[Mimedefang] Re: compare mimedefang to mailscanner
John Rudd
john at rudd.cc
Thu Jan 18 16:12:52 EST 2007
Yizhar Hurwitz wrote:
> HI.
>
>
>> John Rudd <john at rudd.cc> wrote on 01/17/2007 07:11:51 PM:
>>
>>> Dropping without notifying _anyone_ is "an even worse practice". You
>>> don't have to notify the sender, as long as you notify the recipient
>>> (and visa versa).
>>>
>>
>> Which is just another piece of annoying email in the inbox. Why
>> bother removing the spam if your just going to deliver a message held
>> email in its place?
>>
>
> Here is my approach (I guess other implementations are similar):
>
> Known Virus = discard silently.
> Bad filename (or unknown virus) = replace the attachment with a warning.
> The recipient gets the message without the attachment.
> High score spam (score >10) = Reject message.
> Probable spam (5 < score < 10) = Quarantine the message in a spamdrop.
> However a daily report is sent to the end user, listing all the
> quarantined messages with information such as sender+subject.
> Other mail = let it through.
>
Here's what I do:
Greet Pause: 3 seconds (rejects)
Helo (in filter_sender): reject it if it says it's coming from my own
domain, but isn't.
Sender: reject *.local
(I also used to do a Botnet check here, that did rejections, but
I've moved that code into the Botnet spamassassin plugin)
Recipient: reject *.local and non-existent recipients
RBLs: reject
Bad attachments (name or type): reject
ClamAV thinks it's a virus: reject
Spam score >= 10: reject
Spam score >= 5: mark as spam, drop into spam folder, give some form of
notice (options for per-message quarantine notice, per day, or per week).
Spam score < 5: mark as ham, normal delivery
More information about the MIMEDefang
mailing list