On Mon, 19 Jun 2006, David B Funk wrote:
On Mon, 19 Jun 2006, Justin Mason wrote:
Yep -- that's the key point -- as far as I know it's illegal (in SMTP terms) to offer a 421 after DATA.RFC-2821 section 3.9: An SMTP server MUST NOT intentionally close the connection except: - After receiving a QUIT command and responding with a 221 reply. - After detecting the need to shut down the SMTP service and returning a 421 response code. This response code can be issued after the server receives any command or, if necessary, asynchronously from command receipt (on the assumption that the client will receive it after the next command is issued). So anytime is 421 time. ;) also a 451 is explicitly listed as an acceptable error response to a DATA.
OK, if that's the case, let me offer my own personal justification of why it might be worthwhile to combine greylisting with SpamAssassin. Basically, greylisting has an achilles heel: legit messages from unknown senders are delayed a long time. This is fine for certain types of organizations, but what if all the accounts on your mail server are for salespeople? They're constantly trying to generate new contacts and leads, and they really don't want their communications to be delayed. This is just one example; there are surely other people who don't want any delays that can be avoided. So, what does this have to do with greylisting + content-based filtering? It's simple: if you receive a message from an unknown sender / domain / IP / whatever, you can then do a spamassassin run on it. If it comes up with a very low score (almost definitely not spam), let it pass. If it comes up with a very high score (almost definitely spam), drop it right away. If it comes up with an indeterminate score, apply the greylisting approach and delay it until later. What does this buy you? Two things. The first is that low-risk messages (based on content) go right through, eliminating much of the downside of greylisting. The second is that for messages which SpamAssassin is unsure about, you get the added benefit of greylisting. By definition, SpamAssassin by itself is insufficient in these cases, so any extra information you can gather (i.e. whether the sender retries) is valuable information. To put it another way, greylisting has a high cost in terms of convenience. So, apply greylisting only when SpamAssassin is not confident in its judgement; in those cases, you can easily justify the cost, and in the other cases, you can avoid the cost of greylisting completely. - Logan
