Reject vs. bounce

Scott Silva ssilva at sgvwater.com
Tue Oct 3 19:34:08 IST 2006 

Jim Holland spake the following on 10/3/2006 9:19 AM:
>> On 03/10/06, Tim Boyer <tim at denmantire.com> wrote:
>> (Snip good comment by Ken A)
>>> That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter
>>> - running all my SpamAssassin tests there.  My fear is that if I move them from
>>> there to a post-smtp scan, I'll lose the ability to reject.
>> Well, from a resource standpoint... You'd only be able to do rejection
>> after DATA, so all that would land you is that you don't "take
>> responsibility" for the NDN... You still gobble down all the message.
>>
>>> For instance, we once got a legitimate sales request that scored over 19 on SA.
>>> /dev/null fodder if ever there was one, but because I reject with a 'email
>>> postmaster if you're real' message, they re-sent and it got through.  If I scan
>>> afterwards, my only real options are discard it or tag it and do something with
>>> it, right?
> 
> eg quarantine it - see below.
>  
>> To be able to do that type of thing, you'd be needing "bounces" yes.
> 
> Bouncing should always be done at SMTP time and not by MailScanner - for
> reasons already stated by others.
> 
>> Or use a quarantine, perhaps with a very short retention period
>> (perhaps only viable for smaller setups, like mine:-).
> 
> Once mail has been accepted then why not quarantine all mail that is 
> flagged as spam?
> 
> An essential component of managing spam is to notify users of what has
> been rejected, and to quarantine the marginal mail rather than deleting it
> or rejecting it.  We send out two separate notifications per day to our
> users - one that indicates the mail that has been bounced at SMTP time,
> with reports in the following format:
> 
> 	Oct  2 14:56:02
> 	    sender: vczr at chrispowerz.wanadoo.co.uk
> 	    recip:  user at mango.zw
> 	    server: dsl.static81214188253.ttnet.net.tr
> 
> and the other that indicates mail that has been quarantined (where more 
> information is available for the report):
> 
> 	02 Oct 2006 06:30:49
> 	    From:       "PokerBot Max" <Akins_bend at hotmail.com>
> 	    Server:     static-66-16-28-242.dsl.cavtel.net [66.16.28.242]
> 	    Date:       Sun 01 Oct 2006 23:28:06 -0600
> 	    Subject:    Make Money Online with PokerBot
> 	    Saved as:   user at mango.zw 20061002/spam/k924USZ9020056
> 
> The server information is useful for users to quickly pick out the origin
> of the message and often gives a very good indication of the likelihood of
> the mail being genuine or not.
> 
> I guess that we would probably bounce or block around 85% of incoming 
> connections, with the remainder being split between genuine and 
> quarantined mail.  We typically quarantine only around 650 messages per 
> day, so the storage requirement for our 2500 users is not significant - we 
> keep it for 90 days.
> 
> Regards
> 
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
> 
Do you have any plans to share your scripts for notifying users?
I know that quarantine report does the latter, but I am curious about the
notifies on SMTP dropped mail. Sure, it isn't a "difficult" process, but why
re-invent the wheel?


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list