[Mimedefang] Pre-Acceptance filtering (WAS: Re: recipient filter and RBLs)

[Dirk the Daring]

On Mon, 3 Dec 2007, "Paul Houselander" <housey at sme-ecom.co.uk> wrote:

> After a bit of digging around I think ive pretty much decided not to use the
> rbl feature in sendmail but to intergrate spamhaus checking into my
> mime-defang script.

    While you can certainly do this, all you're doing is creating a *lot* 
more work for your mailserver, and encouraging the spammers.

 	DISCLAIMER: I have no beef with SpamAssassin, SpamHaus, DCC
 			or other similar E-Mail analysis and SPAM tagging
 			tools. I use some of them myself.

    The trouble with post-acceptance tools, like SpamAssassin, SpamHaus, 
DCC, et. al., is that you have to accept the E-Mail. That is, the spammer 
reached DATA and transmitted the message to you, and you queued it 
somewhere prior to submitting it to the analysis/tagging tool.

    As far as the spammer is concerned, that is "Mission Accomplished". 
They have successfully wasted your bandwidth and disk space, and you're 
about to let them waste your CPU and RAM as well.

    If the recipient address isn't valid, why let them get past RCPT TO:? 
Why even permit the DATA step to happen?

    By the end of HELO, I've stopped fully half of the SPAM sent to my mail 
relay. By the end of RCPT TO: (before DATA), I've stopped about 75-80%.

    Given that roughly 9 out of every 10 E-Mails are SPAM, that is a lot of 
garbage that never gets transmitted (so the spammer doesn't get to waste 
my bandwidth), never gets queued (they don't get to waste my disk space), 
and that my filter never has to submit to ClamAV or to SA/DCC/whatever (so 
I don't waste CPU or RAM analysing something I already know is garbage).

    If you want to wait until after DATA to see if you should have even 
bothered queuing the message, that's fine, but be sure you understand just 
how much you're increasing the load on your mail server.