reject spam at SMTP time

[tomred]

Hi,

I have noticed that, although spassassin/spamass correctly marks spam, it isn't rejected.

Is is possible to configure smtpd to reject spam during the smtp/data session but before the email is accepted or is that feature reserved for the scalix anti-spam commercial product?

Thanx,
Dp

[schmoe90]

Most people flag spam (something like ***SPAM***) and let the users delete it (manually or through a rule). That way you don't lose ham, thinking it's spam

[tomred]

Of course you don't want to lose legitmate email. On my site I currently reject about 600 emails a day but set the threshold high to ensure against false-positives. This is all done during the smtp session, so your server resources are not wasted on spam and your users don't have to trawl through their junk folder. If you want to be really kind you can also teergrubee the sending host, that is keep the connection alive for 900 seconds, to make you less palitable to them

From my brief reading of the new scalix antispam commercial product they will offer

Real time detection blocks upwards of 97% of spam

Which sounds like commerical scalix are going to at least allow the admin to configure it so that you can reject at SMTP time.

But it sounds like your saying that's not possible without the commercial anti-spam add-on.
Thanx,
Dp.

[bikerider]

look into setting X-SPAM-FLAG and configuring the clients as well

[tomred]

Setting X flags and configuring clients all happens once you have accepted the email. I want to reject it before the SMTP session from the remote host is terminated. My goal is to not accept email from a remote host if it is considered spam.

Thanx,
Dp.

[bikerider]

I use a two tier system. one with a highly tuned postfix system
with multiple rbl's , multiple antivirus , and spamassassin
this in conjunction with a users list that this filtering server
can receive for really helps.

I then forward to the Scalix server which in turn has different av vendors
and spamaasassin with higher level of ocr and bigger file scan settings

and I still set X-flags after that...

read..learn..enjoy and do not expect a single tier to be able to handle all the problems

[tomred]

I was beginning to come to that conclusion.

I think I will maintain a primary MX with an MTA using SA and AV that forwards to scalix. I will not advertise the scalix server in DNS but allow access via port 25/80/433 to allow users access to SWA from outside the Local network but users will have to memorise the hostname. It doesn't provide for a fallback server but perhaps that can be a dealt with by another non-scalix server.

Thanx for the feed back,
Dp.

[bikerider]

my setup is port 25 to the 1st filter server only. Clients use 465 and 993 to the scalix only and the only the filter server talks on port 25 to scalix.

This has two advantages ..1st if anybody other then the filter server talks to port 25 on scalix it's a red flag
2nd using secured the mobile clients bypass a lot of port 25 locks from
other isp providers, and should we not all be on secure comms anyway?

hope this helps

[tomred]

Good point. I hadn't thought of restricting port 25. Nice and secure.
Thanx again,
Dp