Paul Howarth wrote:
On Wed, 2005-08-10 at 14:07 -0500, Mike Klinke wrote:
On Wednesday 10 August 2005 13:37, Paul Howarth wrote:
Spamassassin does not reject messages, it will only analyze
them and then pass them through.
It can reject them if you use a milter, e.g. spamass-milter in
Extras.
Hmm, correct me if I'm wrong here but isn't it the milter which
deletes the messages and not spamassassin. I remember from quite
some time ago that the developers of spamassassin expressed the
opinion that it'll be a very cold day in hell when spamassassin
ever deletes a message.
Well strictly speaking it is sendmail that *rejects* the message, after
being told to by the milter, which bases its decision on the spam score
from spamassassin. You can actually configure the milter to deliver the
message to a "spam" recipient (e.g. a special mailbox set aside for that
purpoae) even if the message is to be rejected, because of course the
message has to be received in full in order for spamassassin to make its
assessment.
You are correct. Milter calls spamassassin (SA). SA determines if it's
spam or ham. Milter then processes it depending on what SA said, and
that's up to you to configure. Although we don't use SA, we do use
bogofilter (BF) and we tack BF's rating in a header and deliver the
message regardless. As an ISP, that's what we do since it's technically
illegal for us to censor mail without express permission from an
individual user and our TACs don't have such a clause as yet. However,
we do tell people to set up their filters to watch the "X-Bogosity"
header and tweak their rules depending on what they want to do. Viruii,
worms and the like are another matter. They're easily identifiable and
they go to /dev/null straight away.
Others use setups that only deliver if SA says it's ham and does other
things with it if it's spam. That could be delivery to a spam mailbox,
relay to some spam blacklisting service (spamwatch, etc.), bounce the
message to the sender (horrible idea...why generate more traffic and
besides, 90% of the sender addresses are bogus anyway) or silently
discard it (the best idea).
I have one, uh, "chum" that is quite draconian. If his/her spam checker
says it's spam, then the sending machine's IP address gets put in a
database and this person's machines around the world start DOSing the
sender with about 12 different attacks while sending the whois technical
contact for the address space involved a detailed note. S/he claims
that s/he has gotten at least 100 spammers booted off their ISPs. I
feel it's a hollow victory since they invaribly move to some other ISP
and show up again somewhere else and I'm very dubious about the
legality of DOSing the machine. I must admit that there is something
poetically ironic about the technique, though.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Fear is finding a ".vbs" script in your Inbox -
----------------------------------------------------------------------