[Techtalk] re: Postfix reload

Carla Schroder carla at bratgrrl.com
Tue Sep 16 13:18:49 EST 2003 

On Tuesday 16 September 2003 12:48 pm, Travis Casey wrote:
> Tuesday, September 16, 2003, 1:46:25 PM, Carla Schroder wrote:

> > OK, let's make sure of our terminology- Spamassassin is not a RBL, it's a
> > filter. You know that. :) So yes, sending bounce messages from
> > Spamassassin is a waste of time, because it does not have the ability to
> > get past forged return addresses.
>
> Well... that depends on what you're doing.  We're using Spamassassin
> here, and we do wind up blocking some legitimate email -- generally
> from folks who have "spammer-like" email addresses like
> joe358 at aol.com, like to use ALL CAPS, put exclamation points in their
> subject lines, and use services like AOL with mail servers that often
> manage to wind up in blacklists.
>
> Now, if it were up to me, I might just ignore these people -- if
> you're going to send mail that looks like spam, you ought to expect it
> to get ignored.  Unfortunately, we're a government agency, and the
> people who write in all caps and use lots of exclamation points are
> often also people who like to complain to their representatives.  And with
> 10,000+ incoming emails/day, we have a hard time getting a zero
> false-positive rate.
>
> What we've wound up doing, then, is having a bounce message which
> basically says, "Your email has been rejected as possible unsolicited
> commercial email.  If you feel this is in error, please contact
> postmaster@<our agency>.  If you would include a copy of the message
> which you tried to send, that would help us to tune our filters."
>
> We also included postmaster in an "all-spam-to" line, so no one ever
> gets blocked from sending to our postmaster.
>
> Now, of course, there will be some forged addresses where folks who
> never sent us email are getting bounce messages... but from my logs,
> it looks like most spammer-forged addresses just don't exist.  In our
> situation, we think it's a necessary evil.  It especially won't do
> for, say, someone to send a query about their permit application and
> not know that their query never made it to us.

Yes, this is illustrates the problem with trying to automate spam-filtering. 
It is impossible to get a zero-false positive rate if you expect a lot of 
mail from strangers. 

I set up my customers with Spamassassin folders- everything it catches goes 
into a special folder. Then a real human reviews it periodically. I don't 
bother with bounces, because it just clogs the internet and annoys innocent 
people. I'm getting hardcore on the no-bounce issue- as does anyone who has 
been the target of multiple Joe-jobs.  Last week I had a running battle with 
the moron admins at Cisco- one of their servers sent me over 1,000 
you-sent-me-a-virus bounces. Idiots. 

And I make sure they have good whitelists, this is very important. All 
spam-control measures work a lot better if you use whitelists, it saves a 
huge amount of aggravation. 

But, like your office, my business customers expect mail from all kinds of 
people, and from all kinds of new contacts. The bottom line is there is no 
substitute for having human eyeballs monitoring the system. 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.8 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the Techtalk mailing list