Incident Information:- Originator: zope-announce-admin@zope.org Recipients: zope@zope.org, zope-announce@zope.org Subject: [Zope-Annce] ANNOUNCE: Pound - reverse proxy and load balancer - v0.8 Message from zope-announce-admin@zope.org was quarantined because it contained banned content. This message contains information from Equifax, Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e:mail postmaster@equifax.com.
On Thu, Aug 01, 2002 at 03:25:00PM +0100, Bradford1/UK/Equifax@equifax.com wrote:
Incident Information:-
Originator: zope-announce-admin@zope.org Recipients: zope@zope.org, zope-announce@zope.org Subject: [Zope-Annce] ANNOUNCE: Pound - reverse proxy and load balancer - v0.8
Message from zope-announce-admin@zope.org was quarantined because it contained banned content.
What would be "banned content" in an announcement? Are there sane people around that believe that computer programs can understand what a message means? Or are we too young to see naughty words? just curious... -- __________________________________________________ "Nothing is as subjective as reality" Reinoud van Leeuwen reinoud.v@n.leeuwen.net http://www.xs4all.nl/~reinoud __________________________________________________
do you think it was the 'can't read from XXX' or those naughty HEAD requests? ;) Reinoud van Leeuwen wrote:
On Thu, Aug 01, 2002 at 03:25:00PM +0100, Bradford1/UK/Equifax@equifax.com wrote:
Incident Information:-
Originator: zope-announce-admin@zope.org Recipients: zope@zope.org, zope-announce@zope.org Subject: [Zope-Annce] ANNOUNCE: Pound - reverse proxy and load balancer - v0.8
Message from zope-announce-admin@zope.org was quarantined because it contained banned content.
What would be "banned content" in an announcement? Are there sane people around that believe that computer programs can understand what a message means? Or are we too young to see naughty words?
just curious...
On Thu, Aug 01, 2002 at 04:43:02PM +0200, Reinoud van Leeuwen wrote:
What would be "banned content" in an announcement? Are there sane people around that believe that computer programs can understand what a message means? Or are we too young to see naughty words?
Dunno about this particular filter, but Zope/Python.org's SpamAssassin also flagged the Pound announcement as possible spam. SpamAssassin uses heuristics (tuned via a genetic algorithm, IIRC) to find spam. In this case: - the message sender's email software didn't generate a Message ID, it was added by a later MTA (Spam is notoriously broken in such details) - the Message ID added by the later MTA was not a valid Message ID, as the MTA that generated it added a message that it had done so. - The message triggered a pr0n keyword filter; it must've been all the 'Pound'-ing. ;) - The words 'HTTP/HTTPS' triggered a double-caps word filter (often found in spams). All in all these factors added up to a score of 5.5, which was just over the 5.0 threshold Python.org has set. Messages in the 5.0 to 10.0 range sometimes are such false positives. Incidentally, had Robert Segall mentioned Zope or Python in the message however, he'd have pushed the score just below the threshold again. -- Martijn Pieters | Software Engineer mailto:mj@zope.com | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------
On Thursday 01 August 2002 17:02, you wrote:
On Thu, Aug 01, 2002 at 04:43:02PM +0200, Reinoud van Leeuwen wrote:
What would be "banned content" in an announcement? Are there sane people around that believe that computer programs can understand what a message means? Or are we too young to see naughty words?
Dunno about this particular filter, but Zope/Python.org's SpamAssassin also flagged the Pound announcement as possible spam. SpamAssassin uses heuristics (tuned via a genetic algorithm, IIRC) to find spam. In this case:
- the message sender's email software didn't generate a Message ID, it was added by a later MTA (Spam is notoriously broken in such details)
- the Message ID added by the later MTA was not a valid Message ID, as the MTA that generated it added a message that it had done so.
- The message triggered a pr0n keyword filter; it must've been all the 'Pound'-ing. ;)
- The words 'HTTP/HTTPS' triggered a double-caps word filter (often found in spams).
