On 2003-08-27 10:32:59 -0500, Daniel J McDonald wrote:
> On Wed, 27 Aug 2003, Peter J. Holzer wrote:
> > But you can also use SpamAssassin directly from the MDA (e.g., with
> > spamass-milter for sendmail, or with qpsmtpd as a qmail-smtpd
> > replacement) and then you can reject mails which exceed a certain
> > threshold. IMHO this is preferrable to just throwing mails into the
> > bitbucket.
> >
> > There is a general problem with doing checks in the MTA, though: If you
> > are already into the DATA phase, you can only reject or accept the mail
> > as a whole - you cannot accept it for some recipients, but not for
> > others. So it it a bit difficult to implement different checks for
> > different users.
>
> That's where a program like amavis-new comes in. I use Amavis-new with
> SpamAssassin/Razor, plus clamav, and it allows me to tailor rejections per
> user. Amavis works best with postfix, but there are milter variations.
> With postfix, the message is received by the postfix mailer, a 250 is sent
> off, and then the message is forwarded to amavis. Amavis recieves the
> mail via lmtp, does it's filtering magic, and then either sends a DSN,
^^^^^^^^^^^^
This is something you generally don't want to do if it is spam or a
virus, since the return path is almost certainly forged. If you send
DSNs, you will either mailbomb some poor soul[0] or get a lot of double
bounces. OTOH, if the mail is legitimate (and it does happen that some
legitimate mail is erroneously flagged as spam[1] or a virus), then you
should notify the sender. Unfortunately the two cases aren't easily
distinguishable, so you are in a bit of a dilemma here.
One of the qpsmtpd users had a rather elegant idea on handling this:
At the end of the data phase, it is checked whether the mail is accepted
or rejected for all recipients. If that's the case, a 2xx resp. 5xx
reply is generated. If it is only accepted for some recipients, but not
for others, a 2xx reply is generated, the mail is accepted, and DSNs are
sent for those recipients which denied the mail. This avoids DSNs for
the most common cases, where either there is only one recipient or the
mail is rejected for all recipients.
(LMTP (RFC 2033) extends SMTP to return multiple responses to DATA.
Unfortunately RFC 2033 explicitely discourages use of LTMP outside of
LANs)
hp
[0] How many Sobig viruses have you received? And how many notices
telling you that you have been sending a Sobig virus? IMHO
ill-configured virus checkers have been a larger problem than the
virus itself.
[1] Anybody here still using osirusoft's blackhole lists?
--
_ | Peter J. Holzer | Humor ohne Emoticons ist trockener Humor.
|_|_) | Sysadmin WSR |
| | | [EMAIL PROTECTED] | -- Toni Grass in aip
__/ | http://www.hjp.at/ |
pgp00000.pgp
Description: PGP signature
