Re: [courier-users] Best practice for SMTP level spam filter

[Sam Varshavchik]

Gordon Messmer writes:


On 04/11/2016 12:22 PM, Jeff Potter wrote:
> Gordon, could one potentially change the replies after the first RCPT TO  
to 4xx responses, to ensure the incoming message is being delivered to  
exactly one user?


Not exactly.  Courier's mail filtering API only issues one call, after
the body is available.  There's a separate API to run users' mail
filters with maildrop's embedded mode, but unlike Sendmail's milter API,
Courier's API isn't available at every stage of the SMTP conversation.


maildrop's embedded mode runs for RCPT TO, and DATA commands. Additionally,  
when using the embedded in the default configuration, Courier will defer,  
using 4xx, recipients that do not have the embedded mode filter activated.





pgpNA4oCdxHDY.pgp
Description: PGP signature
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] handle spam

[SZÉPE Viktor]

Idézem/Quoting Gordon Messmer :

> On 04/09/2016 09:25 AM, SZÉPE Viktor wrote:
>> Looking at Gordon's greylist.py that would be the "remember" part, and
>> combining it with DNSBL lookup from whitelist_dnswl.py ...
>> but:(  I am not a python developer.
>
> Sounds like another use case for making individual filters conditional.
> It's on my list, but I haven't put a lot of time into that code lately.

Thank you.

An RBL dependent one-time deferring mechanism would be fantastic.



SZÉPE Viktor
-- 
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, III. kerület





--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] handle spam

[Gordon Messmer]

On 04/09/2016 09:25 AM, SZÉPE Viktor wrote:
> Looking at Gordon's greylist.py that would be the "remember" part, and
> combining it with DNSBL lookup from whitelist_dnswl.py ...
> but:(  I am not a python developer.

Sounds like another use case for making individual filters conditional.  
It's on my list, but I haven't put a lot of time into that code lately.

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

[Gordon Messmer]

On 04/11/2016 12:22 PM, Jeff Potter wrote:
> Gordon, could one potentially change the replies after the first RCPT TO to 
> 4xx responses, to ensure the incoming message is being delivered to exactly 
> one user?

Not exactly.  Courier's mail filtering API only issues one call, after 
the body is available.  There's a separate API to run users' mail 
filters with maildrop's embedded mode, but unlike Sendmail's milter API, 
Courier's API isn't available at every stage of the SMTP conversation.

Could it be?  You could probably patch milter support into the Courier 
SMTP server, sure.

> Admittedly, this would require a change inside courier itself (unless MAXRCPT 
> applies to incoming SMTP transactions too?), and I could see poorly 
> implemented SMTP servers trying to deliver getting gummed up by it…

Well implemented or poorly, you'd be forcing retransmissions for every 
user.  If there were no delays, that'd merely increase your bandwidth 
utilization.  Proper implementations are going to back off on 
retransmissions, though, so every user after the first is going to get 
that message much later than the first delivery.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

[Jeff Potter]

> Most mail gateways that I've worked with deal with this by rejecting 
> mail when no recipients would accept the message.  For messages with 
> mixed results, the message is accepted and delivered to some and 
> quarantined for others.

Gordon, could one potentially change the replies after the first RCPT TO to 4xx 
responses, to ensure the incoming message is being delivered to exactly one 
user? Admittedly, this would require a change inside courier itself (unless 
MAXRCPT applies to incoming SMTP transactions too?), and I could see poorly 
implemented SMTP servers trying to deliver getting gummed up by it…

Bernd, in practice, what I’ve found is taking the most lenient spam filtering 
threshold for a group of recipients “generally” works. Most spam we’ve seen 
coming in to multiple users gets delivered over multiple connections, not in 
one batch.

-Jeff


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Best practice for SMTP level spam filter

[Gordon Messmer]

On 04/09/2016 09:19 PM, Bernd Wurst wrote:
> We use delivery by .courier files for both, local user accounts /
> aliases and virtualdomains. Spam filtering happens with some custom
> scripts inside the .courier files and therefore only deletion, sorting
> or bouncing is available.

Bouncing mail, especially spam, after it's accepted is a terrible idea.  
In .courier and .mailfilter, you should only deliver or drop mail.

> We need to give users a choice about spam filtering, so the filter must
> have some "don't scan for these recipients" list. If the filter could
> use custom spamassassin config and bayes-DB, this would be great but
> it'll also work without that.

SMTP doesn't really work that way.

It's possible to scan the message during SMTP.  It's possible to deliver 
or drop on a per-recipient basis, as well.  You simply mark the message 
delivered for those recipients who wouldn't want to receive it.  
However, there's only one response to the sender.  If you reject the 
message, which was your stated goal, then no one gets the message.

Most mail gateways that I've worked with deal with this by rejecting 
mail when no recipients would accept the message.  For messages with 
mixed results, the message is accepted and delivered to some and 
quarantined for others.

pythonfilter has support for quarantining messages.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users