Spam Actions

Jim Levie jim at ENTROPHY-FREE.NET
Wed Sep 11 18:40:35 IST 2002 

On Wed, 2002-09-11 at 04:02, Julian Field wrote:
> At 08:45 11/09/2002, you wrote:
> >On Tue, 10 Sep 2002 23:31:59 -0500, you wrote:
> >
> > >> It should still be possible to whitelist ones own IP's and the
> > >> postmaster/abuse/admin accounts.
> > >>
> > >Agreed, but I think it best to be judicious in generating a bounce for a
> > >black list hit. My preference is to only send the bounce back if it
> > >looks like a legitimate email message that just happens to originate
> > >from a black listed site. Spammers who take advantage of an open relay
> > >or those that fall for the "make money with your computer at home" could
> > >care less if the get a bounce (and most will never be delivered anyway).
> > >It's the innocent user that just happens to be at a black listed site
> > >that I'm concerned about.
> >
> >To make it even more difficult:
> >
> >Bounce the message referencing the blacklist if SA doesn't qualify it as
> >spam. Don't bounce when SA says it's spam.
>
> I'm starting to regret this....
> I need to keep it relatively simple or else no-one will ever work out how
> to use it, which is worse than doing nothing. I've got a fairly clear idea
> of what I want to do, which will hopefully keep most of you happy most of
> the time. If it detected as spam, add "bounce" to the list of things you
> can do, but allow you to put the contents of the X-MailScanner-SpamCheck
> header in the message (excluding all the SA rule hits).
>
Are you saying that an SA result and an RBL result will simply be
treated as "spam" w/respect to bounces? Or can one specify one action
for an RBL result and a different one for an SA result? In my opinion
the later is what is needed to be able to notify users of why their
message wasn't delivered.

I've deployed a number of instances of MailScanner. In all cases so far
the client, when told of the configuration choices, has elected to never
produce bounces for SA or virus results to the Internet at large. They
all elect to have local users notified about virus infections.
Furthermore, all but one of the clients uses MailScanner in a "primarily
advisory role" w/respect to spam. In that configuration MailScanner has
a HighScore set somewhere at 15 or more (and discards those matches).
The SA "required" is usually set down around 3 or 4. It then becomes the
client responsibility for disposition of messages marked as being spam.
Per-user filtering of the resultant stream is then done server-side with
either Cyrus Sieve or procmail filters or client-side with whatever the
client supports for filters. To make filtering easier I've developed a
modification for MailScanner the does something along the lines of what
MimeDefang does. My mod causes the spamheader to have "(###...) at the
beginning followed by the normal spamheader. There's a "#" for each
integer part of the SA score (a score of 6.2 results in (######), up to
20 "#". The Sieve, procmail, or client filter can then do "if (######"
discard. That's much easier than picking out score from the spam header.
So, for my clients having a single action for "spam" (either from RBL or
SA) isn't a good option.

I don't know about others, but without exception all of these clients
have been very opposed to any modification of the subject header.

Yes, I could set up the MTA to do the RBL checks. But that's not very
flexible and it's hard to "white list" someone that you really need mail
from and whose ISP or organization has become black listed.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
The instructions said to use Windows 98 or better, so I installed RedHat
   Jim Levie                                 email:
jim at entrophy-free.net

More information about the MailScanner mailing list