Dino Edwards wrote:
E-mail should never be quarantined unless there is a mechanism for the
recipient to release those messages from quarantine themselves. You
never want to be responsible for an e-mail NOT reaching its intended
recipient. People get very upset when they don't receive e-mail they
believe they should receive. If the e-mail is important enough and not
receiving it caused them harm or financial loss, they will take you to
court.
Let's face it, the decision whether or not an e-mail is legitimate or
not is made by a machine. That mechanism is not always perfect and it
will yield false positives from time to time. The ultimate decision
of whether to keep or discard that message should be made by the
recipient not the machine.
Rich Wales wrote:
My assumption is that if I were to run SpamAssassin and amavisd-new on
my
MX hosts -- which, BTW, are cloud servers -- this would keep junk (or
suspected junk) from tying up network bandwidth on my main system.
Quanah Gibson-Mount wrote:
It's illegal to quarantine in some countries. ;)
Quarantining does not imply non-delivering or rejection.
In amavisd quarantining is configured entirely independently from
mail contents (ham/spam/...) and from a decision on its fate
(pass/reject/discard/bounce).
It's illegal to quarantine in some countries. ;)
What you probably meant is that discarding a message is illegal
(i.e. not delivering and not notifying a sender of non-delivery).
Quarantining by itself is independent from the above requirement,
although it may be subject to privacy and data retention regulations.
One advantage of invoking a content filter directly by a MX mailer
in a pre-queue setup is than an undesired message can be rejected
at an SMTP stage (5xx SMTP status). Independently of this a message
may or may not also be quarantined. Rejecting (not bouncing) a
message lets the true sender be notified of non-delivery, thus
complying with regulations.
(If the plan was to run a content filter in a post-queue setup,
there is no advantage in running it on a MX, as the option of
rejecting a message is already lost).
Even if amavisd is invoked by a MX, it need not run on the
same host as a mailer. Two MX hosts may share a single amavisd
service, as they all communicate through a standard SMTP / TCP
network protocol.
Mark
