Am Wednesday 26 November 2008 18:15:05 schrieb LaGatorVII: > <snip> > ... > I see two possible solutions, both of which I am not savvy enough to do on > my own: > > 1) Some setting or filter in Postfix to not generate a bounce message when > an email is rejected for the above reason.
And what about a message being rejected by Exchange because the SPAM filtering has failed (i.e., generated a false positive), being from a "correct" sender? Refusing delivery (or bouncing) of a message is one thing, silently throwing it away is another. Generally, you'll never, ever want to do this (and it directly violates SMTP protocol and also [at least here in germany] your _legal_ obligations as a mail carrier AFAIK). > 2) Some script to delete mail messages via a cron job if they include the > above rejection reason. "550 5.7.1 Requested action not taken: message > refused". I might be able to figure out a script that can delete the files > at the file level but I am not sure what this would do to Postfix. See above. Additionally, even if you only delete bounces after they are n hours old, the bounce recipient might not have been reachable in that time (greylisting with sav comes to mind), so you might also delete "good" bounces (even though I personally find this approach to be better than the first, but objectionable nevertheless). > Please note that the Postfix server is locked down pretty good. All of the > helo, sender and recipient restrictions are in place, as well as two RBL > filters. It is just that about 25 times per day the Exchange servers are a > little better at filtering, and we do not want those extra mails to get > through to the users. From what I can tell, your Postfix isn't locked down enough. The implementation we run does all SPAM-filtering and content refusal directly at entry (i.e., on the Postfix side, using amavis in combination with milter), which then sends things on to the Exchange server(s) we maintain (and which don't do any further content filtering of their own). As the amavis integration into the Postfix delivery system is done using milter, there is no problem refusing a message at EOM (which is not [easily] possible in the case that you have a Dual-MTA setup [the amavis default for Postfix], which is similar to your case with Postfix relaying to Exchange). If you can't move the mail filtering infrastructure to the Postfix system (i.e., to the initial mail dialog when you accept responsibility for the message), the only sensible thing to do would be for the Exchange systems to not reject the messages, but mark them as SPAM and then do server/client-side filtering. From what you tell, the amount of SPAM that gets through is so miminal (25 messages a day for I guess quite a lot of users), that explicitly moving them to a spam folder for the user to decide what to do should be a perfectly acceptable policy, and a policy that is in compliance with your obligations. HTH! -- Heiko Wundram Gehrkens.IT GmbH FON 0511-59027953 | http://www.gehrkens.it FAX 0511-59027957 | http://www.xencon.net Gehrkens.IT GmbH Strasse der Nationen 5 30539 Hannover Registergericht: Amtsgericht Hannover, HRB 200551 Geschäftsführer: Harald Gehrkens, Daniel Netzer
