Re: How would you provide a 554 rejection notice for spam?
Rick Macdougall wrote: Sort of like grey listing, which I do run on my personal domain, but I wouldn't use that method because of the inherent delay caused by the 4xx retry. Only happens once though. /Per Jessen, Zürich
Re: How would you provide a 554 rejection notice for spam?
John D. Hardin wrote: On Tue, 31 Jul 2007, mouss wrote: running SA at smtp time requires that the client does not timeout. so you'd better scan fast! you're also more subject to DOS (your smtp listeners are busy). compare this to queue and filter... okay, here's a sick idea: (1) MTA completes the SMTP exchange and responds with a 4xx after DATA finishes. (2) MTA passes message off to SA, then stores a hash of message-ID/score. MTA then discards the message. (3) When the remote MTA retries (if it retries) then the MTA looks up the score in the hash and decides whether to 200 or 5xx the message. All of the benefits of both methods! :) This can be improved at the cost of code complexity: run SA, and if it does not return in due time, then return 4xx. So if you scan fast, you reject or accept. otherwise, you tempfail. Either way, this requires some work. and in general, this is not worth the pain. mostly when users want their mail now (and don't say this is not instant messaging, they just don't understand what you're talking about!). This is why I favour: filter, tag and deliver: if user wants, spam goes to Junk folder or elsewhere (special address, quarantine, ..;etc). It's his mail, he will know what to do with!
Re: How would you provide a 554 rejection notice for spam?
On 30.07.07 17:49, Diego Pomatta wrote: No problems here whatsoever. And... I don't understand the point. Every piece of software has bugs. Even the e-mail client you used to create your msg.- of course. but qmail has too much of them, some of them are really annoying (at least for some people, perhaps not for qmail users) and there are pretty replacements for it :) Matus UHLAR - fantomas escribió: Btw, can simscan drop the spam verbosely? I mean, will your users report their mail rejected because of 550 spam refused or it just won't come to its destination? I don't know if you mean mail addressed to my users, or mail my users want to send out. If you mean incoming, IN MY CASE I drop spam without further notice to the sender or the recipient. I deal with the false possitives personally, and configure SA accordingly. Only 2 false possitives since SA is in effect, though. And it was actually mail I would consider spam, but the user in question wanted to receive it anyway. when we ran qmail, we had false positives, and we did not like the fact we could not tell sender what the problem was... But it can, afaik, be set to reject spam with the msg type you mentioned. That was somethint we were not able to manage. Maybe the fault was on our side, but since thwew were other problems, we replacet it with courier-mta and we're quite happy with it. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Depression is merely anger without enthusiasm.
Re: How would you provide a 554 rejection notice for spam?
On Sun, 29 Jul 2007, dalchri wrote: | Although a rejection notice was sent, we still retained the spam. This | meant that when our users got a call from their customer about the | rejected spam, they could quickly locate the message without it having | to be resent. Hi, So you want to return 5xx after DATA, *and* keep the message content itself ? Exim can do this with it's fakereject feature.
Re: How would you provide a 554 rejection notice for spam?
Matus UHLAR - fantomas escribió: when we ran qmail, we had false positives, and we did not like the fact we could not tell sender what the problem was... But is not qmail's job to detect spam or tell the sender what the problem was; qmail is just the MTA, and a damn fine one imho. A filter/scanner/anti-spam tool has to do that. But it can, afaik, be set to reject spam with the msg type you mentioned. That was somethint we were not able to manage. Maybe the fault was on our side, but since thwew were other problems, we replacet it with courier-mta and we're quite happy with it. You have achieved happiness. All else has become irrelevant. ;) /Regards
Re: How would you provide a 554 rejection notice for spam?
