Re: Drop UCE instead of forwarding off-site?

D. Stussy <spam@xxxxxxxxxxxxxxxx> wrote:

"Hauke Fath" <dont.spam.usenet@xxxxxxxxxxxxxx> wrote in message
news:1izrt3t.miykeusfo4c3N%dont.spam.usenet@xxxxxxxxxxxxxxxxx
I have two mail servers here in the institute. The University blocks
port 25 both ways; they run incoming mail through an address whitelist
for existing recipients and spam-tag it, then forward to local servers.
On-campus machines have to send via the outgoing mail relay, where they
recently started to filter and reject UCE, to avoid getting blacklisted.

Now, we have quite a few aliases entries which forward mail off-site:
Alumni, external staff which is associated with the local groups but
works elsewhere, students. Some of these aliases get a lot of spam -
it's properly tagged, but since it gets forwarded, the local mailfilter
doesn't see it. My machines try to forward it, the outgoing mail relay
rejects it, and it ends up in my postmaster box: We are talking about
~1000 mails/d.

"The local mail filter doesn't see it": Then your spam checking is in the
wrong place.

I don't literally check for spam. The perimeter mailin gateway filters
viruses and tags mails for their spam value; my server's LDA
(mailfilter) files positively tagged mail away to separate mailboxes for
all users to treat them as they please. Since mail forwarded off-site
via aliases entry does not see the LDA it slips through the cracks.

My question: How can I detect that a mail is to be forwarded to another
MTA, and only then, if spam headers are set, quietly discard it?

Check it with a milter at the recipient hook for a mailer other than
local - macro ${rcpt_mailer}.

From milter MIMEDefang: "For example, for local recipients, $rcpt_mailer
is likely to be 'local', while for remote recipients, it is likely to be
'esmtp'."

Thanks; that'll help me.

[...]

Also note that there is a potential race condition regarding spam
classification that uses external databases (DNSBLs, checksums, etc.). No
matter how good your front end MTA is, there's always a chance that a given
message's spam status changes after the front end has accepted it and
before the back end forwarded target MTA receives it.

Good point, but since I am running neither of the perimeter servers,
that's somebody else's tough nut to crack. ;)

hauke

--
Now without signature.
.

Relevant Pages

  • Re: Question On Spam and Exchange 2003.
    ... Why would a Spam filtering tool block a valid NDR message? ... disruptive (recipients need to inform all contacts.... ... The users receiving the messages are valid users in the Domain. ...
    (microsoft.public.exchange.admin)
  • Re: Drop UCE instead of forwarding off-site?
    ... for existing recipients and spam-tag it, ... On-campus machines have to send via the outgoing mail relay, ... "The local mail filter doesn't see it": Then your spam checking is in the ... MTA, and only then, if spam headers are set, quietly discard it? ...
    (comp.mail.sendmail)
  • Re: Is predictable spam filtering a vulnerability?
    ... spammers send mail to backup MX'es (often completely skipping even TRYING ... the same level of spam protection as the mail hosts they ... deliver a message for hundreds of recipients at your domain, ... data, excepting by human action. ...
    (Bugtraq)
  • Re: SMTP communication problem with the recipients email server
    ... Spam Filters such as Nemx Power Tools for Exchange 2000/2003 are able to ... Filtering is based upon RBL, ... The different recipients do they exist in the same domain as the one ...
    (microsoft.public.exchange.admin)
  • Re: how to get recipient of email
    ... envelop-to tag to the headers of the email. ... Some email files dont have a TO ... Can anyone tell me how to get all recipients in a eml ... The envelope seen by each MTA will only contain the ...
    (comp.lang.perl.misc)