Gerard Seibert wrote:
On Monday October 23, 2006 at 11:49:47 (AM) Dennis Peterson wrote:
Gerard Seibert wrote:
On Sunday October 22, 2006 at 09:49:38 (PM) Dennis Peterson wrote:
Gerard Seibert wrote:
I would rather not use the '--force-scan' option since I am not
particularly interested in scanning outgoing mail. Perhaps someone has
an idea how to correct this problem.
Because you don't scan outgoing mail I have to scan incoming mail from
you. My usual response when I read this kind of thing is to just go
ahead and blacklist you now rather than later. Please practice safe
messaging.
That makes zero sense. Are you implying that if I were to scan an
outbound message you would eliminate your inbound scan? You do know how
stupid that sounds I assume.
You clearly don't understand the problem. If everyone scanned their
outbound I'd have fewer inbound to scan. I'd still scan them but there
would be far less scanning required. Still sound stupid?
Yes, because you are dealing in a real world, not some sort of
idealistic one that you would like to exist. To put it in language you
might better understand, "It ain't gonna happen". Furthermore, you
statement is illogical. If you would still pursue a course of scanning
all of mail, in what manner does my or anyone else's use of AV scanning
effect your scanning load? It doesn't effect it at all. Unless you were
going to introduce header checks into your mail system. That would
require even further overhead, plus you would be assuming that the
sender was placing whatever headers you were check for in his/her/their
mail accurately and not just spoofing the annotation. I personally would
never trust such a scheme.
I'd never have guessed this was rocket science, and I really should just
give up, but here goes one last try - if you scan your outbound and
discover in your logs that you have blocked 500,000 messages going out
from an infected internal source, that is 500,000 messages the rest of
the world will never see. Multiply this times the number of servers in
the world all scanning outbound and pretty soon we're talking real
numbers. Infected internal sources can include VPN connected PC's from
work-at-home or work-in-motel types who pick up something while surfing.
It happens all the damn time.
Again - you in this discussion is not 'you', but all the world's
messaging admins.
Anyway, we send out several times a week flyers to our customers. These
mailings range from 750 to 2000 messages per run. To scan 2000 identical
messages is insane, not to mention a total waste of system resources.
Other than going to the expense of setting up a separate mail server,
etc. I am looking for a way to circumvent this annoyance.
Configure your mta to not scan mail from certain addresses at a
particular IP. It's a good idea to use a separate IP address for mass
mailings so that you don't land your enterprise mailer on a DNSBL. There
are people out there that will opt-in to a list but send your UBE to
SpamCop anyway.
That would require two IPs which I do not presently own. I would have
to pay my ISP for another one. It would probably also require another
domain name to insure total separation of business divisions. The time
and money spend for the very slim advantage it might create is simply
no feasible at this point in time. I have dealt with SpamCop before. In
fact, I even have a paid account there. They are aware of our operation
and the double opt-in requirement. If any report did come to them, and
none has in over two years, we are notified first before any action is
taken.
Any advice given is for the general case - don't presume you are at the
center of the universe in these discussions. Not everyone has reasonable
customers, and some customers even when they've opted in will create
problems over non-mail issues (billing problems, notoriously).
Now Sorbs is a different matter. I do not know how they operate; however,
I have never had a problem with them either. All of our messages carry
full email headers, etc. SORBS, from what I was told, lists
organizations that either do not send full headers or attempt to mangle
or forge them. You might remember that Google was having its GMail
accounts blacklisted because of that garbage.
You need to think about SURBL, too. Not that you are listed, but that
you could be listed. Just a little fyi.
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
