Am 25.03.2015 um 17:23 schrieb Dave Wreski:
Hi,RH> i don't know the UK laws but in germany it's for sure not allowed RH> because it's legally classified identical to a postman says "meh i don't RH> walk to go upstairs today and throw the letter away" RH> if you pretend to provide relieable mailservices it should be logically RH> that discard instead reject so that none of both parties can take notice RH> in case of false positives is not that smart Better go tel MS as that's exactly what hotmail and live dobecause others do wrong is not a good justificationI hoped I could ask for a little more of an explanation. I'm willing to rely on RBLs and postscreen to make outright reject decisions, but I'm not sure I want spamassassin/amavisd doing that. Silently quarantining viruses and spam is how it's been done here for a while. So this method eliminates the content_filter configuration in postfix, where the messages are queued. I can see this new method being suitable for smaller networks, but without any queuing capability, how does it scale?
since most messages are still killed with postscreen and smtpd rules *before* the milter it scales not that bad - 1200 valid users and zero load over 8 months now
the barracuda virtual appliance using silent drop in many cases had magnitudes more system load and given that the Spamfilter-VM now has only 4 cores assigned i don't see a scale problem for many years
current month: Connections: 407725 Delivered: 50896 Blocked: 356829 Invalid User: 7875 Disallowed User: 53 Reject Postscreen: 221739 Reject Postfix: 15765 Reject Milter: 4278 Reject Temporary: 1232 Blacklist: 218434 Pregreet: 24446 Hangup: 265877 Protocol Error: 2098 Illegal Syntax: 9 SpamAssassin: 4167 Virus: 111 Helo: 936 Subject: 107 Attachment: 12 Header Length: 14 Sender Regex: 126 Sender Blocked: 211 Sender Verify: 286 Sender Invalid: 305 Sender Spoofed: 7 Sender Parked: 11 PTR Missing: 153 PTR Generic: 430 SPF: 570
Also, if there is even a temporary interruption in amavis' ability to operate, mail will be rejected.
temporary with a 4xx - the same as you do with greylisting for every new IP
Do large scale operators implement this proxy filter approach, and if so, aren't there any problems with processing times? It seems the real advantage to doing it this way is the ability to quickly reject mail not already rejected by zen/postscreen/etc. Is that really such a big benefit?
the real benefit is that you don't receive high score junk at all
And not even all spam would be rejected - only those you felt were over a predetermined threshold, correct? Why not just quarantine it all, giving the user the ability to determine if they want to go looking for it?
because my users and virtually all people i know prefer to *not* face high score junk at all, not flagged and not in quarantine - hence they forward me all flagged mails for training
why would i want to have a message with a score above 20 delivered at allquarantine don't work well at all - we had that over 8 years and most of the time in case of waiting for important mails people forgot their user credentials and wanted to look if it is in quarantine, looked in the junk folder, called me by phone if i know what's with a specific message
setup a filter working on a 95% hit level in case of rejects, deliver the remaining 5% flagged and be able to make a clear statement "if the message would have been rejected the sender would know unconditional" leaded in 2 phone calls over 8 months versus 2 each day over years
signature.asc
Description: OpenPGP digital signature
