Mail being silently bounced after turning on SMTP authentication?

Rick Stevens rstevens at vitalstream.com
Wed Aug 10 20:47:41 UTC 2005 

Paul Howarth wrote:
> On Wed, 2005-08-10 at 14:07 -0500, Mike Klinke wrote:
> 
>>On Wednesday 10 August 2005 13:37, Paul Howarth wrote:
>> 
>>
>>>>Spamassassin does not reject messages, it will only analyze
>>>>them and then pass them through.
>>>
>>>It can reject them if you use a milter, e.g. spamass-milter in
>>>Extras.
>>>
>>
>>Hmm, correct me if I'm wrong here but isn't it the milter which 
>>deletes the messages and not spamassassin.  I remember from quite 
>>some time ago that the developers of spamassassin expressed the 
>>opinion that it'll be a very cold day in hell when spamassassin 
>>ever deletes a message.
> 
> 
> Well strictly speaking it is sendmail that *rejects* the message, after
> being told to by the milter, which bases its decision on the spam score
> from spamassassin. You can actually configure the milter to deliver the
> message to a "spam" recipient (e.g. a special mailbox set aside for that
> purpoae) even if the message is to be rejected, because of course the
> message has to be received in full in order for spamassassin to make its
> assessment.

You are correct.  Milter calls spamassassin (SA).  SA determines if it's
spam or ham.  Milter then processes it depending on what SA said, and
that's up to you to configure.  Although we don't use SA, we do use
bogofilter (BF) and we tack BF's rating in a header and deliver the
message regardless.  As an ISP, that's what we do since it's technically
illegal for us to censor mail without express permission from an
individual user and our TACs don't have such a clause as yet.  However,
we do tell people to set up their filters to watch the "X-Bogosity"
header and tweak their rules depending on what they want to do.  Viruii,
worms and the like are another matter. They're easily identifiable and
they go to /dev/null straight away.

Others use setups that only deliver if SA says it's ham and does other
things with it if it's spam.  That could be delivery to a spam mailbox,
relay to some spam blacklisting service (spamwatch, etc.), bounce the
message to the sender (horrible idea...why generate more traffic and
besides, 90% of the sender addresses are bogus anyway) or silently
discard it (the best idea).

I have one, uh, "chum" that is quite draconian.  If his/her spam checker
says it's spam, then the sending machine's IP address gets put in a
database and this person's machines around the world start DOSing the
sender with about 12 different attacks while sending the whois technical
contact for the address space involved a detailed note.  S/he claims
that s/he has gotten at least 100 spammers booted off their ISPs.  I
feel it's a hollow victory since they invaribly move to some other ISP
and show up again somewhere else and I'm very dubious about the
legality of DOSing the machine.  I must admit that there is something
poetically ironic about the technique, though.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-           Fear is finding a ".vbs" script in your Inbox            -
----------------------------------------------------------------------

More information about the fedora-list mailing list