Reject vs. bounce

Glenn Steen glenn.steen at gmail.com
Wed Oct 4 08:18:39 IST 2006 

On 03/10/06, Jim Holland <mailscanner at mango.zw> wrote:
> > On 03/10/06, Tim Boyer <tim at denmantire.com> wrote:
> > (Snip good comment by Ken A)
> > >
> > > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter
> > > - running all my SpamAssassin tests there.  My fear is that if I move them from
> > > there to a post-smtp scan, I'll lose the ability to reject.
> >
> > Well, from a resource standpoint... You'd only be able to do rejection
> > after DATA, so all that would land you is that you don't "take
> > responsibility" for the NDN... You still gobble down all the message.
> >
> > > For instance, we once got a legitimate sales request that scored over 19 on SA.
> > > /dev/null fodder if ever there was one, but because I reject with a 'email
> > > postmaster if you're real' message, they re-sent and it got through.  If I scan
> > > afterwards, my only real options are discard it or tag it and do something with
> > > it, right?
>
> eg quarantine it - see below.
As was one of my points...

> > To be able to do that type of thing, you'd be needing "bounces" yes.
>
> Bouncing should always be done at SMTP time and not by MailScanner - for
> reasons already stated by others.
Jim, who are you trying to convince?;) I'm part on the choir on this
one (although I prefer to refer to SMTP time "bounces" as the
rejections they really are;-).
On the straight question from Tim though, he is correct that if you
have accepted the message, you need bounce it to mimic the same
behaviour. That it is icky and error-prone and that Jules nice
informative bounces are not really helping for general wholesale
bouncing is another matter.

>
> > Or use a quarantine, perhaps with a very short retention period
> > (perhaps only viable for smaller setups, like mine:-).
>
> Once mail has been accepted then why not quarantine all mail that is
> flagged as spam?

Yes, this is exactly what I do. If the quarantine grows out of
proportion, I will employ different retention periods for high/low
scoring spam... but so far that has not been needed (for me). Hence my
suggestion.

>
> An essential component of managing spam is to notify users of what has
> been rejected, and to quarantine the marginal mail rather than deleting it
> or rejecting it.
(snip nice policy-dependant suggestions/descriptions)

> I guess that we would probably bounce or block around 85% of incoming
> connections, with the remainder being split between genuine and
> quarantined mail.  We typically quarantine only around 650 messages per
> day, so the storage requirement for our 2500 users is not significant - we
> keep it for 90 days.

On any day, I see typically the same number of quarantined messages,
for our very much fewer users. So far that has been manageable (I do
have the same default retention period as you have... Well, actually
93 days:). The policy I toil under (which is in a large part driven by
applicaple law (for .gov in Sweden)) doesn't come out and say that it
is the recipients that need inspect the quarantine though, so we only
have a few people doing that (with MailWatch, no less:-).

So (as with everything) it comes down to law, standard and policy
regarding what you can do, and how... as usual:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list