Bouncing Spam

Josh Endries jendries at PRAGMETA.COM
Mon Jan 12 20:57:04 GMT 2004


Quentin Campbell wrote:
> I receive so much spam each day that it is not practical to have tagged
> messages delivered then moved to a "spam" folder (by a personal mail
> filter) where I am supposed to inspect them for possible false
> positives.
>
> I would be interested to hear what alternative strategies have been
> adopted by people in my position.

We're currently testing an implementation to see if it works well, which
it seems to so far. A couple problems are keeping me from rolling it out
100% (bayes training/permission issues). We deliver all email to the
intended recipient after tagging it. Our philosophy is to let the user
do whatever they want with their email. We've never had quota problems,
but it's possible to make different areas of a user's mailbox (like a
"spam" folder) have different quotas in Cyrus, which is nifty. Anyway
this works well with SpamAssassin and some additional rule sets. I've
gotten (and still have, for when we get Bayes working ;)) thousands of
spam messages and can't currently remember a single false positive (I
would say 3 FPs max in the past 6 months, if any). I check for false
positives sometimes though I don't need to, but I still have the option
in case I'm expecting something. I get maybe 5 uncaught spams each week
(this is all without Bayes). Other users have had similar success so it
seems to work fine.

The only problem with this is when a user sets their email to forward to
another address. Some people will block a message at the MTA, which
bounces back to us, and in turn bounces back to the original sender
(usually forged), which then bounces back to me (postmaster@). I have
yet to get MailScanner to do RBL checking/blocking correctly for these
users, but haven't spent much time on it (only two users do this). Last
try, it was looking for spamassassin even though I had that part turned
off (we use spamc/spamd outside of MailScanner). Theoretically
MailScanner will fix this problem but as yet I haven't gotten it to do so.

Bouncing spam/virii is a horrible way to go, IMO.



More information about the MailScanner mailing list