----- Original Message ----- From: "Tim Philip" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 14, 2004 8:34 PM Subject: Re: Found a way to avoid spamassassin! How to fix?
| I hope by "dev/null the bad email" you only mean the mail which has been | accepted | on the external gateway with an @psfc.mit.edu sender address and that | subsequently | bounces because the @psfc.mit.edu receiver address is invalid. dev/nulling | any other | mail is a *bad* idea - anyway for other than personal mail systems. in my case I choose to dev/null instead of having a catchall account which is the same thing, except I get a full mailbox full of junk. Our process looks something like this: all mail is initially accepted once accepted a check for a valid email address is made on an individual email address basis. to: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc: [EMAIL PROTECTED], [EMAIL PROTECTED] bcc: [EMAIL PROTECTED] in this case x@ and y@ are not a part of the mix and are not acted upon a@, b@, c@, real@, real2@ are all tested individually in this case a@, b@, c@ are not real addressess, -> dev/null no further processing and no NDR real@, real2@ are processed via local filter rules and handed off to SA real@, real2@ are delivered (tagged or untagged) | | Why? Because if your MTA takes delivery of a message it must either deliver | it or | try to send an NDR back to the sender - this per a number of mail RFCs. | Obviously | in this day and age when every second mail has a forged sender address this | nice | behaviour is outdated - but its still the valid way for MTAs to behave. if you look at some of the proposed specifications for internet mail IM2000 is one (not suggesting this is the solution just an example) the concept of NDR is eliminated | | The only real answer to this problem is to refuse to accept the mail in the | first | place by returing a hard 5xx error during the initial SMTP negotiation. The | onus | is then on the sending server and not yours. "Accept then bounce" mailers | are | a pet gripe of quite a few of the more militant anti-spam people. Whereas | mail | systems in which mail silently disappears (to dev/null) is one of mine! :) | how would this differ from a catchall account where in reality, there would be no bad addresses. In the example above (assuming I have a catchall mailbox instead of dev/null 'ing bad addresses): instead of a@, [EMAIL PROTECTED] c@ being dev/null 'd they would go to my catchall account. In either case, dev/null or catchall, there are no NDR's and in both cases they end up in the bit bucket. In both cases, the bounce traffic is nil. Just my 2cents (measured in 1998 money) Regards Greg
