On Thursday 20 July 2006 12:41, Patrick Wolfe took the opportunity to write: > I noticed today that an image spam email passed through my > sendmail/mimedefang/spamassassin config, because it was addressed to > multiple destinations, one of which was an address configured as > "all_spam_to" address. > > It would be nice if only the mailbox that wants the spam got the spam, > instead of the existance of an any "all_spam_to" address causing the > message to be delivered to ALL of the listed destinations.
Because of the way SMTP works that's inherently problematic. After the mail
data is received you can only reject it for all recipients or none. In any
case, SpamAssassin in itself can't control which recipients get the mail,
only score it, so any solution has to be implemented (at least partly) in the
software that calls SA.
Typically you have to choose between calling SA at SMTP time, in which case
you can reject the message but have to do so for all recipients, and calling
SA at delivery time, in which case you can apply personal preferences but
have to keep all except *very* certain spam (because bouncing it is
unacceptable and discarding it can make you lose legitimate mail), or a
combination. The best and worst solution is to make your MTA limit the number
of recipients of each mail to one by returning a temporary error code for
every recipient after the first one. That way you can both reject at SMTP
time *and* apply personal preferences, but legitimate mail with many
recipients can be delayed for a long time.
The best solution may be to *not* use all_spam_to, but instead let the
software calling SA make different decisions based on whether the real
recipient is in a similar list of its own, and perhaps not running SA at all
if it is. If you call SA at SMTP time you can use temporary rejects to make
sure that the list of recipients doesn't contain addresses on the list
together with addresses not on it.
SA could be improved by not comparing the addresses/patterns in all_spam_to
against *all* recipient headers, but only a configurable one (according to
MTA/MDA used), e.g. Envelope-To, comtaining the real envelope recipient(s).
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
pgpEXIYkiRKOY.pgp
Description: PGP signature
