Jared Johnson wrote: >> _Every_ filter reject _must_ result in a real reject back to the sender >> (by inline 5xx error). In this way we can ensure that someone is shown >> that it didn't get through, and we provide them with instructions on >> what to do to remediate a FP. By 250'ing the email, and eliding a >> recipient, you're blackholing the email. Not acceptable in our environment. > > That's where you'd probably want to go down a different road in the same > scheme -- instead of turning the reject into an ignore, turn it into a > bounce if you want the sender to know about it,
Blowback? No way. > or into a quarantine or > tag if you don't trust the bounce to make it. That's of course if you > absolutely have to have per-user prefs, which we do :) We decided it > was not an option to *force* ignoring mail, so we added these additional > options, but in practice we only ever end up doing this to mail that > really did end up being spam, which is why there hasn't been any demand > to change the default. We treat "user prefs" in a slightly different way. There are (only ;-) three "unfiltered" accounts[+]. If the filters fire on it, it'll _only_ get through if the unfiltered account is the sole recipient. The rejection message says "forward to FP handling account _only_". [+] Our FP handling account, abuse and one other. Nobody else has really asked for a unfiltered account. If they do, I'll make 'em sign a security exemption that requires them to rejustify it every 6 months.