Well, I setup MIMEDefang. Everything is working as I want except that the (fake) rejected mail does not make it through the milter to Exchange. I used action_bounce to reject the message in mimedefang-filter. Is there a way to send the rejection code but still get the message through the milter? I think I might be leaning towards Exim for it's fake reject feature if I can't get this to work. Thanks for all the feedback! -- View this message in context: http://www.nabble.com/How-would-you-provide-a-554-rejection-notice-for-spam--tf4167751.html#a11924044 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How would you provide a 554 rejection notice for spam?
dalchri wrote: Well, I setup MIMEDefang. Everything is working as I want except that the (fake) rejected mail does not make it through the milter to Exchange. I used action_bounce to reject the message in mimedefang-filter. Is there a way to send the rejection code but still get the message through the milter? I think I might be leaning towards Exim for it's fake reject feature if I can't get this to work. Thanks for all the feedback! You should probably ask that question on the mimedefang mailing list.
Re: How would you provide a 554 rejection notice for spam?
John Rudd wrote: dalchri wrote: Well, I setup MIMEDefang. Everything is working as I want except that the (fake) rejected mail does not make it through the milter to Exchange. I used action_bounce to reject the message in mimedefang-filter. Is there a way to send the rejection code but still get the message through the milter? I think I might be leaning towards Exim for it's fake reject feature if I can't get this to work. Thanks for all the feedback! You should probably ask that question on the mimedefang mailing list. To elaborate: it IS possible, but there's probably multiple ways to do it. People on the mimedefang list will probably have already done it various ways and it'd be better to discuss it there than on the spamassassin list :-} (I've recently moved from sendmail+mimedefang to communigatepro+plugins, so my mindset isn't really deep into mimedefang anymore, or I'd try to give a more specific answer)
Re: How would you provide a 554 rejection notice for spam?
John Rudd wrote: dalchri wrote: Well, I setup MIMEDefang. Everything is working as I want except that the (fake) rejected mail does not make it through the milter to Exchange. I used action_bounce to reject the message in mimedefang-filter. Is there a way to send the rejection code but still get the message through the milter? I think I might be leaning towards Exim for it's fake reject feature if I can't get this to work. Thanks for all the feedback! You should probably ask that question on the mimedefang mailing list. Ok, you tickled my curiosity. My thought is: where you're doing action_bounce($error_message, $code, $dsn) do this: resend_message([EMAIL PROTECTED]); action_bounce($error_message, $code, $dsn); resend_message() sends the full original message (including bad content that you may have rejected in other parts of mimedefang) to the new recipient(s). As the mimedefang-filter manpage warns, you should only call it in filter_end or filter_begin, otherwise it might get called multiple times. If you're doing your spam rejection in filter_end, then that's a good place to call it. You could, alternately, do: action_quarantine_entire_message($some_message_to_the_sysadmin); action_bounce($error_message, $code, $dsn); That will put the message into the mimedefang quarantine, instead of sending it to some address on the exchange server. It's just a matter of where you want to hold the message.
Re: How would you provide a 554 rejection notice for spam?
Matus UHLAR - fantomas escribió: when we ran qmail, we had false positives, and we did not like the fact we could not tell sender what the problem was... On 31.07.07 08:41, Diego Pomatta wrote: But is not qmail's job to detect spam or tell the sender what the problem was; qmail is just the MTA, and a damn fine one imho. A filter/scanner/anti-spam tool has to do that. I hope I explained well enough: qmail does not pass message from scanner to user. It only sends its own message which tells nothing. That's bad. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states.
Re: How would you provide a 554 rejection notice for spam?
