>> > I have all that running already, that's the easy part. > > What I'm suggesting here is a method of refusing the incoming message at > the SMTP level, so it doesn't make it to the scanner as it is simply > turned away at SMTP with a 5XX error to the sending MTA. > > I know a patch exists now to turn away based on file attachment that > someone did up for the Sobig.F action. Yes we can discard this at the > Qmailscanner check, but it would be nice if we could simply refuse to > even accept the message at the SMTP level, which in turn lightens the > load on the scanner and cuts down on bandwidth usage too. > > The first thing I'd like to see though is the subject line scan at SMTP > level, this would allow us to refuse to accept messages with > objectionable subject lines so we can make a good attempt at getting rid > of the spam. Tagging with SpamAssassin is fine, but it still means the > end user has to look at subject lines with the latest Viagra offers, > etc. I know my ISP clients would be quite happy if we could drop those > types of spams at the door entirely. > > We could use Qmailscanner to quarantine those spams, but I would much > prefer to send the spammers a message by not accepting their nonsense > entirely at the front door :)
ahhh I see.... yes that would be nice. btw, where did you find the sobig patch? we got clogged up by that one and i couldn't figure out how to make qmail-scanner/clamav just drop those emails. it ended up sending back a reply to all those senders saying they had sobig, even though they probably didn't.
