On Fri, 8 Jul 2011, Andrzej Adam Filip wrote:
John Hardin <jhar...@impsec.org> wrote:
On Fri, 8 Jul 2011, Lars Jørgensen wrote:
$sa_tag2_level_deflt = 5.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.2; # triggers spam evasive actions (e.g. blocks mail)
That seems a little aggressive to me. Personally I'd prefer a larger
margin of error for FPs, and would set the discard level to 9 or 10
(unless the "evasive actions" include "quarantine for review").
"evasive actions" do indeed include quarantine. No-quarantine-cutoff is set at
20, which may be a bit high, but we got room for it.
So, tag at 5.2, quarantine at 6.2, discard at 20? That sounds
reasonable to me, assuming the quarantine is readily accessible for
review.
If you want to treat email as *RELIABLE* delivery service then
avoid discarding at high cost - reject in SMTP session to make
*sending host* responsible for sending bounce message.
[ It can be done using milters with both sendmail and postfix ]
Granted, and agreed. I was using "discard" generically here.
I do remember situation in which receiving MTA simply discarded
important message from one of my users and it took a few days for
sender *and recipient* to find out that message has been silently
discarded:
*sender assumed that recipient reads it in silence,
* recipient assumed in silence that those [...] longer have not sent it yet
I can treat it as funny *today* but it was not funny.
Nope. Especially when they're CEOs.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference between ignorance and stupidity is that the stupid
desire to remain ignorant. -- Jim Bacon
-----------------------------------------------------------------------
12 days until the 42nd anniversary of Apollo 11 landing on the Moon