Diego Pomatta wrote: But is not qmail's job to detect spam True. or tell the sender what the problem was; True only for your local site policy; most people who reject spam would like to let the sender know so legitimate senders can rearrange their message to try again. More generally, it's usually a good idea to include *some* kind of information about why you rejected the message if you reject an email message at the MTA layer. qmail makes this much more difficult that pretty much any other MTA. qmail, as provided by DJB, is nearly unusable in today's email environment IMO. qmail is just the MTA, and a damn fine one imho. A filter/scanner/anti-spam tool has to do that. If you're going to notify senders about spam or virus content, the time to do it is before your mail system has sent a 250 OK reply to the message's DATA segment. Accepting the message then constructing a (new!) rejection message to send back generates backscatter, and is likely to get your system blacklisted locally by sysadmins everywhere if you do this. Earlier you also wrote: If you mean incoming, IN MY CASE I drop spam without further notice to the sender or the recipient. I deal with the false possitives personally, and configure SA accordingly. Only 2 false possitives since SA is in effect, though. And it was actually mail I would consider spam, but the user in question wanted to receive it anyway. 2 FPs over what time period? How much overall mail flow? What type of system is it; how many accounts? How do you find out about a false positive if you discard anything tagged as spam? I don't drop anything but confirmed viruses on my *personal* mail system, never mind the systems I'm responsible for at work; I shudder to think of the cries of outrage if I silently dropped spam on the ISP mail systems I administer. (There *have* been business-related FPs, more than once.) I *do* *divert* messages considered spam for most customers to a spam folder, and old spam is expired on a daily basis. -kgd
Re: How would you provide a 554 rejection notice for spam?
Kris Deugau escribió: I don't drop anything but confirmed viruses on my *personal* mail system, never mind the systems I'm responsible for at work; I shudder to think of the cries of outrage if I silently dropped spam on the ISP mail systems I administer. (There *have* been business-related FPs, more than once.) I *do* *divert* messages considered spam for most customers to a spam folder, and old spam is expired on a daily basis. Yes of course. This is not an ISP, otherwise we would tag spam. Let's just say that we know what we are doing, and we do it for a reason. ;) I'm off to lunch! /Regards
Re: How would you provide a 554 rejection notice for spam?
Diego Pomatta wrote: But is not qmail's job to detect spam True. or tell the sender what the problem was; True only for your local site policy; most people who reject spam would like to let the sender know so legitimate senders can rearrange their message to try again. More generally, it's usually a good idea to include *some* kind of information about why you rejected the message if you reject an email message at the MTA layer. qmail makes this much more difficult that pretty much any other MTA. as another qmail user, may I put this straight: qmail does not pass an individual message to the sender, just a selection of predetermined messages (temporary problem, prohibited, whatnot) You are free to add something like 554 your message is considered excessively spammy to the list of predetermined messages. You cannot send the actual spam score qmail, as provided by DJB, is nearly unusable in today's email environment IMO. The fact that we need spamassassin, antivirus, and the like to integrate into other mailers seems to indicate that they are not much better qmail is just the MTA, and a damn fine one imho. A filter/scanner/anti-spam tool has to do that. If you're going to notify senders about spam or virus content, the time to do it is before your mail system has sent a 250 OK reply to the message's DATA segment. Accepting the message then constructing a (new!) rejection message to send back generates backscatter, and is likely to get your system blacklisted locally by sysadmins everywhere if you do this. It is genereally known as bad practice, and has been told over and over again, to bounce messages. If the discussion is about the response to the DATA phase (as it should be), you are free to modify that piece of perl code that drives mail scanning in a way that it sends on the message (with subject changed, or otherwise modified) AND tell the sender that it has permfailed Wolfgang Hamann
Re: How would you provide a 554 rejection notice for spam?
