Re: [Exim] Filtering

Top Page
Delete this message
Reply to this message
Author: Jeffrey Goldberg
Date:  
To: Dennis Taylor
CC: Exim
Subject: Re: [Exim] Filtering
On Tue, 12 Sep 2000, Dennis Taylor wrote:

> This is what works for me. Catches a lot of crap. The header_to test
> ensures that anything actually addressed to someone in our domain gets
> through. Very few spammers bother to individually address their crap.


I am a great believer in the "reject early, reject often"[1] approach to
spam, but if you are doing DATA part based filtering to fail mail, then
you really do have to worry about false positives. Your scheme allows
for many false positives however. Now I have no problem with false
positives on for things on the SMTP level (rejecting senders with no valid
domain, heavy RBL-ing, etc). But those are clear and advertisable
policies. I really don't think failing on content is a wise move.

> The only danger is if a mailing list that you are on sends you some email
> that fits this.


Yes, that is one. Another are things Bcc'ed (or even Cc'ed!) to you, if
the subject matches. That will forwarded spam Cc'ed to you.

My inclination is would be for any filtering based on the DATA should
result in a freeze and not a fail. exim's concept of freezing is very
nice.

-j

Notes:

[1] For those unfamiliar with the allusion it is to a characterization of
voter encouragement in Chicago a few decades back: "Vote early, vote
often". Chicago was described as a place where Democratic voters were so
loyal to the party that they continued to vote long after they were dead.

--
Jeffrey Goldberg
I have recently moved, see http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice