[Dovecot] Dovecot aspects of fighting spam

Stan Hoeppner stan at hardwarefreak.com
Tue Jun 1 19:41:58 EEST 2010


Phil Howard put forth on 6/1/2010 11:25 AM:
> On Tue, Jun 1, 2010 at 12:17, Stan Hoeppner <stan at hardwarefreak.com> wrote:
>> Phil Howard put forth on 6/1/2010 9:15 AM:
>>> On Tue, Jun 1, 2010 at 10:04, Jerry <dovecot.user at seibercom.net> wrote:
>>>
>>>> The fight against SPAM is NOT Dovecots responsibility.
>>>
>>> Whose responsibility is it to get detected spam delivered into the
>>> correct folder?  Dovecot deliver is typically used to deliver into the
>>> Inbox(es).  It would be involved.
>>
>> It's the MTA's responsibility to _REJECT_ spam attempts at SMTP time.  It's
>> the mail OP's responsibility to properly configure the MTA to do so.  Spam
>> fighting should be performed pre queue, not post queue.
>>
>> I suggest you bone up on modern spam fighting techniques.  Post queue content
>> analysis is not the proper way to fight spam, especially in 2010.
> 
> For my own personal server, I would agree.  Even for a general email
> or freemail service I would agree.
> 
> However, for certain business environments, even a few false positives
> can be very troubling to management.  Greylisting, and with shades of
> grey, is often more appropriate.  Given that this puts mail where it
> will likely never be read or responded to, certainly doing as much as
> you can at SMTP time for a 5XX rejects is preferred, so that
> legitimate mail that would otherwise not be responded to is known to
> be not delivered where it would be read.  But this can't be for
> everything, as even a FP rate of 0.01% is too much.
> 
> So in the end, there has to be an administrative policy decision as to
> what to do with what is detected as spam.  And if I can find a way,
> I'd like to even set that up so end USER policy can be applied even at
> SMTP time (e.g. user decides if spam is blacklisted or greylisted,
> along with user specified whitelists).  But that's pushing the
> boundaries for now.  When I get time, I will look into that degree of
> control.

Law firm or heavily FED GOV regulated industry?  Or just HUA (head up ass)
management with zero understanding of email and spam?

-- 
Stan



More information about the dovecot mailing list