Re: ALL_TRUSTED creating a problem

Thu, 19 Oct 2006 11:36:13 -0700 

Mark wrote:

-----Original Message-----
From: Jo Rhett [mailto:[EMAIL PROTECTED] Sent: donderdag 19 oktober 2006 9:56 
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: ALL_TRUSTED creating a problem


Perhaps SA being focused on "post-SMTP" is the problem here. Why is
this the focus? In the modern world, you want to reject
during SMTP not send backscatter to the poor folks whose e-mail got
forged.

Frankly, a milter environment is the only possible right way
to run SA. So why the constant comments as if this is some one-off
weird config?


I reckon the focus of SA on "post-SMTP" is due to the fact that it
operates, by nature, post DATA phase.


Huh?  It operates when I ask it to.  What are you trying to say here?


I agree that milters, or any other stuff done during the SMTP dialogue,
are a preferable first line of defense. But since full SA checks need to
be done post-DATA anyway, you lose much of the advantage of a milter (e.g.
pre-DATA phase early-outs).
Huh? I don't get you. What exactly about SA *requires* that it be done post-SMTP...? 

And if that's true, why isn't there a major effort to overhaul it?


A milter gives you the advantage of REJECT-ing during the SMTP dialogue
(which really is a boon). But unless you close the connection first (thus
losing the aforementioned advantage), SA checks can be quite
time-consuming, especially with much RBL stuff done. Hence, these days I
choose to let the LDA do SA checks. That way a spamd process can chew away
for a whole minute or so (an eternity within an SMTP dialogue), without
anything being at risk of timing out.
Perhaps, but SMTP isn't interactive so who cares? And hell, I'm running SA on a very ancient 1g system and scan times are only 9-12 seconds. You'd have to be running on a 486 or on the other side of a modem to see 1 minute scan times. (and I'm running the entire set of SARE rulesets and few dozen others as well) 


As for backscatter to the poor folks whose e-mail got forged, you're not
supposed to do that anyway. And LDA using SA should either silently drop a
message indicated as spam, or attach it with ***SPAM*** in the subject or
some such. But never re-open a connection to who one thought was the
sender, to tell them they sent you spam; that very act is spamming itself.
No kidding. But silently dropping FP is a major problem too. You want FP to bounce back to the sender as normal. Therefore SMTP-time running is the only sensible solution. 

--
Jo Rhett
Network/Software Engineer
Net Consonance

Reply via email to