Szerző: Alan J. Flavell Dátum: Címzett: Exim users list Tárgy: Re: [exim] ignore spam scanning of outgoing mail
On Tue, 26 Oct 2004, Bob Branch wrote:
> I'd read a few docs that said by using both whitelist_from and
> whitelist_from_rcvd I could eliminate that possibility, and this is
> how we do it..
We (of the departmental mailer here) categorise outbound from inbound
mails on the basis that they're either (a) coming from a local source
IP-wise, or (b) authenticated as one of our users. For our users to
submit from outside, we require them to use secure authentication.
The rest get treated as outsiders, no matter what envelope-sender or
header-from they might care to present. Indeed, unauthenticated mails
from outside which present a local envelope-sender get frozen by our
filter for postmaster inspection (as a fairly small operation, we can
afford to do that), and they'll turn out to be either faked spam, or
misguided users who are trying to send unauthenticated mail from their
domestic ISP while presenting a departmental envelope-sender address.
The first lot get deleted by hand, the second lot get unfrozen and a
more or less polite note from the postmaster calling their attention
to the recommended procedures.
(For some reason, it seems to be laptop Mac OS X users who can't get
that right. Doesn't their mailer have any option to say
"authenticated if available", in the way that more-familiar mailers
such as Mozilla-family or PINE have? But I digress.)
On a general question of scaling, it seems to me that there are plenty
of effective ways of pre-screening /inbound/ mails which involve small
overheads and run rather little risk of false positives.
Spamassassin is a very valuable tool, but I wouldn't want to run it on
more than a small fraction of the mail that we're going to reject.
(btw, in case of any misunderstanding, as Chris is also on this
thread: let me say that we enjoy very cordial relations, but we don't
necessarily speak for each other's policies. He runs an operation on
quite a different scale, and consequently often uses different
strategies.) Chris is surely right to point out the value of having
some way to block off any unexpected spewing of emails from an
otherwise bona-fide client host, which might have become infected or
whatever - but hopefully not at the cost of having to spam-rate every
outgoing mail through SA. Seems to me that he has described a
reasonable strategy.