[Mimedefang] bounces
David F. Skoll
dfs at roaringpenguin.com
Thu Mar 20 17:13:00 EST 2003
On Thu, 20 Mar 2003, Joseph Brennan wrote:
> Do we need to exclude bounce messages from being scanned?
No.
> --and scores high for some reason, and our rule says to bounce it.
OK, then it bounces.
> We were concerned the bounce itself would not be delivered because
> it would also score high.
Yes, that's true. What you want to do is exclude locally-generated
bounces from being scanned. That is, if $RelayAddr eq "127.0.0.1"
(and possibly other local addresses), you don't want to bounce the
mail. In fact, in my filter, I have this:
sub filter_relay {
my($hostip, $hostname, $helo) = @_;
if ($hostip eq '127.0.0.1') {
return ("ACCEPT_AND_NO_MORE_FILTERING", "ok");
}
}
That way, locally-generated mail isn't filtered at all, and the
overhead is very low. (You need a recent version of MIMEDefang and
must use the "-r" option on mimedefang to enable relay checks.)
If you exclude all bounce messages from being scanned, then spammers
merely need to disguise their spam as a bounce message.
Remember, about the only trustworthy aspect of an e-mail message is
the sending relay address. Anything else (envelope, headers, body) can
be faked.
Regards,
David.
More information about the MIMEDefang
mailing list