RE: [sa] Re: SMTP REJECT after DATA (was: SpamAssassin Milter Plugin...)
Now THAT is off-topic. We are discussing the use of SA at SMTP time. Please stay on-topic for this group, and for this thread. If you actually care to continue, I expect a reasonable response to my arguments about rejection being better than bouncing or silent diversion. Geez, you didn't even try to advocate a system of notices to the user to overcome the 'silent' portion of that argument. Do I have to argue both sides for you? :) - C Charles, with all due respect and in right spirit you know way too much for anyone to have an argument with you... if you cannot implement all processing and reject in DATA phase, then well... there it is... work on it... your next post says you sometimes have to reject after... and i quote you --- Charles Gregory Quote:Re: [sa] Re: SMTP REJECT after DATA The only efficiency to be gained is to reject as much as possible after the RCPT_TO, before accepting DATA. But for systems like mine, with lousy user cooperation, rejecting some of the mail after DATA is still the best option. --- i would say you are arguing both sides and that it might be the issue. i would tend to believe that most have made the choice not to straddle the fence are you blaming the users for your administration? ;-) - rh
Re: [sa] Re: SMTP REJECT after DATA (was: SpamAssassin Milter Plugin...)
On Tue, 9 Mar 2010, Kai Schaetzl wrote: and you find it doesn't make sense to spam-scan messages and reject them in/after DATA stage in a real world scenario. You ignore my arguments. Hardly surprising. You reword yours, but say nothing new. It makes only sense if you are die-hard spam-fighter who wants to retaliate... I stated my objectives and they have nothing to do with this pathetic straw-man argument. Most if not all of your arguments are arguments for spam-filtering mail, not in favor of rejection at DATA stage. How is that English-as-a-second-language class coming along? I refuse to bore this group by repeating arguments that you so grossly mis-categorize in a feeble attempt to promote your point of view. Last, keep in mind that filtering mechanisms in whatever stage are not solely meant for rejecting or spam-fighting, they are for *filtering* and then assigning appropriate actions - which often have nothing to do with spam/malware detection at all. Now THAT is off-topic. We are discussing the use of SA at SMTP time. Please stay on-topic for this group, and for this thread. If you actually care to continue, I expect a reasonable response to my arguments about rejection being better than bouncing or silent diversion. Geez, you didn't even try to advocate a system of notices to the user to overcome the 'silent' portion of that argument. Do I have to argue both sides for you? :) - C
Re: [sa] Re: SMTP REJECT after DATA
On Tue, 9 Mar 2010, Andy Dorman wrote: So even if we can decide an email is spam before the DATA stage, it makes no difference since we have to store the thing for a while anyway in case the user wants to look for something caught that shouldn't be. (nod) To rely on this methodology requires that you *rely* upon your users to apply a conscientious and consistent system of reviewing their spam trap/folder on a regular basis. If you have this, then without sarcasm I would say you are very fortunate. But in a system like mine where educating ignorant users is difficult at best, it feels a bit too dangerous to allow (too much) mail to be received and held without notice to the sender. And unfortunately SMTP protocols do not contain a code to tell the sender that mail was 'accepted but held for review'. The only way to do that is with a separate mail, and that leads back to the backscatter horrorshow, which I am quite sure you would never advocate :) So for us (and we recognize not for everyone), the policy/practice we have chosen is the most workable and efficient. I think the only reason I leaped into this thread was because of the overbearing attitudes that seemed to completely ignore the fundamental notion of YMMV - C
Re: [sa] Re: SMTP REJECT after DATA
