> From: Matus UHLAR - fantomas <[email protected]> > however I also think that there are different kinds/levels of bulkiness that > could have different scores and/or different ways to get handled.
If you would say there are various kinds of mail that is usually bulk and that has various probabilities of being unsolicited, I could agree. But I think it is wrong to talk about different kinds of bulkiness other than numbers of copies. Precise language is important, because sloppy language cause sloppy thinking, and sloppy thinking causes bad results. This week I had a discussion with a spammer who insisted that his burst of around 100,000 identical messages was not "bulk mail" because he claimed he wasn't selling anything. > Rejecting clear spam (SA score >10) while keeping the rest for later recheck > or delivering suspicious mail to spam folder is OK I think. > However since I don't plan to reject all bulk messages, I keep spamassassin > to work with the scores. SpamAssassin is like every other spam filter and imperfect. If you set the scoring so that SA can ever detect anything, than some legitimate email will have a score >10 or whatever threshold you choose. In your configuration, such legitimate mail or false positives will disappear into blackholes. On the other hand, if you would do all SA scanning during the SMTP transaction, you could reject instead of accept any mail that you might eventually not deliver. That prevents blackholes. SpamAssassin can be run in popular MTAs including sendmail and postfix so that the SA tests can be completed before the end of the transaction and so you could give 5yz response to any email not delivered. > the same mail for multiple users can be scanned two times: first with global > set of rules at SMTP level, second time with per-user filters (and their > whitelists). As I think dccifd+postfix and dccm+sendmail demonstrate, there is no technical reason that absolutely prevents doing do both global and per-user scanning in the MTA during the original SMTP transaction. (You can deal with single response code to the DATA command by temporarily rejecting second and later Rcpt_To mailboxes that have whitelists or other settings that differ from the first Rcpt_To value.) Vernon Schryver [email protected] _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
