[Remops] EMP Filters and Me

[drsnoid]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ----- Original Message -----
From: "Bananasplit Admin" <admin at bananasplit.info>
To: <remops at lists.mixmin.net>
Sent: Saturday, March 14, 2009 4:59 AM
Subject: Re: [Remops] EMP Filters and Me


> On Fri, Mar 13, 2009 at 09:09:24PM -0400, drsnoid wrote:
>>
>> Hi!
>> I've been looking in to why my mail2news tests have been failing
miserably
>> the last few times I've sent them, and discovered that they are
apparently
>> being subjected to EMP filtering not only by the banana and mixmin
>> mail2news, but by other forces unseen.  A perusal of
>> <20090314000502.LPk9c0p7s9t7 at mail2news.mixmin.net> Mail2news Log 2009-3-
13
>> reveals many of the tests being rejected as duplicates.
>
> I think you're referring to messages such as this:-
> IHAVE to news-in.mixmin.net returned: 435 Duplicate
>
> These aren't rejects, they are the news server advising that it already
> has the message its being offered.  The mail2news gateway attempts to
> deliver to a number of servers and sometimes the rate of propagation
> between news servers is so high that the message is received at some of
> them before the mail2news can inject it.  As an example:
> mail2news.mixmin.net peers with news.glorb.com
> mail2news.mixmin.net peers with news.mixmin.net
> news.mixmin.net peers with news.glorb.com
> Sometimes the mail2news sends a message to news.glorb.com and glorb forwards it
> to news.mixmin.net faster than the mail2news can send it to
> news.mixmin.net.  When the m2n tries to deliver to news.mixmin.net, the
> news server already has the message and so it says, 435 Duplicate.

Well, there is something amiss then.  If I compare those messages which
according to the mail2news log have either been accepted and posted or
reported as existing duplicates with what actually appears in
alt.testing.testing, there are very many missing.  This is evident on any
news server I read from, and interestingly news.mixmin.net has the *fewest*
- - one would expect it to show the greatest according to the mail2news log.

>> Yes they are substantially the same message Subject and body and I can
>> see why they they would be filtered if they were some sort of
>> malicious spam or whatnot.  I'm not complaining or asking anybody to
>> change anything, though would be grateful if you did!  I merely have a
>> question:  Have the Remops en masse adopted some sort of EMP filter at
>> the remailer exit level which had not existed previously?  How about
>> the Dizum mail2news?  I'm getting similar failure with dizum but can't
>> determine whether it's the exit remailer or the mail2news which is
>> causing it.
>
> Most, (not all) news servers run some kind of filtering to prevent spam
> propagation.  Cleanfeed is the most popular such filter and by
> default it will not reject EMP messages to test groups.  Were you to send
> your messages to a non-test group, they would get rejected by an
> EMP(phl) filter, (posting-host, lines).  i.e. Each post has the same
> number of lines and comes from the same host.  Neither Mixmin or Banana
> use this on test groups and I'm pretty sure Dizum doesn't.

Ah, I wasn't aware that posting-host was a part of the equation.  I've also
wondered if age were one of an EMP filter's criteria (does "substantially
identical" expire after n days?) Do you think my choice of
alt.testing.testing rather than say, alt.test could have any bearing?
Didn't use to, but clearly something has changed.

What would be the best course of action for nefarious me to take in
circumventing any EMP filter?  In other words, what exactly quantifies
"substantially identical"?

Finally, I think that at least two exit remailers are performing some sort
of EMP filtering on messages as they emerge *before* they get to the
mail2news - cripto and paranoia.  I might be wrong but their behavior seems
to indicate it.

drsnoid

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQA/AwUBSbvAgZc5FWApPF04EQLGlgCgtgsamT9tNuzN0EIqnwR9wyeni9wAn1VZ
h76JZEjFrLQh7Jf4T5ey7i2g
=J493
-----END PGP SIGNATURE-----