Auteur: W B Hacker Datum: Aan: exim users Onderwerp: Re: [exim] spam acl condition syntax
Ian Eiloart wrote: >
> --On 13 October 2006 19:33:15 +0800 W B Hacker <wbh@???> wrote:
>
>
>>B) Our greatest use of 'message' handshakes are in the acl_smtp_predata
>>section, then in the header, size, MIME, ClamAV checking. All well
>>before we even consider waking up spamd.
>
>
> Are you sure about the ClamAV thing? Predata?
>
AR:
...in the acl_smtp_predata section, *then in* ....
IATR:
...in the acl_smtp_predata section, *then next* in ...
>
>>When it comes to the SA scoring area, we either accept unremarked or
>>appear to do so, then 'blackhole' unremarked. No moral reqirement to
>>tell a spammer *anything* and we simply deliver the rest.
>
>
> No, but there's a moral requirement to reject rather than blackhole false
> positives.
What some call 'false' positives. i.e. - missing PTR record, use of a dynamic IP
for a mail server, dictionery send to non-existent users, DO get a message.
We also provide a message for rejection on LBL & RBL hits.
Though I do not consider there to be anything 'false' about that sort of
rejection, we do 'whitelist' pretty extensively. Just opened up a 'hole' for
wannadoo.co.uk yesterday, and two *xtra.co.nz mx IP's as well, as we have one
correspondent on each.
We cannot effectively reject on either verify = sender or HELO mismatch - too
many major ISP's playing silly-buggers with those.
Rejection/blackhole on SA? 'bout the only accounts with settings strict enouhg
to do that instead of quarantine are test accounts.
Ex:
- System default is spamint 1000 (i.e. 100 SA points).
- A primary client has the same, but lowered 'quarantine' threshold.
Mine is 20 (2 SA points) on one account, 40 (SA 4.0) on another.
WTH *one* test account even digs out the several header fingerprints of Redmond
and rejects anything composed on a WinBox...
;-)
> There's also a potential legal liability issue.
With X.400 maybe.
;-)
But smtp is a 'no guarantees possible' best-efforts protocol.
Anyway - user choice, so no different than someone's junk filter or manual
decision to delete unread (or read).