MIMEDefang's action_bounce()

[Dan Ferreira]

On 7/12/2004, at 7:15:55 PM, Julian Field wrote:

> I think you can manage most of the gain by using your MTA to reject
> unknown users, that's the biggest win by far. Either use the MTA to do
> it, or lookahead-milter to do it in sendmail in front of an Exchange
> 2003 server.

I'm afraid rejecting unknown users wouldn't suffice (I'll explain more below).


On 7/12/2004, at 7:17:58 PM, Drew Marshall wrote:

> Could you not get your MTA to do this? I know Postfix (My MTA of
> choice) can with out too much effort (For example by employing
> pre-queue spam scanning (Using spamd). Obviously you don't need to

Thanks for pointing me to Postfix's pre-queue filtering, I'll look into it but won't pursue it yet as a solution before considering all possibilities involving Sendmail, which I'm currently using.

> enable the bits of MailScanner that you have done at MTA level. The
> downside to this is the potential load issues if you were to suffer a
> mail flood for example.

There's probably something I'm missing.

I don't understand the load issue of being mail flooded if I would be rejecting emails at the SMTP level. On my end it involves just a one-liner (the 5xx error reply instead of an OK reply) for each email, the trouble of bouncing is up to the SMTP sender, AFAIK.

I understand that spam bouncing is futile (it won't deter spammers) and annoying (for people who own the spoofed sender addresses). However, if I bounce spam with an SMTP error reply, it's the spammer's SMTP sender that will try to notify delivery failure to the email sender (if it's configured to do so), not my server. So it's not like I'm bothering anybody.

> What are you looking to use this reject feature for?

It's really not relevant, but since you asked...

I have a contact form on this website. It's very helpful, presents specific FAQs for each type of message, requires email authentication, etc.

The form drops us an email, with a short four-letter code in the subject that's supposed to validate the sender's address. If we answer these emails and visitors reply back, their emails will most likely be accepted too (subjects tend to stay the same in replies).

As you may have figured already, emails that don't contain or contain the wrong code in the subject would be rejected immediately and the sender informed that he or she should use the contact form on the website instead.

Now, silently discarding is not an option: a legitimate sender would never know their emails weren't delivered. I don't want to bounce them in the ordinary fashion either because that would be a lot of bouncing considering the amount of spam we get daily. So I figured the solution would be SMTP bouncing where legit senders are told to use the form and spam never gets a chance.

If it's not already obvious, this site isn't terribly interested in email usability, we just want emails from people who used the form or replied to our emails.

This is what I feel would be a definite solution for us, I just have doubts as to implementation and maybe whether SMTP bouncing is the way to go.


On 7/12/2004, at 7:21:43 PM, Ugo Bellavance wrote:

> Bouncing is generally seen as a very bad thing.  However, you can bounce
> spam with MailScanner, but just not at the SMTP level.

I really need to bounce emails that don't fit certain requirements, and that includes spam. Doing bouncing at the SMTP level seems less troublesome to me and others IMHO. Please correct me if I'm wrong.

There is still the risk of bothering people who own spoofed email addresses used in spam. Is there any way I could avoid that?

--
Dan Ferreira

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!