Author: Mark Edwards Date: To: Giuliano Gavazzi CC: exim-users Subject: Re: [Exim] Avoiding frozen spam
Giuliano Gavazzi wrote:
> At 11:09 -0700 2003/10/07, Mark Edwards wrote:
>
>> In any case, you are saying not to generate the bounce messages in the
>> first place. The only alternatives I can see are accepting the spam and
>> deleting it manually (let's leave that option out for the purposes of
>> this discussion) or just auto-trashing the spam with no warning to
>> anyone.
>>
>> If I don't generate the bounce messages, I don't need to do the callout
>> to prevent the bounce messages from getting frozen.
>
>
> no, wait a second. If you do a callout to prevent bounce messages from
> getting frozen, you are using it for the least useful, actually most
> annoying purpose.
> If you do that what about I start sending 10K emails forging your
> address around the world and see how you like that? > My recommendation is to do what you can at SMTP (that is reject what
> you reckon is spam) and keep the rest, maybe flagged.
> Exim is powerful, to the point that I presently get one or two spam a
> day between my three accounts (more if you consider aliases). The
> recipe? Use acl variables to build a score based on RBLs, HELO/DNS,
> IDENT and leave the sender callout as a last resort (when the other
> criteria are not decisive). For certain account I do not even reject
> on the basis of a single RBL (or even callout) with no other reason.
> This is complemented by blacklists and whitelists (for those senders,
> or recipients, for which I cannot even accept the possible temporary
> error of a DNS defer result).
This is what SpamAssassin does, and I've had very good results indeed
from it. So, I don't need help identifying spam. However, the spam
level has gotten to the point where we can't handle sifting through it
to look for legit email.
So, I'm trying to concoct a method to kill the spam without sacrificing
the one false-positive that SA generates per year. I understand why the
bounce message method is not a good solution, so it seems like the only
two choices are read it or auto-delete it.