Block auto-replies to spam
francis picabia
fpicabia at gmail.com
Thu Oct 20 21:07:39 CEST 2011
On Thu, Oct 20, 2011 at 3:16 PM, Mark Martinec
<Mark.Martinec+amavis at ijs.si> wrote:
> So your outbound bounces are generated by a content filter
> associated with a user's mailbox (like sieve) ???
> Probably not the best idea. If it is spam, it should not be bounced.
> Let a user just delete it, if it gets delivered.
Much of it comes from "out of office" set up on Exchange.
I have no control over the users in this regard.
They feel it is worthwhile to let the small number
of real email senders know of alternate addresses
to contact while they are away on vacation, etc.
>> On outbound, we don't pass it through SA, but we do scan for viruses.
>>
>> Most of the email sitting in our outbound queue is undeliverable
>> auto-replies. Many of them are already tagged as spam on
>> the inbound pass through our SA.
>>
>> Is it possible to have amavis kill auto replies when there
>> is an existing spam tag in the email?
>
> If bounces were generated by amavisd, the limit on a spam
> level beyond which a bounce is suppressed is controlled by
> $sa_dsn_cutoff_level . But your case seems to be different.
>
> There is no mechanism in amavisd to suppress outbound
> bounces generated by internal hosts, apart from devising
> some SpamAssassin rule, assuming outbound mail would
> be content filtered.
I thought of creating some such filter, but it isn't easy, as
I'd be seeking the spam tags within an attachment.
Scanning it again on outbound isn't going to get
as high of a SA score.
>> Looking at the deferred auto replies, I see headers such as these
>> from the inbound pass, within the rfc822 attachment:
>>
>> X-Spam-Flag: YES
>> X-Spam-Score: 15.418
>> X-Spam-Level: ***************
>>
>> Maybe we should look at killing it on inbound, but it would require
>> more of a policy discussion.
>
> Avoid the problem entirely: either tag and deliver spam,
> or reject it outright by using amavisd as a pre-queue (proxy)
> content filter. Or use a combination: reject high scoring spam
> (kill level), but tag-and-deliver medium score spam (tag2_level).
We decided to start doing quarantine (without notification)
on high scoring spam, similar to what you suggested.
This should reduce the number of stale messages sitting
in the outbound queue.
I saw some documentation reference to running amavisd
as a pre-queue and it said this was not recommended
- I do not know why.
We are running postscreen from postfix as a pre-queue
filter and it works very well. Yet to hear of a false positive
in several months of use at a site with ~60,000 delivered
inbound email per day.
More information about the amavis-users
mailing list