On Tue, 9 Mar 2010, David Morton wrote: Charles Gregory wrote: Indeed, it makes far LESS sense to have a system accept mail but send it to a spam folder. Maybe in your particular situation, but you can hardly apply that to everyone (nod) It was subject to the conditions I consider 'wide spread' but by no means universal: the failure of users to review spamtraps. - since we are supporting several large companies that find it more acceptable to quarantine mail than to reject it, and *have* trained their employees to look in a spam folder in the rare case that it is needed. Stop it! You're making me jealous! LOL If postfix and amavisd-new have improvements lately that allow for efficient rejecting at SMTP time, that's great! The only efficiency to be gained is to reject as much as possible after the RCPT_TO, before accepting DATA. But for systems like mine, with lousy user cooperation, rejecting some of the mail after DATA is still the best option. Again, I emphasise 'some', and only speak out because someone is describing any approach other than their own as 'misguided'. You are not misguided, and neither am I. We just have different situations. Hmm... policy. Sounds a lot like a feature of postfix, doesn't it? LOL... And not at all 'misguided' :) - C
Re: [sa] Re: SMTP REJECT after DATA
On Tue, 9 Mar 2010, Ted Mittelstaedt wrote: There are other reasons not to do this, for instance legal ones. Again, you are quoting arguments that favor SMTP reject. It is better to reject a mail, so that legitimate senders know it, rather than have them believe it was delivered when it was sent into a spam folder... This is one of the stupidest arguments in this thread Well, hey, now that we've got *that* off our chest NOBODY is legally required to accept e-mail. That is a crock of baloney. Well then it's a good thing I didn't say that, isn't it? It is NOT illegal to break a contract. It's called 'fraud'. Look it up. - C
Re: [sa] Re: SMTP REJECT after DATA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Gregory wrote: You are not misguided, and neither am I. We just have different situations. Hmm... policy. Sounds a lot like a feature of postfix, doesn't it? LOL... And not at all 'misguided' :) Wait, stop the presses! An agreement has been reached! LOL - -- David Morton morto...@dgrmm.net Morton Software Design http://www.dgrmm.net - Ruby on Rails PHP Applications Maia Mailguard http://www.maiamailguard.com- Spam management for mail servers -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLlq6ZUy30ODPkzl0RAvL/AJoDEFFBCC6l8kKuwK2p+8ZvrTBXagCgiWBx Wa+O9oaUQiKkYtz8QpvgwI4= =V1z8 -END PGP SIGNATURE-
Re: [sa] Re: SMTP REJECT after DATA
Charles Gregory wrote: On Tue, 9 Mar 2010, Ted Mittelstaedt wrote: There are other reasons not to do this, for instance legal ones. Again, you are quoting arguments that favor SMTP reject. It is better to reject a mail, so that legitimate senders know it, rather than have them believe it was delivered when it was sent into a spam folder... This is one of the stupidest arguments in this thread Well, hey, now that we've got *that* off our chest NOBODY is legally required to accept e-mail. That is a crock of baloney. Well then it's a good thing I didn't say that, isn't it? I never said YOU said it. Since clearly you didn't start tossing around the term legal and you were arguing against it, why the hell are you now deciding to defend such a stupid, idiotic, ignorant, moronic usage of the term now? It is NOT illegal to break a contract. It's called 'fraud'. Look it up. No, sorry, it's NOT fraud. Fraud requires proving an intentional misrepresentation. Breaking a contract does not imply that the contract was entered into with an intent to break it. As I said, the example would be a civil dispute, not criminal. Ted
Re: [sa] Re: SMTP REJECT after DATA
On Tue, 9 Mar 2010, Ted Mittelstaedt wrote: It is NOT illegal to break a contract. It's called 'fraud'. Look it up. No, sorry, it's NOT fraud. Fraud requires proving an intentional misrepresentation. Well duh. Did you think I meant something else? Breaking a contract does not imply that the contract was entered into with an intent to break it. But sending back an SMTP 'delivered' response when the mail was diverted to a spam folder could be PERCEIVED as misrepresentation (and therefore fraud, because clearly the decision to divert is based in policies established long before the implicit 'contract' of accepting a mail). But again, I stress this is only true for the STUPID USER who does not understand that the spam folder is an alternate form of delivery TO THEM. My responsibility is complete (and legal) when that mail is delivered to either location. It's all about the hassle and misperceptions. The fewer times I have to explain to users how their mail 'disappeared', the easier my life :) And please remember that my entire context was only to stress that my weak definition of 'something illegal' was in CONTRAST to the utterly ridiculous notion that rejecting a mail at SMTP DATA time had anything illegal to it at all! - C