how to bock mailservers that have only an ip address

Mon May 1 19:37:11 IST 2006

On May 1, 2006, at 7:31 AM, Kai Schaetzl wrote:

> performance (and I think here's a clear advantage for
> MailScanner: the more mail you get the better should MailScanner 
> perform
> in contrast to MimeDefang because it runs in queue mode and you can 
> accept
> mail all the time with the MTA whereas with a milter you have to spawn
> another instance of it for every open connection).

Actually, like MailScanner, MIMEDefang uses persistent perl processes 
not per-scan nor per-message perl processes.  The difference isn't in 
spawning processes, the difference is in the bulk nature of the actual 
processing being done (MailScanner bulk scans messages during virus 
scanning, and MIMEDefang scans messages one at a time for all aspects 
of scanning).

> And, of course, there's
> that basic decision: do you want to reject virus mail at MTA level or
> quarantine it, just in case it got assessed wrong. Same thing with 
> spam.
> If one is so confident that the scoring/decision always is right then 
> go
> with rejecting at MTA level (=MimeDefang or amavisd), if one is not so
> confident about it then quarantine it (=MailScanner).

Again, that's not the actual trade-off.  You can do quarantine with 
MIMEDefang, too.  Either directly, or by adding headers to be used 
later in the delivery process that will trigger something in the 
delivery agent (such as a procmail recipe, or something).

> I for one do it the following way: reject mainly because of "technical"
> reasons at MTA level (which rejects around 70/80% of all mail, only 
> around
> 3% of the remaining mail is spam or bad content) and quarantine 
> because of
> content.

That's not too different from what I'm doing or proposing.  I'm just 
saying that MIMEDefang lets you add more technical reasons to do the 
blocking at the MTA level.  And, you can then choose to do your 
quarantining (and/or sanitizing, and/or mark-and-deliver) with 
MIMEDefang, MailScanner, or something else.

Really, the main trades are with timing (what things do you want done 
during the SMTP transaction? and the difference between bouncing during 
SMTP or during post-SMTP processing), the bulk speed of MailScanner for 
virus checks, a few style choices (MD's filename checks vs MS's 
filename checks), and a few feature differences (MD's ability to do 
relay, helo, sender, and recipient checking; MS's phishing checks).  
The rest is pretty much all the same.