Reject vs. bounce

Jim Holland mailscanner at
Tue Oct 3 17:19:12 IST 2006

> On 03/10/06, Tim Boyer <tim at> wrote:
> (Snip good comment by Ken A)
> >
> > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter
> > - running all my SpamAssassin tests there.  My fear is that if I move them from
> > there to a post-smtp scan, I'll lose the ability to reject.
> Well, from a resource standpoint... You'd only be able to do rejection
> after DATA, so all that would land you is that you don't "take
> responsibility" for the NDN... You still gobble down all the message.
> > For instance, we once got a legitimate sales request that scored over 19 on SA.
> > /dev/null fodder if ever there was one, but because I reject with a 'email
> > postmaster if you're real' message, they re-sent and it got through.  If I scan
> > afterwards, my only real options are discard it or tag it and do something with
> > it, right?

eg quarantine it - see below.
> To be able to do that type of thing, you'd be needing "bounces" yes.

Bouncing should always be done at SMTP time and not by MailScanner - for
reasons already stated by others.

> Or use a quarantine, perhaps with a very short retention period
> (perhaps only viable for smaller setups, like mine:-).

Once mail has been accepted then why not quarantine all mail that is 
flagged as spam?

An essential component of managing spam is to notify users of what has
been rejected, and to quarantine the marginal mail rather than deleting it
or rejecting it.  We send out two separate notifications per day to our
users - one that indicates the mail that has been bounced at SMTP time,
with reports in the following format:

	Oct  2 14:56:02
	    sender: vczr at
	    recip:  user at

and the other that indicates mail that has been quarantined (where more 
information is available for the report):

	02 Oct 2006 06:30:49
	    From:       "PokerBot Max" <Akins_bend at>
	    Server: []
	    Date:       Sun 01 Oct 2006 23:28:06 -0600
	    Subject:    Make Money Online with PokerBot
	    Saved as:   user at 20061002/spam/k924USZ9020056

The server information is useful for users to quickly pick out the origin
of the message and often gives a very good indication of the likelihood of
the mail being genuine or not.

I guess that we would probably bounce or block around 85% of incoming 
connections, with the remainder being split between genuine and 
quarantined mail.  We typically quarantine only around 650 messages per 
day, so the storage requirement for our 2500 users is not significant - we 
keep it for 90 days.


Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

More information about the MailScanner mailing list