> I'm not very fond of silently dropping high scoring spam on the floor since > any "real" senders will not be notified of their message not getting through.
"Real" senders don't generally score over 15 - I silently drop anything over 10 on both my work (120 users) and home (3 users) systems, and have only ever had 1 false positive in 4 years. The best way to handle this is to always notify the administrator on close decisions, so you can see what is happening on your system, and pick up any false positives (or false negatives) so you can deal with them. For our system, anything scoring between 10 and 15 causes a notification to me so I can see what is being rejected on a close call, plus everything between 5 and 10 causes a notification so I can see what is almost being dropped but tagged as Possibly Spam. The reason I drop anything which I've classified as being Definitely Spam is because almost all of it has an invalid or spoofed return address, so either it causes some innocent person to get a bounce message possibly containing the Spam (which could be offensive), or your mail server gets a very long queue of messages which cannot be delivered because domains either do not resolve, or appear offline, or the spoofed sender's mailbox is full due to everyone bouncing the Spam. In your case, I would either whitelist the mailing list address and accept that you will get Spam via the list, or silently drop anything which you are sure is Spam (and 15 is a very conservative score). Bouncing messages will always get you into trouble with any mailing list, so if you really must bounce Spam, only bounce it to non-list addresses - the logic to do this is up to you, but I'd have a list of exceptions and my own bounce function which checks the list and then if necessary calls action_bounce() as required. Best Wishes, Paul. -- ------------------------------------------------------- Paul Murphy Head of I.T. Argenta Discovery Tel. 01279 645 554 Fax. 01279 645 646 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
