[milters] Archive

Lists Index Date Thread Search

Article: 1046
From: Emanuele (aka Skull)
Date: 2010-09-01 10:12:26 -0400
Subject: Re: milter-spamc 2.0 testing

On 9/1/10 7:31 AM, Anthony Howe wrote:
> Anything can be prone to backscatter depending on the nature of abuse.
> This option will only send one DSN per message with the list of rejected
> recipients. If a message arrives already enveloped split, then there
> won't be any different from existing behaviour if you think about.

But when botnets are involved, the amount of DSN sent back to a fake
address can be massive...

> The option is intended to address a long standing issue of how to handle
> a message with multiple recipients that are a mixture of black / white /
> and indifferent recipients. Explicitly black listed recipients are easy,
> since they are rejected at the RCPT TO: command, but in the case of
> milter-spamc, where you judge the content only after accepting the
> explicitly white-listed and indifferent RCPT commands; the question is
> how to avoid "bleed" through of spam because of a single white listed
> recipient.
> Typically though spam with multiple recipients per message appear to
> have declined in use (site recipient limits, dictionary detection,
> botnet sizes vs old school single mail cannons).

This seems not to be so true: at least one of the botnets out there
spits out multi-recipient spam (10-15 RCPTs max).

>> is it possible to define a sort of "fallback policy" in case of
>> multi-recipient messages exceeding the score with one or more recipients
>> whitelisted?
>> Like "if one of the recipients is whitelisted then TAG the mail (instead
>> of rejecting it) and deliver it to all recipients"?
> This is certainly possibly. Tagging certainly won't hurt, unless DKIM /
> PGP is used to sign the Subject: header.

Yep. In truth, with "tagging" I meant "adding a proper spam header",
adding a TAG to the subject line, for the reasons you already noted out.

> Yet you still face the issue that some users will complain that: if you
> knew enough about a message to tag it as spam, why didn't you reject it?
> Most people don't understand SMTP, milter API, and the complexities of
> working with multiple-recipient message and a mix of user preferences.
> Tagging just gives the end user filters more chance.

Yes, but at least that "fallback policy" gives me the chance to explain
the reason why he/she receives that spam ("you're not the only recipient
and others wanted it") and point him/her to "how you can set up your MUA
to filter it out if you want to".
Or do that for him/her during local delivery...

>> This could also be a way to manage situations where some users want you
>> to reject spam while others want you to tag...
> I don't see how this can be satisfied. Once you reach the DATA state,
> you either accept the message or reject it at end-of-message. Once the
> message is accepted, the only sensible way to reject is
> "accept-then-bounce" through a DSN.

Suppose to add a global configuration flag with the meaning:

"If the recipient (or one of the recipients) is whitelisted, run spamc
anyway but fallback to this other policy".

So, even if the mail comes with only one recipient, I can still run
spamc on it and add proper headers.

So the recipient still receives all the spam, but is allowed to filter
it out during local delivery or setting his/her MUA to trust the headers
I added with milter-spamc...

> You can't reject a message at DOT and still deliver the message tagged
> or otherwise, as that will generate a DSN by the sending MTA, more
> confusing than the receiving MTA generating a more sensible detailed
> DSN. The sender is likely to retry, resulting in duplicate messages
> received by recipients.
> There are some sites that refuse to ever send a DSN, paranoid about
> backscatter, which causes support problems for both the sending and
> receiving mail services: sender will complain to their service about
> mail not getting through and not being told why via a DSN; recipients
> will complain that they are not receiving expected mail from a sender.

I'm not one of those, but sending out DSNs as a result of spam-filtering
has been observed to be problematic for a long time now...

Receiving is OK, with or without "tagging"
Rejecting is OK
Bouncing back should be done only if there really is no other choice,
and I try to avoid it whenever I can.

Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.

Lists Index Date Thread Search