Rick Macdougall wrote: simscan correctly uses an SMTP REJECT (55x code during the smtp conversation) and it is also possible to use custom reject messages with simscan so the sender, if any, knows exactly why the message was rejected. I have yet to see a good implementation of this in Postfix or Sendmail, and is one of the reasons I stick with Qmail. running SA at smtp time requires that the client does not timeout. so you'd better scan fast! you're also more subject to DOS (your smtp listeners are busy). compare this to queue and filter... anyway, you can still do smtp time filtering with postfix and sendmail. google for milter and proxy_filter. Having to /dev/null spam and/or viruses to the end user is even worse IMHO (as an ISP, it might be acceptable in an office env where you can train the users to look at spam or virus folders). Reject (not bounce) is acceptable, but you'd better configure your filter correctly. If I get a reject from you for a legitimate mail I sent, you will just make yourself ridiculous... It also delays legitimate mail (because I have to resend). delivering to a Junk folder and letting the recipient review this folder maybe annoying, but if the recipient is not too dumb (or too busy), then he can save ham transparently. anyway, each site has its own policy for handling spam. What we ask is to avoid bad practices that result in annoying others (backscatter, C/R, ... etc). The rest (discard, reject at smtp time, quarantine, ...) is up to you, your boss, your users, your customers, ... etc.
Re: How would you provide a 554 rejection notice for spam?
Hi, mouss wrote: Rick Macdougall wrote: simscan correctly uses an SMTP REJECT (55x code during the smtp conversation) and it is also possible to use custom reject messages with simscan so the sender, if any, knows exactly why the message was rejected. I have yet to see a good implementation of this in Postfix or Sendmail, and is one of the reasons I stick with Qmail. running SA at smtp time requires that the client does not timeout. so you'd better scan fast! you're also more subject to DOS (your smtp listeners are busy). compare this to queue and filter... We do, 4 back end spamd machines for 4 external MX machines. Having to /dev/null spam and/or viruses to the end user is even worse IMHO (as an ISP, it might be acceptable in an office env where you can train the users to look at spam or virus folders). Reject (not bounce) is acceptable, but you'd better configure your filter correctly. If I get a reject from you for a legitimate mail I sent, you will just make yourself ridiculous... It also delays legitimate mail (because I have to resend). We only REJECT very high scoring spams or viruses, I haven't seen an FP on the rejecting yet. anyway, each site has its own policy for handling spam. What we ask is to avoid bad practices that result in annoying others (backscatter, C/R, ... etc). The rest (discard, reject at smtp time, quarantine, ...) is up to you, your boss, your users, your customers, ... etc. Agree completely. Regards, Rick
Re: How would you provide a 554 rejection notice for spam?
On Tue, 31 Jul 2007, mouss wrote: running SA at smtp time requires that the client does not timeout. so you'd better scan fast! you're also more subject to DOS (your smtp listeners are busy). compare this to queue and filter... okay, here's a sick idea: (1) MTA completes the SMTP exchange and responds with a 4xx after DATA finishes. (2) MTA passes message off to SA, then stores a hash of message-ID/score. MTA then discards the message. (3) When the remote MTA retries (if it retries) then the MTA looks up the score in the hash and decides whether to 200 or 5xx the message. All of the benefits of both methods! :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Perfect Security is unattainable; beware those who would try to sell it to you, regardless of the cost, for they are trying to sell you your own slavery. --- 4 days until The 272nd anniversary of John Peter Zenger's acquittal
Re: How would you provide a 554 rejection notice for spam?
John D. Hardin wrote: On Tue, 31 Jul 2007, mouss wrote: running SA at smtp time requires that the client does not timeout. so you'd better scan fast! you're also more subject to DOS (your smtp listeners are busy). compare this to queue and filter... okay, here's a sick idea: (1) MTA completes the SMTP exchange and responds with a 4xx after DATA finishes. (2) MTA passes message off to SA, then stores a hash of message-ID/score. MTA then discards the message. (3) When the remote MTA retries (if it retries) then the MTA looks up the score in the hash and decides whether to 200 or 5xx the message. All of the benefits of both methods! :) Sort of like grey listing, which I do run on my personal domain, but I wouldn't use that method because of the inherent delay caused by the 4xx retry. Neat idea though. Regards, Rick
Re: How would you provide a 554 rejection notice for spam?
