[PLUG] Joe Jobbed
Paul Heinlein
heinlein at madboa.com
Thu Oct 4 17:59:08 UTC 2007
On Thu, 4 Oct 2007, Ed Sawicki wrote:
> Thanks for the suggestion but I already do this (without Perl and
> without memory issues) for real spammers and it works well. But this
> backscatter volume is high and would create thousands of rules.
> Besides it's coming from legitimate mail servers just doing their
> job - victims like me. I'd like to find a better way.
Sigh. Mail servers that decide the acceptability of messages *after*
the SMTP transaction has been completed will always create this sort
of backscatter. The only alternatives are
1. Scan mail during the SMTP transaction, so a message can be
rejected without sending a separate rejection notice (which
these days is almost always wrong-headed, even if it adheres
to the letter of the SMTP RFCs, since the From: address is
typically forged).
2. Silently reject spam, malware, etc. without notifying anyone.
I hate the latter approach because of the possibility of losing a real
transaction in the bit bucket.
The first approach is much, much better. Our mail server at work only
accepts for delivery about 1/3 of the messages it receives. The rest
are all rejected with 55x error codes (RBLs, SpamAssassin, ClamAV)
during the SMTP transaction. Otherwise, we'd be sending out thousands
of (99.999% bogus) bounce messages every week.
--
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
More information about the PLUG
mailing list