On Thu, 26 Mar 2015, Kris Deugau wrote:

David F. Skoll wrote:
On Thu, 26 Mar 2015 15:05:06 +0100
Reindl Harald <h.rei...@thelounge.net> wrote:

* spamass-milter -r 8.0
* messages above 8.0 are *rejected*

Silently?  Or do you generate an NDR?  I'm genuinely curious as to how you:

1) Accept mail for some recipients

2) Reject mail for others

3) Without generating backscatter

4) Given that the messages are sent in the same SMTP session with
   multiple RCPTs and only one DATA.

For those of you still a little puzzled, here's an example of what David
is asking about.  In the following SMTP transaction, how to you reject
the message for receip1, while accepting the message for recip2?

$ telnet mx.example.org 25
<< 220 example.org, talk to me
helo sending.server
<< 250 Hello, friend!
mail from:imma.spam...@example.com
<< 250 OK, send this to who?
rcpt to:rec...@example.org
<< 250 OK
rcpt to:rec...@example.org
<< 250 OK
DATA
<< 354 Now for the message
<fill in a really spammy message>
.

At this point you have one message, scoring > 8 points.  Recipient 1
absolutely requires all mail to be delivered to their Inbox, with a
Subject tag in the case of mail considered spam.  Recipient 2 wants mail
scoring > 8 points to be rejected.

What SMTP response to you send?  You can only send one response, since
you only have one message, but you have two recipients with conflicting
filter policies.

At that stage you're stuck, there is no way out of that box.

To achieve the desired results you need business logic in your pre-queue
/ milter filter to do a triage during the 'rcpt' stage.

You need a database of recipient classes to indicate whether the recipient
is a spam-lover or a spam-hater.
At the first recipient you look up that address and set a state variable
for that session (call it love-hate). As each additional recipient comes in
you compare his class against the love-hate setting for the current
session. If they are compatible you respond with a 250, if not with a 452
(or other 45* type reply). This way the sender is responsible for queuing
those recipients and trying again in another SMTP session.
Then all the recipients in one session can be treated equally WRT the
handling of reject/accept based upon some future state (EG spammyness
of the message).

That logic can be extended to more than just spam love/hate status,
just need some kind of business logic that sets the compatibility
matrix at the beginning of a session and 452's any recipient that
isn't compatible.

Note that Gmail is already doing something like this (the "multiple
destinations not supported in one transaction" status).

--
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Reply via email to