Rick Macdougall wrote on Thu, 04 Nov 2004 17:39:43 -0500: > If you don't bounce, what do you do ? /dev/nulling the message is not a > real option since mail should never just vanish, and in the case of > false positives, the sender would never get the rejection message. >
We reject at MTA level because of RBL data, our access.db and some technical specifics. This eliminates most viruses because they are mostly sent from dynamic IP blocks. Everything which gets past this barrier is scanned and quarantined if spam. Users get scheduled "spam report" mails which list all spam messages and can be used to free them from the quarantine. We do not bounce spam after the MTA level. I think there is a clear difference: spam bounced later is guaranteed to go back to the joe-jobbed address, spam rejected at MTA level may go to them as well but I guess most of it just "disappears" because it is not sent by a regular MTA. Also, it doesn't make sense to spoil bandwidth for sending spam messages or big viruses back. Rejection on MTA level is quite economic because you only need the header. If you want to hold the connection, scan with spamd and then reject at MTA level there is absolutely NO advanatage to you. You had to take the whole body for scanning, anyway, and you waste ressources for the open connection and immediate scanning. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
