Reject vs. bounce

Jim Holland mailscanner at mango.zw
Tue Oct 3 21:30:48 IST 2006


On Tue, 3 Oct 2006, Scott Silva wrote:

> Jim Holland spake the following on 10/3/2006 9:19 AM:

> > An essential component of managing spam is to notify users of what has
> > been rejected, and to quarantine the marginal mail rather than deleting it
> > or rejecting it.  We send out two separate notifications per day to our
> > users - one that indicates the mail that has been bounced at SMTP time,
> > with reports in the following format:
> > 
> > 	Oct  2 14:56:02
> > 	    sender: vczr at chrispowerz.wanadoo.co.uk
> > 	    recip:  user at mango.zw
> > 	    server: dsl.static81214188253.ttnet.net.tr
> > 
> > and the other that indicates mail that has been quarantined (where more 
> > information is available for the report):
> > 
> > 	02 Oct 2006 06:30:49
> > 	    From:       "PokerBot Max" <Akins_bend at hotmail.com>
> > 	    Server:     static-66-16-28-242.dsl.cavtel.net [66.16.28.242]
> > 	    Date:       Sun 01 Oct 2006 23:28:06 -0600
> > 	    Subject:    Make Money Online with PokerBot
> > 	    Saved as:   user at mango.zw 20061002/spam/k924USZ9020056
> > 
> > The server information is useful for users to quickly pick out the origin
> > of the message and often gives a very good indication of the likelihood of
> > the mail being genuine or not.
> > 
> > I guess that we would probably bounce or block around 85% of incoming 
> > connections, with the remainder being split between genuine and 
> > quarantined mail.  We typically quarantine only around 650 messages per 
> > day, so the storage requirement for our 2500 users is not significant - we 
> > keep it for 90 days.

> Do you have any plans to share your scripts for notifying users?
> I know that quarantine report does the latter, but I am curious about the
> notifies on SMTP dropped mail. Sure, it isn't a "difficult" process, but why
> re-invent the wheel?

The two scripts I use are somewhat customised for usage here, and are
specific to sendmail.  They are a mixture of bash and perl and have just
grown to get the job done - not very pretty and they still have a few
bugs.  I am just a hacker, so my programming style would probably result
in much mirth from the real programmers on this list (eg bash pipes in the
perl script and sections of perl scripting in the bash script).  I would
need to tidy them up somewhat to make them more generic.  If there is
any interest then I would be prepared to let others see them, if only to
stimulate them to do better.

One of the problems with SMTP whitelisting is that because sites can be
blacklisted in so many ways in the access file I wouldn't know where to
start with automating the whitelisting.  For the moment I just grep the 
maillog file, find out how the message got blocked, and then take 
appropriate action in the access file - very tedious.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service



More information about the MailScanner mailing list