[Mimedefang] MIMEDefang 2.36-BETA-2 plus administrivia

Cormack, Ken kcormack at acs.roadway.com
Tue Aug 5 13:54:01 EDT 2003


List...

We have MIMEDefang running on our external gateway, with Exchange servers
running Trend for content-filtering, on the inside.  Our MIMEDefang is
stopping a great deal of spam, but the occasional peice still gets through.
When such pieces then get flagged by Trend, Trend will send a bounce-back
message back to the sender.  As most senders are forged, or are from
unresponsive mail servers, these outbound bounce-backs just sit in my
outbound queue until they expire.

I was thinking it would be nice to have MIMEDefang (v2.35), in conjunction
with Mail::SpamAssassin (v2.55), examine each message and/or attachments for
the string "Trend SMEX Content Filter has detected sensitive content".  If
this string could be assigned an artificially high SA score, MIMEDefang
could then ensure that the bounce-back gets quarantined (and therefore,
removed from the queue).  We currently quarantine anything with an SA score
of 20 or greater.

Trend prevents the original recipient of the spam from ever seeing the spam.
Outwardly, it makes sense to stop trying to contact the spammer's address to
deliver the bounce-back.  By quarantining the message rather than simply
dropping it, we can always route it out later if we get complaints.
However, what is the concensus regarding NOT sending back a notification to
a legitimate sender, who's original message may have been mistakenly
identified (by Trend) as spam?

Since internal users WOULD receive the bounce-backs for spam-ish messages
they may originate, it would only external senders affected by what I have
in mind.

Does anyone have any thoughts on this, or the best way to handle these
bounce-backs that get stuck in the queue?

Thanks!



More information about the MIMEDefang mailing list