On Tue, 31 Jul 2007 at 18:20 -0400, [EMAIL PROTECTED] confabulated: John D. Hardin wrote: On Tue, 31 Jul 2007, mouss wrote: running SA at smtp time requires that the client does not timeout. so you'd better scan fast! you're also more subject to DOS (your smtp listeners are busy). compare this to queue and filter... okay, here's a sick idea: (1) MTA completes the SMTP exchange and responds with a 4xx after DATA finishes. (2) MTA passes message off to SA, then stores a hash of message-ID/score. MTA then discards the message. (3) When the remote MTA retries (if it retries) then the MTA looks up the score in the hash and decides whether to 200 or 5xx the message. All of the benefits of both methods! :) Sort of like grey listing, which I do run on my personal domain, but I wouldn't use that method because of the inherent delay caused by the 4xx retry. Neat idea though. I agree, neat idea. However, all email messages coming into the server would be delayed. Unlike greylisting, where the connection is accepted after the initial 4xx rejection. --- _|_ (_| |
Re: How would you provide a 554 rejection notice for spam?
On 7/30/2007 1:30 AM, I wrote: use simscan. http://www.inter7.com/simcsan oops, that's http://www.inter7.com/simscan -- Jeremy Kister http://jeremy.kister.net./
Re: How would you provide a 554 rejection notice for spam?
Spamassassin List wrote: Any idea for qmail? Look on www.qmail.org for links - e.g. Qmail-Scanner allows you the option of generating the bounce - or SMTP-level rejecting it as mentioned in this thread. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: How would you provide a 554 rejection notice for spam?
On 30.07.07 13:25, Spamassassin List wrote: Any idea for qmail? if you excuse a big of irony, I'd say: drop it. There are many better MTA's than qmail. There's imho much less worse solutions... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They say when you play that M$ CD backward you can hear satanic messages. That's nothing. If you play it forward it will install Windows.
Re: How would you provide a 554 rejection notice for spam?
Matus UHLAR - fantomas wrote: On 30.07.07 13:25, Spamassassin List wrote: Any idea for qmail? if you excuse a big of irony, I'd say: drop it. There are many better MTA's than qmail. There's imho much less worse solutions... According to who, you? He asked for a solution for qmail. If you do not know, it would be better to just not respond than to suggest he swap out his whole setup. Thanks anyway.
Re: How would you provide a 554 rejection notice for spam?
Jim Maul escribió: Matus UHLAR - fantomas wrote: On 30.07.07 13:25, Spamassassin List wrote: Any idea for qmail? if you excuse a big of irony, I'd say: drop it. There are many better MTA's than qmail. There's imho much less worse solutions... According to who, you? He asked for a solution for qmail. If you do not know, it would be better to just not respond than to suggest he swap out his whole setup. Thanks anyway. LoL. qmail rocks. That said, I use qmail - simscan - spamassassin. Although in my case I silently drop spam at smtp time, simscan can be configured to reject and return the spam mail to the sender with an error message, which can be customized. /regards
Re: How would you provide a 554 rejection notice for spam?
On 30.07.07 13:25, Spamassassin List wrote: Any idea for qmail? Matus UHLAR - fantomas wrote: if you excuse a big of irony, I'd say: drop it. There are many better MTA's than qmail. There's imho much less worse solutions... Jim Maul escribió: According to who, you? He asked for a solution for qmail. If you do not know, it would be better to just not respond than to suggest he swap out his whole setup. That's why asked for excusing a bit of irony. Btw. courier mail server is in configuration very close to qmail. With qmail you have to patch/replace most of its content to get features that are in most of MTAs, and you will still have some unwelcome features... On 30.07.07 14:10, Diego Pomatta wrote: LoL. qmail rocks. yes, google for qmail bugs and withlist for more info. That said, I use qmail - simscan - spamassassin. Although in my case I silently drop spam at smtp time, simscan can be configured to reject and return the spam mail to the sender with an error message, which can be customized. return to who? reject message at SMTP time? Or return to From: or mail from: address, which is in 99.9% fake? That's why it's unwelcome to return spam. Btw, can simscan drop the spam verbosely? I mean, will your users report their mail rejected because of 550 spam refused or it just won't come to its destination? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set.
