[Mimedefang] Re: compare mimedefang to mailscanner
Yizhar Hurwitz
yizhar at mail.com
Thu Jan 18 15:18:55 EST 2007
HI.
> John Rudd <john at rudd.cc> wrote on 01/17/2007 07:11:51 PM:
>
>> Dropping without notifying _anyone_ is "an even worse practice". You
>> don't have to notify the sender, as long as you notify the recipient
>> (and visa versa).
>>
>
> Which is just another piece of annoying email in the inbox. Why bother
> removing the spam if your just going to deliver a message held email in
> its place?
>
Here is my approach (I guess other implementations are similar):
Known Virus = discard silently.
Bad filename (or unknown virus) = replace the attachment with a warning.
The recipient gets the message without the attachment.
High score spam (score >10) = Reject message.
Probable spam (5 < score < 10) = Quarantine the message in a spamdrop.
However a daily report is sent to the end user, listing all the
quarantined messages with information such as sender+subject.
Other mail = let it through.
So, if a user is receiving 100 spam messages, 90% of them are normally
blocked as high score spam,
and 10 "probable spam" go to the spamdrop.
The user will get a day after only 1 email message with a short list of
the 10 probable spam message,
so he can look for false positive.
That is 1 message per day for about 100 spam (10 probable spam) messages.
Most spam is filtered, but in case of false positive either the sender
or recipient has a chance to know about it.
I think that this is a good trade-off for the end users and the sysadmin.
Yizhar Hurwitz
http://yizhar.mvps.org
More information about the MIMEDefang
mailing list