On Sun, 2010-02-28 at 12:13 -0800, damuz wrote: > > > Martin Gregorie-2 wrote: > > > > > > How is SA used by your hosted email MTA, IOW is Spamassasin called in > > pre-queue before the mail has been accepted or is it called later? > > > > How much control do you have over that server? Can you set up > > grey-listing for your domain on it? > > > > If you're getting much backscatter (remote MTAs sending 'unknown user' > > rejections for mail with a forged sender), consider setting up an SPF > > record for your domain. Well-behaved remote MTAs will use it to check > > for forged senders and not send the rejections if the sender was forged. > > > > It would be better to let the MTA reject unknown users as part of > > pre-queue processing because that puts less processing load on the main > > chain. Do you have enough access to do this? > > > > > > Martin > > > > > > I'll answer as best as I know. > Our network runs SBS2003 and Exchange deals with the outgoing mail and > collects it from the hosting company which also hold the website. > SA is configurable from the hosting sites Cpanel (web login) and I'm > assuming that as it 'tags' and 'scores' the mail that Exchange then > downloads, that it is called in after the mail has already been accepted. I > don't really know. > My point was that rejecting mail for unknown users on your site is best done by the hosting MTA, not SA. This means that you need access to the MTA configuration, rather than the SA configuration. Once mail has been accepted by the hosting MTA you can only deliver it or throw it in a bit bucket. You should *not* reject it at this stage or you become part of the junk mail problem.
Grey-listing: I'm using a similar set-up to you. My mail is accepted by my ISP's smarthost and passed to my private MTA for delivery. The only difference is that I run SA rather than my ISP. About a year ago my ISP turned on grey-listing and overnight spam dropped from 70% of incoming mail to less than 10%. IME its A Good Thing, but you need to persuade your email hosting organisation to implement it because its a front end for the hosting MTA you're using. HTH Martin
