use spamcop and bounce with spamcop response help.

[Scott Silva]

Chuck Rock spake the following on 11/28/2006 8:12 AM:
> Scott Silva <ssilva <at> sgvwater.com> writes:
> 
>> Chuck Rock spake the following on 11/27/2006 7:47 AM:
>>> Scott Silva <ssilva <at> sgvwater.com> writes:
>>>
>>>> Chuck Rock spake the following on 11/26/2006 4:41 PM:
>>>>> I am bouncing messages with MailScanner that match the Spamcop list.
>>>>>
>>>>> I see in the latest version I'm using 4.56.8 you can modify message 
>>> headers 
>>>>> with actions.
>>>>>
>>>>> Is there a way to modify the message header to the spamcop address is 
>>> listed 
>>>>> with the proper IP like if you just used Sendmail to bounce it?
>>>>>
>>>>> This is what Spamcop tells you to di if you run Sendmail.
>>>>>
>>>>> FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: 
>>>>> http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl 
>>>>>
>>>>> I was thinking of adding the message header in MailScanner similar to 
> this.
>>>>> Spam Actions = bounce header "X-Spam-Status: 
>>>>> Yes : 'http://spamcop.net/bl.shtml?'(flagged_IP)
>>>>>
>>>>> Is there a syntax in Mailscanner to provide that IP to that header line 
> so 
>>> a 
>>>>> person could get to the spamcop site with their IP address information?
>>>>>
>>>>> Thanks,
>>>>> Chuck
>>>>>
>>>> If you want that "feature", and are dropping the message anyway, why not 
> just
>>>> drop it at the MTA. You will save yourself the load, and get the desired
>>>> result. You really should never bounce messages after you receive them. If
>>>> they are dropped during the connection phase, you get the rejection to the
>>>> proper server, but if you have received it, then all you have is the 
> possibly
>>>> forged sender address to rely on.
>>> So basically, if I can have MailScanner skip the spam lists check 
> altogether 
>>> and just put the spamcop config in the proper sendmail config file for my 
>>> inbound sendmail process?
>>>
>>> Is there another benefit of having MailScanner check the rbl's instead of 
> or 
>>> in addition to Sendmail?
>>>
>>> Thanks,
>>> Chuck
>>>
>>>
>> The only benefit I know of is if you want to store the bad stuff in
>> quarantine. The best in order are ;
>> MTA
>> Spamassassin
>> Mailscanner
>>
>> If you have no problem dropping every message that hits spamcop, then 
> dropping
>> at the MTA is the safest and least processor intensive. After that, you have
>> the message on your server, and bouncing it will make you many enemies, and
>> maybe get you listed on a blacklist yourself. I am using sbl-xbl and
>> combined.njabl.org at the mta with no complaints. You should open up your
>> abuse and postmaster addresses, but spamassassin and mailscanner can catch a
>> lot of the garbage there.
>>
> 
> Thanks everyone for the valuable input. I run a small ISP with a few thousand 
> mailboxes and I'm very very tired of spending so much time and money 
> to "handle" the onslaught of spam. I have too many customers complaining and 
> when my servers have problems, all the business customers complain because 
> they can't do business...
> 
> I have received messages from Spamcop with enough information for me to find 
> the problem. I would go as far to say that if a sender is listed in the 
> spamcop database, I'm secure enough to assume it's for a good reason and 
> whomever owns that IP, needs to know and do something about it. Bounces are 
> good for me because they at least will let a legitimate sender know that their 
> message didn't reach the destination and the server resources and bandwidth 
> are not used. I guess one other bonus to using MailScanner would be that for 
> certain recipients, I could make it ignore the spamlist test so if people 
> really didn't want to reject messages from senders found in Spamcop, then I 
> could allow that.
> 
> Thanks again for your time.
> 
> Chuck
> 
> 
As was stated before, a bounce is usually not good, but if they get a reject
at the MTA, that is totally different. A bounce will imply that you recieved
the message and are returning it. But when you use the blacklists you in
effect stop the sending server as it starts to "talk" to your receiving server
and tell it to "stop! I don't want this message!" A bounce will be at the
mercy of any forgery in the message, but the MTA is in direct communication
during the transaction, and doesn't need to rely on those forged addresses.

And you can also "whitelist" certain addresses at the MTA of you want to
exempt certain senders or recipients from the MTA blacklists. In sendmail,
this is fairly easy, so the postfix and exim people can jump in and say that
it is easy there also.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!