Re: How would you provide a 554 rejection notice for spam?
Matus UHLAR - fantomas escribió: On 30.07.07 14:10, Diego Pomatta wrote: LoL. qmail rocks. yes, google for qmail bugs and withlist for more info. No problems here whatsoever. And... I don't understand the point. Every piece of software has bugs. Even the e-mail client you used to create your msg.- That said, I use qmail - simscan - spamassassin. Although in my case I silently drop spam at smtp time, simscan can be configured to reject and return the spam mail to the sender with an error message, which can be customized. return to who? reject message at SMTP time? Or return to From: or mail from: address, which is in 99.9% fake? That's why it's unwelcome to return spam. That's why I don't do it. :) It's pointless IMO. Btw, can simscan drop the spam verbosely? I mean, will your users report their mail rejected because of 550 spam refused or it just won't come to its destination? I don't know if you mean mail addressed to my users, or mail my users want to send out. If you mean incoming, IN MY CASE I drop spam without further notice to the sender or the recipient. I deal with the false possitives personally, and configure SA accordingly. Only 2 false possitives since SA is in effect, though. And it was actually mail I would consider spam, but the user in question wanted to receive it anyway. But it can, afaik, be set to reject spam with the msg type you mentioned. /Regards
Re: How would you provide a 554 rejection notice for spam?
Diego Pomatta wrote: Jim Maul escribió: Matus UHLAR - fantomas wrote: On 30.07.07 13:25, Spamassassin List wrote: Any idea for qmail? if you excuse a big of irony, I'd say: drop it. There are many better MTA's than qmail. There's imho much less worse solutions... According to who, you? He asked for a solution for qmail. If you do not know, it would be better to just not respond than to suggest he swap out his whole setup. Thanks anyway. LoL. qmail rocks. That said, I use qmail - simscan - spamassassin. Although in my case I silently drop spam at smtp time, simscan can be configured to reject and return the spam mail to the sender with an error message, which can be customized. That sounds more like bounce and return than reject. If you reject, the only chance you get to send an error is in the 1 line SMTP 5xx response code. If you really do mean bounce and return (accept the message with SMTP 2xx code, craft a new message in response, send it to the sender) ... that's bad, and shouldn't be used.
Re: How would you provide a 554 rejection notice for spam?
John Rudd wrote: Diego Pomatta wrote: That sounds more like bounce and return than reject. If you reject, the only chance you get to send an error is in the 1 line SMTP 5xx response code. If you really do mean bounce and return (accept the message with SMTP 2xx code, craft a new message in response, send it to the sender) ... that's bad, and shouldn't be used. simscan correctly uses an SMTP REJECT (55x code during the smtp conversation) and it is also possible to use custom reject messages with simscan so the sender, if any, knows exactly why the message was rejected. I have yet to see a good implementation of this in Postfix or Sendmail, and is one of the reasons I stick with Qmail. Having to /dev/null spam and/or viruses to the end user is even worse IMHO (as an ISP, it might be acceptable in an office env where you can train the users to look at spam or virus folders). Regards, Rick
Re: How would you provide a 554 rejection notice for spam?
