Reject vs. bounce

Jim Holland mailscanner at mango.zw
Tue Oct 3 17:19:12 IST 2006


> On 03/10/06, Tim Boyer <tim at denmantire.com> wrote:
> (Snip good comment by Ken A)
> >
> > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter
> > - running all my SpamAssassin tests there.  My fear is that if I move them from
> > there to a post-smtp scan, I'll lose the ability to reject.
> 
> Well, from a resource standpoint... You'd only be able to do rejection
> after DATA, so all that would land you is that you don't "take
> responsibility" for the NDN... You still gobble down all the message.
> 
> > For instance, we once got a legitimate sales request that scored over 19 on SA.
> > /dev/null fodder if ever there was one, but because I reject with a 'email
> > postmaster if you're real' message, they re-sent and it got through.  If I scan
> > afterwards, my only real options are discard it or tag it and do something with
> > it, right?

eg quarantine it - see below.
 
> To be able to do that type of thing, you'd be needing "bounces" yes.

Bouncing should always be done at SMTP time and not by MailScanner - for
reasons already stated by others.

> Or use a quarantine, perhaps with a very short retention period
> (perhaps only viable for smaller setups, like mine:-).

Once mail has been accepted then why not quarantine all mail that is 
flagged as spam?

An essential component of managing spam is to notify users of what has
been rejected, and to quarantine the marginal mail rather than deleting it
or rejecting it.  We send out two separate notifications per day to our
users - one that indicates the mail that has been bounced at SMTP time,
with reports in the following format:

	Oct  2 14:56:02
	    sender: vczr at chrispowerz.wanadoo.co.uk
	    recip:  user at mango.zw
	    server: dsl.static81214188253.ttnet.net.tr

and the other that indicates mail that has been quarantined (where more 
information is available for the report):

	02 Oct 2006 06:30:49
	    From:       "PokerBot Max" <Akins_bend at hotmail.com>
	    Server:     static-66-16-28-242.dsl.cavtel.net [66.16.28.242]
	    Date:       Sun 01 Oct 2006 23:28:06 -0600
	    Subject:    Make Money Online with PokerBot
	    Saved as:   user at mango.zw 20061002/spam/k924USZ9020056

The server information is useful for users to quickly pick out the origin
of the message and often gives a very good indication of the likelihood of
the mail being genuine or not.

I guess that we would probably bounce or block around 85% of incoming 
connections, with the remainder being split between genuine and 
quarantined mail.  We typically quarantine only around 650 messages per 
day, so the storage requirement for our 2500 users is not significant - we 
keep it for 90 days.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service



More information about the MailScanner mailing list