[Mimedefang] Re: compare mimedefang to mailscanner

John Rudd john at rudd.cc
Wed Jan 17 16:03:58 EST 2007


Les Mikesell wrote:
> Scott Silva wrote:
>> That is why you never bounce. Reject, good -- bounce, bad!
>>   
> Umm, not if you are expecting the mail system to work...

Yes, even if you are expecting the mail system to work.

Accepting a message that your own scanners say contains 
spam/virus/bad-content, and then crafting a bounce message for it 
instead of delivering it, is a bad practice and should never be done. 
It causes backscatter and harms innocent bystanders.  Mail servers with 
knowingly and intentionally do this really do deserve to be blacklisted.

Similarly, silently deleting a spam/virus/bad-content message is also a 
bad practice.  It violates RFCs, for starters.  And if you have a false 
positive, neither the sender nor the recipient know that the message 
didn't get through.

The only reasonable things to do with a message your own scanners say is 
spam/virus/bad-content is:

1) if you accept a message, you must either:
    a) mark and deliver it to the intended recipient(s),
    b) clean/neutralize it and deliver it to the intended recipient(s),
    c) send a report to the intended recipient(s) saying what you
       did with the original message (deleted it, quarantined it, etc.),
       and include enough information in that report that they can
       determine whether or not it's a false positive.

2) Don't accept it.  Reject it.  Give an SMTP 4xx or 5xx result, with a 
reason for why you didn't accept it.  Let the submitting (SMTP client) 
host figure out what to do with it from there.  Most likely it's a 
spam/virus bot, and the problem is resolved.


You'll notice that neither of these is "bounce it".


> 
>> Mailscanner doesn't bounce spam by default. It hasn't for close to two 
>> years.
>> But the option is still there, and is discouraged in the docs, in the 
>> comments
>> of the config file, and is very discouraged on the lists.
>> It comes down to two things. If you are required by law to archive "all"
>> communications to or from your company, or like some countries cannot 
>> reject
>> e-mail without a human being reviewing it, use mailscanner. If you can 
>> reject
>> anything you please, and your users won't ask you for it later, use
>> mimedefang. The only bounce messages I generate are for unknown users, 
> The majority of my inbound mail is to unknown users.  When I used a 
> mailer that
> accepted, then bounced it would fill my outbound queue to the point that 
> normal
> outbound mail was often delayed.   Does mailscanner on a relay machine 
> have a
> way to check valid users on the destination host before accepting?
> 

That's not mailscanner's job.  That's the MTA's job.

1. The MTA says "yes that's a valid recipient" or "no, that's not a 
valid recipient", and accepts or doesn't accept the message accordingly.

2. It then drops the message into mqueue.in and forgets about it.

3. Then mailscanner looks to see what new messages are in mqueue.in and 
scans them.  When it's done, it puts the message into mqueue.

4. Then the MTA periodically looks to see what's in mqueue, and works on it.


So, the check you're talking about is done by the MTA in step one.  It 
can do this with any number of possibilities (alias file, milter-ahead, 
mimedefang's recipient verification, an LDAP lookup, etc.).  Mailscanner 
doesn't do that job for you.




More information about the MIMEDefang mailing list