[pfx] Re: discard message

Thu, 20 Jun 2024 12:46:55 -0700 

On 6/20/2024 2:28 PM, Paul Schmehl via Postfix-users wrote:
On Jun 20, 2024, at 7:17 AM, Wietse Venema via Postfix-users <postfix-users@postfix.org> wrote: 

Paul Schmehl via Postfix-users:

Is there a place in postfix where I could discard mail if it has
a spam score higher than say 4 or 5? I know that postfix hands the
mail off to spamassassin for processing and then receives it back
for delivery, but I'm unclear what checks could be implemented to
catch spam and discard it.

This is what I could match on: X-Spam-Status: Yes, score=2.1


If the score was higher than some number (e.g >4) than reject the 
mail.


One could try some variant of /^X-Spam-Status: Yes, score=[5-9]/



Would this be in header_checks? I confess, I’m not clear on how mail 
is handled after spamassassin returns it to Postfix. Does it go all 
the way through the process again, beginning with header_checks?



If it’s header_checks, I would probably use something like 
/^X-Spam-Status: Yes, score=[5-100[/ to catch everything above five.


Paul Schmehl
paul.schm...@gmail.com



Yeah, been there, done that.


Please resist the urge to discard mail that scores above some 
amount. The way Spamassassin works, a higher score does not 
necessarily indicate "more" spamminess.



Spamassassin has a non-zero error rate, and if a wanted mail is 
discarded, neither you nor the sender will ever know, nor will you 
have much in the way of evidence to adjust future scores. I can 
guarantee this will cause you a problem at some point.


The safe choices are limited.


If you use a pre-queue filter such as a milter, you can safely 
reject the mail. Legit senders will be notified their mail wasn't 
delivered and can take action.



If you use a post-queue filter such as your spamd script, it's too 
late to reject.  You can mark the mail and deliver it, or send it to 
a quarantine.



I know it can seem very satisfying to discard mail, but DISCARD 
should be reserved for very narrow use cases, such as a former lover 
or a very persistent spammer.



  -- Noel Jones
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to