On 7/27/23 6:25 AM, Matus UHLAR - fantomas wrote:
I use spamass-milter on my system and amavisd-milter on other systems
especially to be able to reject spam at SMTP time. Definitely a good thing.
:-)
You just should not use it for "outgoing" mail from your clients, so
they don't complain about sending mail taking ages.
Eh ....
I'm an advocate for spam filtering all email coming into the server,
even email coming into the MSA on it's way out to another server across
the Big Bad Internet.
You may need to limit SA processing to some 270 seconds to avoid
5-minutes timeout (which contradicts RFC5321 section 4.5.3.2.6. which
mandates 10-minute timeout on DATA termination, but here we are).
This is one of the reasons that I mentioned configuring the MSA with
much longer timeouts in another recent thread (though I don't remember
which list).
I have in the past configured an MSA to accept messages (with really
long for email timeouts) and relay the messages through the local MTA
where I applied the filtering that I'm talking about.
This allowed clients, even on dial up, to send larger email with
attachments to not time out /and/ to be able to be filtered to avoid
contributing to spam if (when) accounts were compromised.
Seeing as how the MUAs authenticated to the MSA to send, I have a very
good idea who I needed to have a chat with in the event that something
unsavory was making it through the MSA to the filtering MTA, or worse
out to the Big Bad Internet.
Grant. . . .