Gerald Oskoboiny <[email protected]> writes:

> and false positives are very rare.
> (well, they seem to be, I don't really check any more.)

+1 Lately when the spam file gets too large I've just been doing a
cat /dev/null >

I guess I should skip that step and send it there to begin with.

>I am sometimes tempted to use something like that for mail that
>is trapped by spamassassin, because I don't like the thought of
>false positives just disappearing into a mailbox I never check.

That bothers me too, but not enough that I am inclined to sift through
volumes of spam manually ever again.  If something is really important
someone will eventually get my attention in a way that doesn't get
trapped in a filter.  Reliability of mail delivery to me has suffered
as a result.  

Black holing it is antisocial and I don't like it when it happens to
me and one is seldom to know if it happens to them.

I posted to a mailing list recently, including a useful patch to the
software the list is about.  I got an automated reply saying my mail
was queued up for moderator action since I wasn't subscribed to the
list.  I didn't feel like I needed to subscribe to make a suggestion
and contribution and should I subscribe and resend I'd run the risk of
double posting should my original message get moderated in.  After a
month I get a rejected by moderator 'No reason given.'  I corresponded
with the list owner and he offered his explanation along with an
apology.  The list had too much spam awaiting moderator action and he
simply chose to reject them all.  The list software was mailman, which
I use as well for a couple lists I maintain, and I was glad he used
the reject instead of discard option.  I can certainly sympathize with
his reluctance to sift for false positives.

>But I think I would rather install Exim4 and start rejecting spam
>at SMTP time than start sending challenges to hundreds of
>(probably forged) messages per day.

I've messed around some with Exim4 and exiscan for hooks into
Spamassassin and clamav (anti-virus).  BTW Debian's package splits
exim's conf into a bunch of different files much like they did
ipchains package.  I'm not a fan of this, wondering which gets loaded
in what order but I guess the upside is if you change one aspect of
the config you're not holding back on apt updates of the others.

Default is SA score of 10 to do a reject, I would probably lower that
to whatever is my personal threshold is which is currently 3.4 as I
was getting too many just over that threshold.

It appears to be an immensely flexible MTA but I have refrained from
making the switch.  

I need to experiment more with it somewhere so as not to mess with
real mail until I am comfortable with it.  The printed books are
highly recommended.  

My thinking has been to discard viruses to avoid compounding viruses'
impact on mail servers and reject spam.

What to say though in the rejection?  It is amazing how even a
carefully worded error message in a rejection notice baffles some.
"There's a problem with my mail it didn't go through."  Well if you
read the explanation given to you it might make sense.  Anyone know of
an active Clueless User Network Test System list?  Every one I ever
find has always been shut down, probably abused by sheer volume of
clueless user subscriptions.

Hmm, maybe the reject could contain a unique key in a header the mail
client won't trash, forget References and Reply-to because of borken
MUAs, like Subject or in the body of the message.  User replying to
bounce citing the full bounce message would be enough of an action to
get them past being rejected a second time.  I guess whatever datafile
is used to compare these keys coming back in would get sizeable over
time and should rotate out after a month or so. Replies to rejects
could be piped to sa-learn to improve its reliability.  Now if the
rejection message gets trapped by their spam filtering due to the
sender's wording then I guess it'd likely end up in the bit bucket or
itself get bounced back.

>If I ever do the challenge-response thing I'll probably include
>something in my challenge that says "if this message was a
>forgery, you should install SMTP forgery prevention software;
>see http://spf.pobox.com/ " to help spread word about SPF.

Including SPF into the exim mix would complete the picture and in time
I wouldn't even bother with the rejects to those.

--
Ted Guild <[email protected]>
http://www.guilds.net

* Gerald Oskoboiny <[email protected]> [2003-10-28 00:35-0500]

> I am sometimes tempted to use [a challenge-response system] for
> mail that is trapped by spamassassin, because I don't like the
> thought of false positives just disappearing into a mailbox I
> never check.
>
> But I think I would rather install Exim4 and start rejecting spam
> at SMTP time than start sending challenges to hundreds of
> (probably forged) messages per day.

I did this: impressive.net now rejects any mail that spamassassin
scores higher than 10. Woohoo!

The mail is rejected during the initial delivery attempt, with
this error message:

   550-Sorry, this smells like spam; rejected. For more info, please see
   550 http://impressive.net/people/gerald/2004/01/spam.html

This should reject about 2/3rds of all mail to my site. I feel
better already :)

This was *really* easy to set up thanks to the exim4-daemon-heavy
package in debian sarge which includes a patch called exiscan-acl.
Details:

   http://impressive.net/weblogs/fogo/2004/01/13/2004-01-13.html

--
Gerald Oskoboiny <[email protected]>
http://impressive.net/people/gerald/