Reject vs. bounce
Glenn Steen
glenn.steen at gmail.com
Tue Oct 3 12:43:30 IST 2006
On 03/10/06, Tim Boyer <tim at denmantire.com> wrote:
(Snip good comment by Ken A)
>
> That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter
> - running all my SpamAssassin tests there. My fear is that if I move them from
> there to a post-smtp scan, I'll lose the ability to reject.
Well, from a resource standpoint... You'd only be able to do rejection
after DATA, so all that would land you is that you don't "take
responsibility" for the NDN... You still gobble down all the message.
> For instance, we once got a legitimate sales request that scored over 19 on SA.
> /dev/null fodder if ever there was one, but because I reject with a 'email
> postmaster if you're real' message, they re-sent and it got through. If I scan
> afterwards, my only real options are discard it or tag it and do something with
> it, right?
To be able to do that type of thing, you'd be needing "bounces" yes.
Or use a quarantine, perhaps with a very short retention period
(perhaps only viable for smaller setups, like mine:-).
Then again, if the sales request ended up with 19 points, it probably
hiot a lot of rules... One might argue they got what they
deserved:-):-).
You could alleviate that type of thing with SA whitelistings (perhaps
the spf thingies, if you can use that for those senders).
But the bottom line is: MailScanner doesn't do SMTP, the MTAs do that.
So, in some situations you end up doing things quite differently than
you would've (perhaps "not at all":-) with a more SMTP-aware product.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list