hello from maryland, just outside of washington d.c., and thank you for your excellent work on blackhole.
i've installed a wide mix of anti spam and anti virus programs on linux running qmail, including spamassassin, sophos mmsmtp, tmda, qmail-queue patch, qconfirm, bogofilter, razor, and several others. i'm still unable to accomplish everything i want, and i wonder if the solution would be blackhole, either solely or in some combination with some or all of these other tools. it seems really stupid to me for an smtp gateway to blindly accept email, for several reasons. sophos built their own smtp gateway that does not accept email containing virii. this is brilliant. but they are somewhat reinventing the wheel: specifically, their original release (ridiculously) had no email relaying controls, and their latest release does not have nearly the features or configurability of qmail-smtp with tcpserver. this needs much work. qmail-smtpd has its "controls/badmailfrom" file that is supposed to prevent it from accepting email from any envelope sender domain listed therein. this needs much more work: why not allow specific sender addresses? coupled with ip address matching? using a fast cdb database? etc. etc. tmda requires confirmation (either one time via whitelist, or per-every-email) before delivering email, although this requirement is invoked from .qmail, after the email has been accepted by and transmitted into qmail's smtp server and subsequent queue. if no confirmation (usually due to nonexistent and/or invalied spam envelope sender address), the (likely) spam email queues up locally and retries for a week. this seems to unnecessarily amplify the waste caused by spam. i wonder if there is a way to use: 1. qmail's tcpserver (for its relay and access control and poor but better-than-nothing "controls/badmailfrom"), 2. coupled with sophos mmsmtp (for excellent and very fast antivirus stopping before queue injection, though suffering poor acccess control), (qmail-queue patch could work here, preventing junk from being injected into queue) 3. coupled with tmda (for excellent confirmation and handling, except that it only works after all the junk is freely allowed in and it amplifies noise by confirming against nonexistent addresses), 4. coupled with blackhole to glue all these together do you have any thoughts or guidance on this? thank you. --michael _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
