John Hardin <jhar...@impsec.org> wrote: > On Fri, 8 Jul 2011, Lars Jørgensen wrote: > >>>> $sa_tag2_level_deflt = 5.2; # add 'spam detected' headers at that level >>>> $sa_kill_level_deflt = 6.2; # triggers spam evasive actions (e.g. blocks >>>> mail) >> >>> That seems a little aggressive to me. Personally I'd prefer a larger >>> margin of error for FPs, and would set the discard level to 9 or 10 >>> (unless the "evasive actions" include "quarantine for review"). >> >> "evasive actions" do indeed include quarantine. No-quarantine-cutoff is set >> at 20, which may be a bit high, but we got room for it. > > So, tag at 5.2, quarantine at 6.2, discard at 20? That sounds > reasonable to me, assuming the quarantine is readily accessible for > review.
If you want to treat email as *RELIABLE* delivery service then avoid discarding at high cost - reject in SMTP session to make *sending host* responsible for sending bounce message. [ It can be done using milters with both sendmail and postfix ] I do remember situation in which receiving MTA simply discarded important message from one of my users and it took a few days for sender *and recipient* to find out that message has been silently discarded: *sender assumed that recipient reads it in silence, * recipient assumed in silence that those [...] longer have not sent it yet I can treat it as funny *today* but it was not funny. -- [pl>en: Andrew] Andrzej Adam Filip : a...@onet.eu The power to destroy a planet is insignificant when compared to the power of the Force. -- Darth Vader
