Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] Brain Teaser - how would you do this?
Marc Perkel wrote:
>
>
> W B Hacker wrote:
>
>> Marc Perkel wrote:
>>
>> *trimmed*
>>
>> > the email address
>>
>>> I need to verify isn't either the sender or the recipient. I need to
>>> verify and arbetrary address that I generate to see if it exists
>>
>>
>> Pardon my ignorance, but if you are the one who 'generates' it and it
>> is truly 'arbitrary' then WOGGE would you *expect* it to 'exist'?
>>
>> Or, perhaps backing into it, why 'generate' an address, known to be
>> 'arbitrary', or otherwise, if the goal is to insure delivery?
>>
>> Would it not be more reasonable to instruct / assist clients to have a
>> 'quarantine' account or folder with characteristics specified in
>> advance, then drop traffic on the floor if they don't comply?
>>
>> It is probable spam we are talking about, is it not?
>>
>> How much engineering can that justify vs stuffing **SPAM?** into a
>> header???
>>
>> Or is your 'service' falsing on you too often? ;-)
>>
>> Bill
>>
>>
> I have several levels of spam classification. Low scoring spam I tag and
> pass on. Higher scoring spam I bounce or blackhole. Or sometimes I do
> direct folder deliver of different grades of spam.
>
Umhh ... 'grades' of spam. Sounds like archaeo-scatology. ;-)
Have you not observed a non-linear distribution, with a
pronounced 'gap' between might-be, and sure-as-heck-is?
Maybe I have less patience, but I just ignore scores under 2.0,
alter the subject to include **SPAM* ... (often it is not)
between 2.0 and 3.4, and refuse anything over 3.4 / 3.5 (nearly
always it IS).
Above 3.5, we see maybe one 'false positive' a week score 4.3 to
7, nearly always of yahoo origin forwarded by a broken OE
client, so rather easily managed.
Most of the rest scores in the teens, twenties, and up.
Mind - I have many of SA's tests either customized or turned
off, which offsets the scores by about 2 or 3 points, but is faster.
That usually puts paid to the 10% or so that firewall, local
blacklist, and Exim generic protocol & DNS checks haven't
already discarded.
Can't see much point in pushing spam about from one place to
another, though for the best part of two years we fake-rejected
and archived thousands of messages for analysis.
