[milters] Archive

Lists Index Date Thread Search

Article: 1044
From: Anthony Howe
Date: 2010-09-01 01:31:28 -0400
Subject: Re: milter-spamc 2.0 testing

On 30/08/2010 11:35, Emanuele (aka Skull) whispered from the shadows...:
> On 8/24/10 4:52 PM, Anthony Howe wrote:
>> I am in the process of preparing a 2.0 release of milter-spamc. The
>> major new features are:
>>
>>    *	smtp-dsn-enable (selective recipient delivery) see change
>> 	log below for documentation.
> [...]
> 
>> 	When +smtp-dsn-enable, a message with multiple recipients, has
>> 	some white listed recipients, and is identified as reject-able
>> 	spam, then the non-white listed recipients are removed from the
>> 	delivery list and a DSN message sent to the sender concerning
>> 	those recipients.
> 
> 
> Interesting, but isn't this prone to generating backscatter?

Anything can be prone to backscatter depending on the nature of abuse.
This option will only send one DSN per message with the list of rejected
recipients. If a message arrives already enveloped split, then there
won't be any different from existing behaviour if you think about.

The option is intended to address a long standing issue of how to handle
a message with multiple recipients that are a mixture of black / white /
and indifferent recipients. Explicitly black listed recipients are easy,
since they are rejected at the RCPT TO: command, but in the case of
milter-spamc, where you judge the content only after accepting the
explicitly white-listed and indifferent RCPT commands; the question is
how to avoid "bleed" through of spam because of a single white listed
recipient.

Typically though spam with multiple recipients per message appear to
have declined in use (site recipient limits, dictionary detection,
botnet sizes vs old school single mail cannons).

> is it possible to define a sort of "fallback policy" in case of
> multi-recipient messages exceeding the score with one or more recipients
> whitelisted?
> 
> Like "if one of the recipients is whitelisted then TAG the mail (instead
> of rejecting it) and deliver it to all recipients"?

This is certainly possibly. Tagging certainly won't hurt, unless DKIM /
PGP is used to sign the Subject: header.

Yet you still face the issue that some users will complain that: if you
knew enough about a message to tag it as spam, why didn't you reject it?
Most people don't understand SMTP, milter API, and the complexities of
working with multiple-recipient message and a mix of user preferences.

Tagging just gives the end user filters more chance.

> This could also be a way to manage situations where some users want you
> to reject spam while others want you to tag...

I don't see how this can be satisfied. Once you reach the DATA state,
you either accept the message or reject it at end-of-message. Once the
message is accepted, the only sensible way to reject is
"accept-then-bounce" through a DSN.

You can't reject a message at DOT and still deliver the message tagged
or otherwise, as that will generate a DSN by the sending MTA, more
confusing than the receiving MTA generating a more sensible detailed
DSN. The sender is likely to retry, resulting in duplicate messages
received by recipients.

There are some sites that refuse to ever send a DSN, paranoid about
backscatter, which causes support problems for both the sending and
receiving mail services: sender will complain to their service about
mail not getting through and not being told why via a DSN; recipients
will complain that they are not receiving expected mail from a sender.

-- 
Anthony C Howe            Skype: SirWumpus                  SnertSoft
+33 6 11 89 73 78       Twitter: SirWumpus      BarricadeMX & Milters
http://snert.com/      http://nanozen.info/     http://snertsoft.com/

Lists Index Date Thread Search