Author: Magnus Holmgren Date: To: exim-users Subject: Re: [exim] Not rejecting mail forwarded from friendly hosts
> In message <200604121400.40493@???>, Magnus Holmgren > <holmgren@???> writes
>
> >It is a good idea to reject likely to certain spam
>
> ITYM "fail to accept"
What do you mean?
> >, because in the rare cases
> >of false positives the legitimate sender will be notified. It is also a
> > good idea to have at least as good spam protection at the (forwarding)
> > secondary MXes as at the primary. But what is the best way(s) to handle
> > .forward-ed mail coming from friendly but slightly stupid (in the sense
> > that they lack adequate spam protection) hosts,
>
> It is best to ensure that you do not use any scheme that is traffic
> based (viz: "the last <n> from here were spam, hence I will make an
> assumption about the next <n>") but only content-based (viz: "I will
> look at each message and form an opinion about it").
Well, I'm not saying anything about how spam should be detected. I'm saying
that if we get what we (our software) believe is a piece of spam from a host
that the recipient knows does not belong to a spammer, then perhaps we
should, out of courtesy, not cause that host to bounce it.
> It is also essential to ensure that email to your abuse team isn't
> filtered -- because that just makes you look as if you don't care
Of course.
> >and how do you implement it with Exim?
>
> It's more about not implementing all the off-the-wall ideas that people
> come up with, rather than adding yet more cookbook recipes.
>
> >c) Monitor mail logs to identify forwardings automatically or manually.
>
> Monitoring incoming email logs can allow you to identify remote sites
> that are sending you junk. However, if it is their smarthost (main
> outgoing MTA) then you're unlikely to get enough of a pattern to be able
> to provide them with any useful information.
>
> Note that the world is full of people who are forwarding email from one
> site to another, one ISP to another -- and schemes (readers are familiar
> with several) which assume that you can read something into the
> relationship between the source of an email, where it says it comes
> from, and how legitimate it is, are doomed to fail in today's
> conditions.
Again, I'm not making any assumptions as to what is spam and what is not. How
spam is recognised is a separate issue. What schemes are you thinking of?
> >d) User-managed ~/.backward (or a database or whatever) containing
> > addresses and/or hosts forwarded from.
> If you have 3 users, go for it. If you have 30, 300 or 3 million then
> get yourself a more interesting (and less privacy invading) hobby! You
> will merely end up rejecting a lot of legitimate email and dealing with
> extremely annoyed users :(
No, you have misunderstood me. Let's say that you have a policy to reject mail
that is with 99.9% certainty spam, accept mail that is with 99% certainty
ham, greylist the rest and tag any probable spam that slips through
(hopefully under 10 per day) so the user can deal with it any way she wants.
Now, for mail from some hosts (different for each user), instead of rejecting
we just tag it. That will *not* cause a lot of legitimate email to be
rejected.
And is this more privacy-invading than .forward files? Root can read all
files, but that doesn't mean he does.