Re: Drop UCE instead of forwarding off-site?

"Hauke Fath" <dont.spam.usenet@xxxxxxxxxxxxxx> wrote in message
news:1izrt3t.miykeusfo4c3N%dont.spam.usenet@xxxxxxxxxxxxxxxxx
I have two mail servers here in the institute. The University blocks
port 25 both ways; they run incoming mail through an address whitelist
for existing recipients and spam-tag it, then forward to local servers.
On-campus machines have to send via the outgoing mail relay, where they
recently started to filter and reject UCE, to avoid getting blacklisted.

Now, we have quite a few aliases entries which forward mail off-site:
Alumni, external staff which is associated with the local groups but
works elsewhere, students. Some of these aliases get a lot of spam -
it's properly tagged, but since it gets forwarded, the local mailfilter
doesn't see it. My machines try to forward it, the outgoing mail relay
rejects it, and it ends up in my postmaster box: We are talking about
~1000 mails/d.

"The local mail filter doesn't see it": Then your spam checking is in the
wrong place.

My question: How can I detect that a mail is to be forwarded to another
MTA, and only then, if spam headers are set, quietly discard it?

Check it with a milter at the recipient hook for a mailer other than
local - macro ${rcpt_mailer}.

From milter MIMEDefang: "For example, for local recipients, $rcpt_mailer
is likely to be 'local', while for remote recipients, it is likely to be
'esmtp'."

I've been looking at milters, but while detecting the headers is not an
issue, I haven't seen anything that gave me information about the "to be
forwarded off-site" property.

What did I miss?

See above.

Also note that there is a potential race condition regarding spam
classification that uses external databases (DNSBLs, checksums, etc.). No
matter how good your front end MTA is, there's always a chance that a given
message's spam status changes after the front end has accepted it and
before the back end forwarded target MTA receives it. That validates the s
uggestion for "ExtendedErrorDrop" and its purpose to quash backscatter.


.

Relevant Pages

  • Re: Drop UCE instead of forwarding off-site?
    ... for existing recipients and spam-tag it, then forward to local servers. ... "The local mail filter doesn't see it": Then your spam checking is in the ... MTA, and only then, if spam headers are set, quietly discard it? ... "For example, for local recipients, $rcpt_mailer ...
    (comp.mail.sendmail)
  • Re: Question On Spam and Exchange 2003.
    ... Why would a Spam filtering tool block a valid NDR message? ... disruptive (recipients need to inform all contacts.... ... The users receiving the messages are valid users in the Domain. ...
    (microsoft.public.exchange.admin)
  • Re: Is predictable spam filtering a vulnerability?
    ... spammers send mail to backup MX'es (often completely skipping even TRYING ... the same level of spam protection as the mail hosts they ... deliver a message for hundreds of recipients at your domain, ... data, excepting by human action. ...
    (Bugtraq)
  • Re: SMTP communication problem with the recipients email server
    ... Spam Filters such as Nemx Power Tools for Exchange 2000/2003 are able to ... Filtering is based upon RBL, ... The different recipients do they exist in the same domain as the one ...
    (microsoft.public.exchange.admin)