use spamcop and bounce with spamcop response help.

[Chuck Rock]

Scott Silva <ssilva <at> sgvwater.com> writes:

> 
> Chuck Rock spake the following on 11/27/2006 7:47 AM:
> > Scott Silva <ssilva <at> sgvwater.com> writes:
> > 
> >> Chuck Rock spake the following on 11/26/2006 4:41 PM:
> >>> I am bouncing messages with MailScanner that match the Spamcop list.
> >>>
> >>> I see in the latest version I'm using 4.56.8 you can modify message 
> > headers 
> >>> with actions.
> >>>
> >>> Is there a way to modify the message header to the spamcop address is 
> > listed 
> >>> with the proper IP like if you just used Sendmail to bounce it?
> >>>
> >>> This is what Spamcop tells you to di if you run Sendmail.
> >>>
> >>> FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: 
> >>> http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl 
> >>>
> >>> I was thinking of adding the message header in MailScanner similar to 
this.
> >>>
> >>> Spam Actions = bounce header "X-Spam-Status: 
> >>> Yes : 'http://spamcop.net/bl.shtml?'(flagged_IP)
> >>>
> >>> Is there a syntax in Mailscanner to provide that IP to that header line 
so 
> > a 
> >>> person could get to the spamcop site with their IP address information?
> >>>
> >>> Thanks,
> >>> Chuck
> >>>
> >> If you want that "feature", and are dropping the message anyway, why not 
just
> >> drop it at the MTA. You will save yourself the load, and get the desired
> >> result. You really should never bounce messages after you receive them. If
> >> they are dropped during the connection phase, you get the rejection to the
> >> proper server, but if you have received it, then all you have is the 
possibly
> >> forged sender address to rely on.
> > 
> > So basically, if I can have MailScanner skip the spam lists check 
altogether 
> > and just put the spamcop config in the proper sendmail config file for my 
> > inbound sendmail process?
> > 
> > Is there another benefit of having MailScanner check the rbl's instead of 
or 
> > in addition to Sendmail?
> > 
> > Thanks,
> > Chuck
> > 
> > 
> The only benefit I know of is if you want to store the bad stuff in
> quarantine. The best in order are ;
> MTA
> Spamassassin
> Mailscanner
> 
> If you have no problem dropping every message that hits spamcop, then 
dropping
> at the MTA is the safest and least processor intensive. After that, you have
> the message on your server, and bouncing it will make you many enemies, and
> maybe get you listed on a blacklist yourself. I am using sbl-xbl and
> combined.njabl.org at the mta with no complaints. You should open up your
> abuse and postmaster addresses, but spamassassin and mailscanner can catch a
> lot of the garbage there.
> 

Thanks everyone for the valuable input. I run a small ISP with a few thousand 
mailboxes and I'm very very tired of spending so much time and money 
to "handle" the onslaught of spam. I have too many customers complaining and 
when my servers have problems, all the business customers complain because 
they can't do business...

I have received messages from Spamcop with enough information for me to find 
the problem. I would go as far to say that if a sender is listed in the 
spamcop database, I'm secure enough to assume it's for a good reason and 
whomever owns that IP, needs to know and do something about it. Bounces are 
good for me because they at least will let a legitimate sender know that their 
message didn't reach the destination and the server resources and bandwidth 
are not used. I guess one other bonus to using MailScanner would be that for 
certain recipients, I could make it ignore the spamlist test so if people 
really didn't want to reject messages from senders found in Spamcop, then I 
could allow that.

Thanks again for your time.

Chuck