>>> On 2013-09-20 09:42, azurIt wrote: >>>> i'm having problems with spam forwarding - lot's of our users enabled >>>> forwarding to gmail and every spam they receive is also forwarded. >>>> Today gmail block us because of spam (which we were just forwarding, >>>> not sending). Any tips how can i disable forwarding in case of a spam >>>> (for example, when message has X-Spam-Status: Yes) ? Thanks. >>> >>> You may first want to look at why you are receiving the spam in the >>> first place and not rejecting it. There are many ways to fight this, >>> much of which will come down to what your policies are regarding >>> rejecting mail, false positives, etc. >>> >>> You could always turn off the ability of your users to forward mail to >>> other services, problem solved. >> >> This is not an option, we are offering commercial services and users demands >> this feature. > >Gmail offers POP3 retrieval, which is a perfectly servicable option if >users DEMAND every spam message, plus forwarding. > >> Blocking emails based on spam filters are always wrong. Spam recognition >> will NEVER be 100%, there are always false positives. We are accepting all >> emails and filter them after. I just need to tell Postfix to NOT forward >> particular messages and only deliver them locally (for example, as mentioned >> before, based on headers). > >Has it occurred to you that the reason lots of your users enable >forwarding to Gmail may be the fact that you accept everything? And >that they are essentially using Gmail as the spam filter they need >because of this?
No, we have our own spam filters but they are NOT rejecting e-mails, only putting them in Spam folder. There are no complains about spam from users at all. >You are creating this problem yourself. No spam filtering is 100% >without false positives, but properly configured before-queue defenses >generally cut out ~90% of the garbage you get from bots and zombies. Or >more, depending on how tight of a ship you can afford to run. It also >presents a traceable error path to any senders that may be caught with >their pants down because of configuration issues, compromised systems >and what have you. We are, of course, not accepting every garbage: smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain I just meant that we are not rejecting e-mails based on spam filters. >This means that anything that actually reaches the stage where you >decide whether to store or forward is about 10% of what you are >accepting now, and much less likely to cause trouble with forwarding. > >If you must do your own thing, figure out how to use the quarantine >features of your chosen content filtering software, and do forwarding >from there based on rules you specify. Or dig into the Postfix >documentation and figure out how you might achieve what you are after >without backscattering, or discarding mail. We are not backscatters, our systems are configured correctly. One note to all fans of 'spam filters rejecting' here: Did you even notice that NO ONE of big e-mail providers are rejecting messages based on standard spam filter techniques? Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have developed their own filtering systems and you must be really big spammer to be blocked permanently. The best of them is Google, just try their filters and you will see (even blocking which was used to us was targeted only to particular messages).
