LDA input validation

Stéphane Cottin stephane.cottin at vixns.com
Mon Jan 26 10:58:05 UTC 2015


> Le 26 janv. 2015 à 11:21, Reindl Harald <h.reindl at thelounge.net> a écrit :
> 
> 
> Am 26.01.2015 um 10:52 schrieb Stéphane Cottin:
>>> Le 26 janv. 2015 à 10:09, Reindl Harald <h.reindl at thelounge.net> a écrit :
>>>>> You're stilling going to lose contents.  If dspam fails, the mail
>>>>> is dumped, the LDA returns exit code 75, and the MTA will probably
>>>>> issue a bounce Email to the sender.
>>>> 
>>>> which would be OK, if "never loose email contents" means "no message is
>>>> discarded silently".
>>> 
>>> no, it is not OK to backscatter because the spamfilter fails
>>> 
>>> realize that 99% auf junk is using forged senders
>>> 
>>> recently i got each day some hundret such bounces from mailservers configured by fools reply to spam with forged senders and if i could i would have gone out for beat every responsible admin straight in the face
>> 
>> I may discard emails based on RBLs, but I don't want to discard emails based on statistical fllters, I prefer deliver them in the Junk folder and let the user have a chance to reclassify using dovecot_antispam.
>> And yes, bounce spams to (forged or not) sender is useless
> 
> you *must not* discard mails - in no context - period

right, s/discard/reject/

> 
> that's why milters exist to tag between let say 5.0 and 8.0 spam points and REJECT pre-queue based on SpamAssassin and/or ClamAV
> 
> maybe dspam can't do that, but it's *abandonware* anyways
> http://comments.gmane.org/gmane.mail.spam.dspam.user/19136

dspam is fast and lightweight, ideal for low memory virtual servers, and AFAIK the only spamassasin alternative.




More information about the dovecot mailing list