Per Jessen wrote:
Perhaps someone can turn this into a rule for SA to add some points.
The mail-server that detects the missing QUIT could easily add a header
which SA would then pick up on. But it might depend on what
those "other factors" are.
Part of the problem here is that a "QUIT" is a session oriented issue,
where a single SMTP session may have multiple messages. Consider a
session where the spambot generates 10 messages in one SMTP connection.
If you want to track "this message didn't have an SMTP-QUIT", then
your MTA can't release the message UNTIL all 10 of the messages have
been submitted. That could dramatically increase the number of open
files for an MTA, which could in turn lead to a denial of service
vulnerability.
This entirely prevents being able to do Spam filtering _during_ the SMTP
session, as well (ie. have a milter which runs the message through spam
assassin at the DATA phase of the SMTP session, and gives an
accept/temp-fail/reject response based upon the content of the DATA).
Since the rule depends upon the QUIT, but the QUIT can't happen before
SA has to be finished scanning the message, that means that _every_
message will have the "lack of SMTP-QUIT" rule trigger.
I can see it being part of a hosts reputation score (what percentage of
connections does it generate a quit?), or part of a blacklist, but I
think it would break too many receiver-sites if you tried to do it as a
direct SA rule.
