We're already doing SMTP-time rejection of spam using an Exim/Exiscan-ACL/SpamAssassin setup on a gateway SMTP server. While it is up to the sending server to generate an NDR, most servers will insert the 55x error returned from the receiving server into said NDR. Our returned error says "Sorry, this message appears to be spam. Contact postmaster if you feel this is in error". However, this has never been a problem for us, simply because our SMTP rejection threshold is 8, and I've never had a legitimate false-positive with that high of a score. Even if we were to have legitimate false-positives, at least the sender would get something back, and in most cases would simply pick up the phone and call the recipient. Generating custom NDR's is nice, but it puts the burden of delivering that NDR on your server. For the vast-majority of message rejected by a spam filter, that NDR will never be delivered, or will be delivered to an innocent third-party.
The appeal of SMTP-time rejection isn't the bandwidth savings, it's the ability to properly inform the sender of a rejection while avoiding generating bogus NDRs for falsified senders. We also use the same process for virus scanning, which is also done during the SMTP session. Our mail load is low enough to allow this with no impact. The major downside of SMTP-time scanning/rejection is the inability to have any type of per-user settings, because a message can be destined for multiple recipients on your server. In that case, how do you know who's settings to use when scanning the message? Since you can't reject individual recipients in the DATA phase, you need to use corporate-wide settings during SMTP time rejection. Every organization is going to be different, but for us SMTP-time rejection has been a great system. Steven --- Steven Dickenson <[EMAIL PROTECTED]> Computer Network Manager The Key School, Annapolis Maryland -----Original Message----- From: Erick Thompson [mailto:[EMAIL PROTECTED] Sent: Thursday, May 27, 2004 1:39 PM To: Exchange Discussions Subject: RE: Exchange 2003 SP1 for spam Are you at all concerned about false positives when you reject at SMTP level? It seems like you're hoping that the sending user is savvy enough to know how to look into the NDR and figure out their email was detected as spam. If you want until the email has arrived, you can generate a friendly NDR that most users will be able to figure out (assuming it's not caught as spam itself). >From a bandwidth perspective, I can see the reason to not generate custom NDRs, but isn't the false positive problem huge? Thanks, Erick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Dickenson, Steven > Sent: Wednesday, May 26, 2004 5:59 PM > To: Exchange Discussions > Subject: RE: Exchange 2003 SP1 for spam > > Stidley, Joel wrote: > > and how you want to block it (Archive/Delete/No Action/Reject). The > > Does the reject option occur during the SMTP session, or > after the mail has already been accepted? If it's the > latter, and thus requires the generation of a NDR, then it's > no better than the spam I'd be trying to block. If it's the > former, I'd have to seriously consider replacing my > Exim/Exiscan/SpamAssassin setup. > > Steven > --- > Steven Dickenson <[EMAIL PROTECTED]> Computer Network > Manager The Key School, Annapolis Maryland > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
