--On 13 October 2006 10:13:39 +0100 Philip Hazel <ph10@???>
wrote:
>
> Providing "per user" scanning options is difficult because of the
> problem of multiple recipients per message. Providing two or three
> different scanning options that users can opt into is easier, by
> temporarily rejecting (in the RCPT ACL) additional recipients that have
> a different setting to the first (and saving the option in a variable).
> I think there's info somewhere about how to do that (the wiki?). It's
> untidy, though, and if you have only one IP address, it may delay the
> additional recipients.
>
Another approach is to scan per user when there's only one recipient, but
use sitewide settings when there's more than one recipient. If you're
rejecting spam at SMTP time, then false positives should be notified to the
sender.
You could even do a fake reject after DATA (at some reasonable threshold),
and then deliver the message through spamassassin using personal
spamassassin settings and blackholing unwanted messages. The worst that can
happen here is that a false positive leaves the sender incorrectly
believing that their message hasn't been delivered.
--
Ian Eiloart
IT Services, University of Sussex
