Spam notification
in [Postfix]
|
Prev: "user unknown" when switching LDA
Next: Suppress "Command died with status 1" in Pipe transport
From: Birta Levente on 18 Jun 2010 05:38 On 18/06/2010 11:36, Antoine Nguyen wrote: > Hi all, > > I'm facing a stupid situation and I'm looking for advises. I'm using a > postfix relay to filter viruses and spams. All is working well except > with spam that use the same declared address for both sender and > recipient. What happened in this particular situation is described as > follow: > * The spam is detected, > * A notification is sent (with the original message as an attachment), > * The targeted recipient in my domain receives that notification. > > Conclusion: the spam is passed! I could stop sending notifications but > I think my employer would not like it... > > I'm sure some of you have already faced and solved this kind of > situation. I'm looking for your help :-) > > Thanks in advance, > > Antoine. > > In my opinion the best way is to block all mails if sender appear in recipient addresses. (I think it's stupid to send mail to yourself, if it's about not spam) Levi
From: Erik Logtenberg on 18 Jun 2010 05:42 Michael Weissenbacher wrote: >> Conclusion: the spam is passed! I could stop sending notifications but I >>> think my employer would not like it... > Short answer: > You should NEVER notify anyone about detected spam! This will > effectively make yourself a spam source. It's even worse when you attach > the original message. He sends the notification not to the apparent (probably forged) sender, but to the intended receipient. This way he won't really be a spam source, but on the other hand, his solution isn't helping much either ;) In general, you should definately not send notifications regarding spam detection.
From: Antoine Nguyen on 18 Jun 2010 05:47 Le 18/06/2010 11:42, Erik Logtenberg a écrit : > Michael Weissenbacher wrote: > >>> Conclusion: the spam is passed! I could stop sending notifications but I >>> >>>> think my employer would not like it... >>>> >> Short answer: >> You should NEVER notify anyone about detected spam! This will >> effectively make yourself a spam source. It's even worse when you attach >> the original message. >> > He sends the notification not to the apparent (probably forged) sender, > but to the intended receipient. > This way he won't really be a spam source, but on the other hand, his > solution isn't helping much either ;) > > In general, you should definately not send notifications regarding spam > detection. > > Yes that's what happened. The notification si sent directly to the real MX declared server that is behind the relay. I've just realized that my $final_spam_destiny was set to D_REJECT and not D_DISCARD. My bad :p So now, notifications will not be sent to anyone.
From: "Reko Turja" on 18 Jun 2010 05:51 > I'm not a great fan of quarantining, although it works fairly well > for webmail systems where the quarantine can be accessed through the > same interface as the inbox (eg, Gmail and Hotmail). It's less > helpful where mail is delivered to a POP3 or IMAP box as users have > to go to a separate interface to check the quarantine. With quarantine and IMAP, one approach is using sieve with IMAP server and forwarding the border cases automatically via sieve rules to users junk/spam folder. That way quarantine can be accessed from the regular mail client or web interface and checked by the user him/herself if important mail seems to be missing. At least Cyrus can do this pretty painlessly, and I think Dovecot does support sieve these days too. -Reko
From: Antoine Nguyen on 18 Jun 2010 06:12 Le 18/06/2010 11:51, Reko Turja a �crit : >> I'm not a great fan of quarantining, although it works fairly well >> for webmail systems where the quarantine can be accessed through the >> same interface as the inbox (eg, Gmail and Hotmail). It's less >> helpful where mail is delivered to a POP3 or IMAP box as users have >> to go to a separate interface to check the quarantine. > > With quarantine and IMAP, one approach is using sieve with IMAP server > and forwarding the border cases automatically via sieve rules to users > junk/spam folder. That way quarantine can be accessed from the regular > mail client or web interface and checked by the user him/herself if > important mail seems to be missing. > > At least Cyrus can do this pretty painlessly, and I think Dovecot does > support sieve these days too. > > -Reko Good idea. But I think this is getting harder if you want to allow users to notify server about its errors (false positive, false negative, ...). Talking about that, I would just let the list knows that I've just released a new version of MailNG. This is a web based tool that allows the administration and use of a virtual domains hosting platform. It provides: * An admin panel to create domains/mailboxes/aliases and more, * A simple webmail, * A quarantine managment tool (Amavisd-new sql quarantine), * Automatic replies (vacation), * Graphical statistics. It works great with postfix. In fact, I've only tested it with postfix ;-) The project lives here : http://projects.koalabs.org/trac/mailng/ Antoine
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: "user unknown" when switching LDA Next: Suppress "Command died with status 1" in Pipe transport |