Question about quarantine

John Hinton webmaster at ew3d.com
Sat May 4 15:01:37 CEST 2013 

On 5/4/2013 6:37 AM, Simon Brereton wrote:
>
>
> On 4 May 2013 12:02, "Patrick Joy" <paddy at paddyjoy.com 
> <mailto:paddy at paddyjoy.com>> wrote:
> >
> >
> > On 04/05/13 19:44, Simon Brereton wrote:
> >>
> >> > On 04/05/13 18:58, Simon Brereton wrote:
> >> >>
> >> >>
> >> >> On 4 May 2013 05:15, "Patrick Joy" <paddy at paddyjoy.com 
> <mailto:paddy at paddyjoy.com>> wrote:
> >> >> >
> >> >> > Hi everyone,
> >> >> >
> >> >> > I have just configured amavis-new (2.5.3) and spamassassin 
> (3.2.5) and integrated with postfix (2.5.1). I have linked amavis to 
> mysql also.
> >> >> >
> >> >> > Everything seems to working fine, spam headers are being added 
> and some mail is going the the quarantine however I would appreciate 
> it anyone could answer the following questions about the behaviour of 
> the quarantine.
> >> >> >
> >> >> > I have the following settings:
> >> >> >
> >> >> > $sa_spam_subject_tag = '***SPAM*** ';
> >> >> > $sa_tag_level_deflt  = -9999;  # add spam info headers if at, 
> or above that level
> >> >> > $sa_tag2_level_deflt = 8; # add 'spam detected' headers at 
> that level
> >> >> Email will have ***SPAM*** added to the subject..
> >> >>
> >> >> > $sa_kill_level_deflt = 10; # triggers spam evasive actions
> >> >> Email will quarantine..
> >> >>
> >> >> > $sa_dsn_cutoff_level = 15;   # spam level beyond which a DSN 
> is not sent
> >> >>
> >> >> Email will be discarded. Sender will not be notified.  See 
> $final_spam_destiny       = D_DISCARD;
> >> >>
> >> >> > $final_virus_destiny      = D_DISCARD;  # (data not lost, see 
> virus quarantine)
> >> >> > $final_banned_destiny     = D_BOUNCE;   # D_REJECT when 
> front-end MTA
> >> >> > $final_spam_destiny       = D_DISCARD;
> >> >> > $final_bad_header_destiny = D_PASS;     # False-positive prone 
> (for spam)
> >> >> >
> >> >> > 1) Does this mean that anything with a score over 8 will go 
> the quarantine?
> >> >> > 2) What happens emails with a score over 10? Do they get 
> discarded or do they go to the quarantine?
> >> >> > 3) What happens emails with a score over 15? Do they get 
> discarded or do they go to the quarantine?
> >> >> >
> >> >> > My aim is to have nothing discarded, I would like all 
> suspected emails to go to the quarantine and have users decide before 
> whether they get discarded or not. Do I have the correct settings for 
> that?
> >>
> >> On 4 May 2013 11:31, "Patrick Joy" <paddy at paddyjoy.com 
> <mailto:paddy at paddyjoy.com>> wrote:
> >> >
> >> > Thanks Simon,
> >> >
> >> > So if I don't want anything to be discarded I should increase 
> $sa_dsn_cutoff_level to something large like 9999?
> >>
> >> Please don't top post..
> >>
> >> Yes, or I believe just comment the line out.
> >
> > Thanks I'll experiment with both.
> >
> >> For what it's worth I've never seen a legitimate mail with a 
> spamassassin score over 15.  I can't imagine why you'd want to not 
> discard them.
> >
> > That's good to know! The main reason I want to keep them all is 
> because customers can be funny sometimes, one missing email 
> (legitimate or not) and they will be up in arms.
>
> But it's your responsibility as a service provider (which if you have 
> customers is what you are) to also protect them.  And us.  And you.
>
> Assume I'm wrong and only most email 15 and over is spam... the ones 
> you're quarantining for them to look at contain phishing links and 
> viruses/Trojans, whether by payload or link. Now if your customer is 
> not educated to appreciate that smtp is an unreliable communications 
> protocol, they are probably also likely to click on Trojan installers 
> and respond to phishing attacks.
>
> Now their network is compromised, or your machine is spewing spam and 
> in a blacklist.   Now all your other customers are mad and you have 
> much bigger problems than a missing email (which might have gone 
> missing for any number of reasons out of your control).
>
> In short, yes, you have to, as a service provider, provide 
> reliability.  But as with any it service you have to balance the wants 
> of a few against the security of many.
>
> It's of course your machine, your customer and most important of all, 
> your policy.  I'm not mandating what you should or should not do, but 
> have a think about it and the implications and look at the risk/reward.
>
> Good luck!
>
> Simon
>
Studies have been done and if I recall the numbers... 'people' given all 
their mail to filter make 4 mistakes in 1000 emails. If you can reduce 
that 1000 number by removing most of what is scored highly as spam, the 
'maybe spam' left in their spam box leads to more accurate recovery of 
ham by a human. So, yes, it is proven that at a certain level of 
filtering, accurate delivery of email to the Inbox increases. Will they 
complain when the one is missed? Yes. Will it be your filter? Only on 
very rare occasions. Are these the same people that complain to you 
about too much spam? Generally yes.

Now... if you could please stop spamming my Inbox by CCing the amavisd 
list instead of replying to the amavis list so that my mail filters 
work. I would appreciate that as well.

John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20130504/60f2703a/attachment.html>

More information about the amavis-users mailing list