Mark wrote: > Mark is well aware of the benefits of milters. ;) In fact, I run > clamav too. But clamav isn't SA.
No, but it needs the message body just like SA does, and it serves a similar purpose in my mind: detecting email you don't really want to receive, based on the contents of the message. > And I was arguing the case that, > since SA needs to be done post-DATA, there's really not a whole lot > of advantage you gain from bringing it to a milter How many false positives have you seen with a score over, say, 20? Personally, I've never seen one, and I'm confident enough that I never will. So, I've got my MTA rejecting anything over that during the SMTP transaction. Personally, I do see this as a "whole lot of advantage." One is that it doesn't take up space in the queues or in my mailbox. Two is that I don't have to look at it. (Spam that gets to my inbox -- tagged or not -- is still spam that got to my inbox.) And perhaps most importantly is that, if there ever is a false positive, the sender will get a notice from THEIR server that the message was rejected by MY server. This simultaneously eliminates backscatter (since I don't have to send any bounce messages) and yet *still* allows legitimate senders to be notified of FPs. Of course, stopping spam before you even *get* to the DATA stage is better. But this nicely takes care of most things that get past the other defenses. I said in an earlier message that, in the last 7 days, SpamAssassin here scanned over 119,500 messages. Of those, just over 58% of the messages (69,562) were stopped during the SMTP transaction. That's just over 69,500 junk messages that didn't make it to my users.
