On Mon, May 11, 2015 at 03:31:51PM -0400, Michael Orlitzky wrote: > On 05/11/2015 03:29 AM, Eray Aslan wrote: > > On Mon, May 11, 2015 at 04:26:01AM +0000, Robin H. Johnson wrote: > >> TL;DR: As of May 17, @gentoo.org will drop incoming spammy mail instead of > >> delivering it. Speak now or hold your peace. > > > > Believe me I understand your pain. Been there done that. However, > > dropping mail is never a good idea. You are mucking with the > > dependebility of the email. > Is there some reason a pre-queue filter (with amavisd-new) wouldn't > work? Then we could reject the spammy messages (at SMTP time) instead of > silently dropping them. By drop, I will clarify that they should ideally be rejected at SMTP time, not silently dropped.
amavis settings for this in theory are: $sa_kill_level_deflt = 20.0; $sa_dsn_cutoff_level = 20.0; $sa_crediblefrom_dsn_cutoff_level = 20.0; $final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_REJECT; (The other choices are D_PASS, D_BOUNCE, D_DISCARD) D_REJECT is supposed to just reply to the SMTP error. It's doing that, but it's ALSO sending a NDN, despite amavis settings to the contrary. Here's a quick test, with D_REJECT that show the NDN being sent (and rejected since that address was probably faked). May 11 20:00:45 woodpecker postfix/smtpd[21896]: E83DF34098C: client=unknown[183.93.114.52] May 11 20:00:46 woodpecker postfix/cleanup[21836]: E83DF34098C: message-id=<> May 11 20:00:46 woodpecker postfix/qmgr[21745]: E83DF34098C: from=<[email protected]>, size=5678, nrcpt=1 (queue active) May 11 20:00:53 woodpecker amavis[21935]: (21935-01) Blocked SPAM {RejectedInbound}, [183.93.114.52]:4758 [183.93.114.52] <[email protected]> -> <[email protected]>, Queue-ID: E83DF34098C, mail_id: 6k-hfYzAtEKp, Hits: 26.004, size: 5678, 6812 ms May 11 20:00:53 woodpecker postfix/bounce[21847]: E83DF34098C: sender non-delivery notification: 7ECE534098D May 11 20:00:53 woodpecker postfix/cleanup[21754]: 7ECE534098D: message-id=<[email protected]> May 11 20:00:53 woodpecker postfix/qmgr[21745]: 7ECE534098D: from=<>, size=7622, nrcpt=1 (queue active) May 11 20:00:53 woodpecker postfix/qmgr[21745]: E83DF34098C: removed May 11 20:00:53 woodpecker postfix/smtp[21837]: E83DF34098C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=4.8/0/0.01/6.8, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=21935-01 - spam (in reply to end of DATA command)) May 11 20:01:25 woodpecker postfix/qmgr[21745]: 7ECE534098D: removed May 11 20:01:25 woodpecker postfix/smtp[21773]: 7ECE534098D: to=<[email protected]>, relay=mxbiz1.qq.com[184.105.206.87]:25, delay=32, delays=0/0/30/1, dsn=5.0.0, status=bounced (host mxbiz1.qq.com[184.105.206.87] said: 550 Mail content denied. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 (in reply to end of DATA command)) -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : [email protected] GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