Rick Macdougall wrote: John Rudd wrote: Diego Pomatta wrote: That sounds more like bounce and return than reject. If you reject, the only chance you get to send an error is in the 1 line SMTP 5xx response code. If you really do mean bounce and return (accept the message with SMTP 2xx code, craft a new message in response, send it to the sender) ... that's bad, and shouldn't be used. simscan correctly uses an SMTP REJECT (55x code during the smtp conversation) and it is also possible to use custom reject messages with simscan so the sender, if any, knows exactly why the message was rejected. I have yet to see a good implementation of this in Postfix or Sendmail, and is one of the reasons I stick with Qmail. If you mean custom reject message like: 550 Appears to be extreme spam content ($score) or 550 High Spam Probability, see http://some.url.addr/ Then that's trivial in sendmail, when using a milter. Mimedefang makes it easy-peasy. (I do the former at home, and the latter at work) Having to /dev/null spam and/or viruses to the end user is even worse IMHO (as an ISP, it might be acceptable in an office env where you can train the users to look at spam or virus folders). IMO, there's only four acceptable actions: 1) SMTP 5xx reject 2) SMTP 4xx tempfail (ex: greylisting or actual programatic error) 3) quarantine, and some form of quarantine notification to recipient 4) deliver (with possibly adding headers, and/or subject marks, so recipients filters can take appropriate action) Sending an email back to the sender isn't appropriate, due to the high likelihood that the message was a forgery. That's backscatter ... which is bad. Dropping, Discarding, or /dev/nulling a message are all showing an amazingly inappropriate level of trust in the false positive rate of ANY process. It's just irresponsible for a sysadmin to do that with a user's email based on spam scores.
Re: How would you provide a 554 rejection notice for spam?
If you're running sendmail, then spamass-milter is the way to go. On Sun, 29 Jul 2007, dalchri wrote: I've recently put SpamAssassin in front of my Exchange server as an SMTP proxy. Our previous spam filter would provide a 554 rejection notice for anything that was identified as spam. This meant that any FP would be notified so that email would not get silently ignored. Although a rejection notice was sent, we still retained the spam. This meant that when our users got a call from their customer about the rejected spam, they could quickly locate the message without it having to be resent. I would like to continue doing this with the new SA/Exchange setup. Right now I use spampd but I would like to change to Sendmail just because it is part of the default install for Redhat. How would you go about providing a 554 rejection notice? Would you do it on the SMTP proxy? On Exchange? Would you use Sendmail? Postfix? Something else? -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: How would you provide a 554 rejection notice for spam?
dalchri wrote: I've recently put SpamAssassin in front of my Exchange server as an SMTP proxy. Our previous spam filter would provide a 554 rejection notice for anything that was identified as spam. This meant that any FP would be notified so that email would not get silently ignored. Although a rejection notice was sent, we still retained the spam. This meant that when our users got a call from their customer about the rejected spam, they could quickly locate the message without it having to be resent. I would like to continue doing this with the new SA/Exchange setup. Right now I use spampd but I would like to change to Sendmail just because it is part of the default install for Redhat. How would you go about providing a 554 rejection notice? Would you do it on the SMTP proxy? On Exchange? Would you use Sendmail? Postfix? Something else? a milter from sendmail, provided you wish to stick with sendmail. mimedefang springs to mind, but I have no experience with it.
Re: How would you provide a 554 rejection notice for spam?
dalchri wrote: I've recently put SpamAssassin in front of my Exchange server as an SMTP proxy. Our previous spam filter would provide a 554 rejection notice for anything that was identified as spam. This meant that any FP would be notified so that email would not get silently ignored. Although a rejection notice was sent, we still retained the spam. This meant that when our users got a call from their customer about the rejected spam, they could quickly locate the message without it having to be resent. I would like to continue doing this with the new SA/Exchange setup. Right now I use spampd but I would like to change to Sendmail just because it is part of the default install for Redhat. How would you go about providing a 554 rejection notice? Would you do it on the SMTP proxy? On Exchange? Would you use Sendmail? Postfix? Something else? a milter from sendmail, provided you wish to stick with sendmail. mimedefang springs to mind, but I have no experience with it. Any idea for qmail?
Re: How would you provide a 554 rejection notice for spam?
On 7/30/2007 1:25 AM, Spamassassin List wrote: Any idea for qmail? use simscan. http://www.inter7.com/simcsan -- Jeremy Kister http://jeremy.kister.net./