All in all these factors added up to a score of 5.5, which was just over the 5.0 threshold Python.org has set. Messages in the 5.0 to 10.0 range sometimes are such false positives. Incidentally, had Robert Segall mentioned Zope or Python in the message however, he'd have pushed the score just below the threshold again.
Thanks Martijn - I'll do that in the future <filler> Zope, Python, Zope, Python</filler>. For everybody else: Pound is legit - it really is a load balancer, with some very specific Zope aspects (please have a look at the web page for details). In fact, the original motivation for writing it was to load-balance multiple Zope instances running in front of a ZEO server. SsL wrapping, hTtP sanitizing and high-availability features were just for bonus points. Since the filter seemingly flagged "Pound": the normal abbreviation for pound (as a unit of weight) is lb which I thought is rather fitting for a load balancer. Do you think I should change it for the sake of the assassin? There, I hope this time around there are enough "Zope/Python" occurrences to overcome the filter. Anyway, I'm not really sure what am I supposed to do about HtTp - I'm too used to writing it all upper-case. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-1-920 4904
On Fri, Aug 02, 2002 at 12:53:04AM +0200, Robert Segall wrote:
Thanks Martijn - I'll do that in the future <filler> Zope, Python, Zope, Python</filler>.
For everybody else: Pound is legit - it really is a load balancer, with some very specific Zope aspects (please have a look at the web page for details). In fact, the original motivation for writing it was to load-balance multiple Zope instances running in front of a ZEO server. SsL wrapping, hTtP sanitizing and high-availability features were just for bonus points.
Since the filter seemingly flagged "Pound": the normal abbreviation for pound (as a unit of weight) is lb which I thought is rather fitting for a load balancer. Do you think I should change it for the sake of the assassin?
There, I hope this time around there are enough "Zope/Python" occurrences to overcome the filter. Anyway, I'm not really sure what am I supposed to do about HtTp - I'm too used to writing it all upper-case.
The fact is was flagged was just an unfortunate coincidence; it may be more use to see what you can do about your email chain (client, SMTP server) not generating a Message ID, for example. As for capitalized words such as HTTP and HTTPS, it was the combination with a slash that triggered a low score. And only the combination of all scores would cause SpamAssassin to flag messages as spam. Mentioning Python or Zope is a negative score, for example. And we manually review all messages that score between 5.0 and 10.0 as well, to avoid missing false positives. In short, just keep the name Pound. You may want to lay off on the triple x-es though. ;) -- Martijn Pieters | Software Engineer mailto:mj@zope.com | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------
Bradford1/UK/Equifax@equifax.com wrote:
Incident Information:-
Originator: zope-announce-admin@zope.org Recipients: zope@zope.org, zope-announce@zope.org Subject: [Zope-Annce] ANNOUNCE: Pound - reverse proxy and load balancer - v0.8
Message from zope-announce-admin@zope.org was quarantined because it contained banned content.
LOL Anyone else wondered what could have this filter triggered? I bet it's "can't read from xxx" hahaha oliver
Heavy loads and pounding - sounds like S&M to me! Tom P [Oliver Bleutgen]
Bradford1/UK/Equifax@equifax.com wrote:
Incident Information:-
Originator: zope-announce-admin@zope.org Recipients: zope@zope.org, zope-announce@zope.org Subject: [Zope-Annce] ANNOUNCE: Pound - reverse proxy and load balancer - v0.8
Message from zope-announce-admin@zope.org was quarantined because it contained banned content.
LOL Anyone else wondered what could have this filter triggered?
I bet it's
"can't read from xxx" hahaha
participants (7)
-
Ben Avery -
Bradford1/UK/Equifax@equifax.com -
Martijn Pieters -
Oliver Bleutgen -
Reinoud van Leeuwen -
Robert Segall -
Thomas B. Passin