[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [somewhat OT] Spamassassin and bouncing v. tagging

To: qmail@xxxxxxxxxxxxx
Subject: RE: [somewhat OT] Spamassassin and bouncing v. tagging
From: Joshua Nichols <jnichols@xxxxxxxxxxx>
Date: Wed, 06 Apr 2005 14:14:06 -0400
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
Thread-index: AcU6zZZFgR4Dn+qZSs+zWnzPowxaWwABWAEA
Thread-topic: [somewhat OT] Spamassassin and bouncing v. tagging

Jeremy Kitchen wrote:
> On Wednesday 06 April 2005 11:49 am, Niek wrote:
>> On 4/6/2005 6:25 PM +0100, Joshua Nichols wrote:
>>> I use spamassassin with spamc/spamd and QMAILQUEUE.
>>> 
>>> The system has been working marvelously at tagging incoming spam--so
>>> much so that I'm ready to start bouncing it.  How would I instruct
>>> spamc to bounce the message instead of simply tagging it?
> 
> this would probably be something you would do with whatever is
> calling spamc, such as qmail-scanner, simscan, etc.

qmail-smtpd calls it.  that's how QMAILQUEUE works.

>> Bouncing spam is a very bad idea, and here's why:
>> Spammers always forge the envelope sender address, and the From:
>> header. So if you bounce spam, an innocent person receives your
>> bounce. 
> 
> you're assuming he means queue a bounce message, rather than simply
> 4xx or 5xx'ing the email at the door.

Exactly.  Dropping email on the floor is bad, and here's why:
False positives happen.  It's irresponsible to accept a message for
delivery and then send it to the bitbucket.  In my experience, you can
not count on users to review a spam folder, but you can count on a false
positive that is bounced to contact you again.

>> A better solution would be to just discard/delete/move to spam
>> maildir high scoring spam.
> 
> I would highly recommend scanning for spam only at delivery time, as
> it is easier to set up user preferences and user bayes databases.
> However, you don't get the benefit of being able to simply reject
> high-scoring spam (sure, you could scan it twice, once at queue time
> to check for bounce, and once at delivery time for user preferences..
> but doing this with spamassassin on a heavily loaded system would be
> very bad) 

To an extent I agree, but at this point I'm gunning for the obvious
ones.  I'm perfectly happy to allow users to deal with the occasional
spam message, but bouncing before queueing seems the least expensive for
my system, and the most expensive for the spammer.  For high scores,
they can have their message back.

Thank you all, I will:

CTCML (contact the correct mailing list)
http://wiki.apache.org/spamassassin/MailingLists

--joshua.

Follow-Ups:
- Re: [somewhat OT] Spamassassin and bouncing v. tagging
  - From: Jeremy Kitchen

Prev by Date: Re: Is there some way to send attachments by scripts
Next by Date: RE: Is there some way to send attachments by scripts
Previous by thread: Re: [somewhat OT] Spamassassin and bouncing v. tagging
Next by thread: Re: [somewhat OT] Spamassassin and bouncing v. tagging
Index(es):
- Date
- Thread