Rejecting at SMTP time (Re: [Techtalk] Testing home mail server)
conor.daly at cod.utvinternet.com
conor.daly at cod.utvinternet.com
Wed Feb 9 20:11:37 EST 2005
On Tue, Feb 08, 2005 at 08:31:22PM -0600 or so it is rumoured hereabouts,
Colleen Hatfield thought:
> On Wed, 9 Feb 2005 11:33:35 +1100, Mary <mary-linuxchix at puzzling.org> wrote:
> > On Wed, Feb 09, 2005, conor.daly at cod.utvinternet.com wrote:
> > > The idea is that it will reject loads of spam at smtp time rather than loading
> > > spamassassin with junk.
> > What are the reasons you're doing this? The most common one is "the
> > bounce will go straight back to the spammer because it's happening at
> > SMTP time, and they will realise my address is spam immune!"
> I'd say the most compelling reason to do so is that you waste less of
> your resources dealing with the spam. If you can reject the spam
> during the SMTP transaction (preferably as early as possible), less of
> your bandwidth, disk space and server cycles are wasted on garbage. I
Yep, it's as selfish as that... About 95% of my inbox is spam (after
filtering list traffic off to folders) and my wife is starting to see spam
to her address these days. Since Ireland is still very much behind the
times when it comes to internet connectivity, the spam bandwidth useage
can be significant.
As I understand it, many of the spammer's relays these days are trojaned
privately owned MS machines which will not pass on rejections anyhow.
Secondly, (and I'm definately well outside of 'what I know to be true' and
firmly planted in 'what I think will make me sound convincing' here!), the
typical "your message to xxxx at yyyy was identified as spam" bounces are
generated by badly configured filtering systems while an smtp time
rejection puts the responsibility back on the sending relay to send a
bounce message or not.
If the sending relay is a real mail server, then it's spam friendly,
misconfigured and out of my control. If it's a trojaned machine, chances
are the smtp engine installed is the minimum necessary to send the stuff
out and it won't bother with bounce messages.
It's more like closing the windows of the car so the rubbish thrown at in
falls on the ground rather than into the car. If it gets into the car, I
have to take on the responsibility for properly disposing of it. If it
bounces off the window, it's not my problem. If society is prepared to
accept such littering, all I can do is ensure that I'm as little
inconvenienced by it as possible. Yeah, I know that's a poor analogy...
> Silently discarding mail is a pretty scary proposition to me without
> being able to guarantee a 0% false positive rate. Everyone has their
> own preferred way of dealing with such things though ;-).
I haven't put this machine up facing the internet yet so I've no idea
about how it will perform. The eximconfig rules will reject stuff like
.exe and .scr attachments and message subjects containing words like
'viagra' and so on. As I understand it, they're fairly conservative so
there'll be false negatives rather than positives. It's meant to be used
with spamassassin behind it for further filtering and so it's configured
to accept some of the spam.
Now that my kids are starting to use email, I also need something a bit
stronger. Currently, their incoming email comes to me first for filtering
and there's no spam load. Once they let their addresses out into the wild
(as they will do being kids and since their correspondents will most
likely be running MS), the spam volume will increase sharply...
Conor (who has to go learn squid now 'cos they want to use the
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
08:50:25 up 1 day, 20:10, 1 user, load average: 0.09, 0.06, 0.01
More information about the Techtalk