
rjek: oh, I see now (: You are helping make smtp unusable so it is replaced by something better sooner than later. Thank you very much! I guess you have already implemented SPF as well then, as per http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/smtp-spf-is-harmful.html?
rjek
cebka: It's a balance. Taking your view to extremis simply means disabling all filtering :)
YamakasY
rjek: I think we should go back by doing it all hand by hand
jgh_
what, no carrier pigeons?
rjek
(Action) believes pretty strongly in never filing stuff to a "Spam" folder, but either accepting it or rejecting it, so at least if there is a false positive the sender should get a bounce (in an ideal world).
henk
in an ideal world there are no bounces
jgh_
(Action) applies penalties to env-froms of form "noreply@"
YamakasY
(Action) wants to back to pidgins and cans with a rope between
*to go
how do you guys mostly do dns naming ? like mta msa or mailscanner ? filter ?
rjek
mxNN
YamakasY
ok, but for ?
rjek
...?
YamakasY
what kind of services
rjek
I don't understand the question.
YamakasY
most of the time you seperate services, outgoing incoming spam
I mean filder
*filter
filer is most of the time both but even that can be seperated
so mta and msa
henk
YamakasY: msa is smtp.example.org for me, the MXs and filters simply their actual FQDN, i.e. depending on the naming scheme something like spock.example.org, kirk.example.org, &
YamakasY
henk: ok, it might sounds strange but I don't like it to use maiscanner-01, etc in my dns so people see directly where they connect o
1 2 next »