5xx error (return DENY). I presume we could return a DENYSOFT to give a 4xx error instead.
But why would you want to? If it's spam this time, it is likely to be spam next time, too...
The first is the processing required.
We run spamd in Unix socket mode; apart from the memory required for the resident images, it runs very fast and not at all noticable under load. Of course, I am running dedicated e-mail smart relays (Cobalt RAQ550-equivalents), so the only thing they are doing is receiving e-mail.
The second concern is the likelyhood of bouncing or dropping legit commercial email.
Set the reject_threshold very high, and you will be unlikely to block even the most suspect-looking, yet legitimate, e-mail. We are using this:
spamassassin reject_threshold 30 munge_subject_threshold 12 spamd_socket /var/run/spamd.sock
HTH
John
