[Mimedefang] action_drop_with_warning and refuse to sender

Marcus Schopen lists at localguru.de
Fri Aug 24 17:35:54 EDT 2018


Am Freitag, den 24.08.2018, 10:50 -0400 schrieb Dianne Skoll:
> On Fri, 24 Aug 2018 12:10:41 +0200
> Marcus Schopen <lists at localguru.de> wrote:
> > That's why I want to reject it, but inform the recipient -
> > not the sender - about the rejection.
> I think this is a terrible idea for two reasons:
> 1) What is the recipient supposed to do with the notification?  Most
> recipients are not technically savvy and are more likely to panic
> than
> do anything else.

That might me right in most of the cases. But if you do a "silent"
reject, this has to be communicated very clearly to the recipient, as
well as rejecting at a spamassassin score of >= 5. This is nothing you
can decide on your own as postmaster, just because it makes sense.

> 2) Unless you do some sort of rate-limiting, a poor recipient may
> find
> herself swamped with emails to the effect "You almost received a
> virus, but we cleverly stopped it!"
> IMO, REJECT is the way to go.  In the 99.99% of cases where it was a
> virus,
> nobody will see the failure notification... but nobody needs to.  In
> the
> rare case of a false-positive, the sender will see the failure
> notification
> and can pursue further action.

I agree that most detected virus mails (I use clamav) are virus mails.
But I myself got some valid emails from Amazon, which were marked as
"Heuristics.Phishing.Email.SpoofedDomain" and therefore those emails
were rejected. My mimedefang-milter configuration was set to bounce,
so I didn't know I got these false-positives. It was just luck that I
found those emails when checking "/var/spool/MD-Quarantine/".


More information about the MIMEDefang mailing list