From: Mark M. <Mar...@ij...> - 2005-03-31 20:53:45
|
Benoit, > But why the hell is an open source product having the same stupid problem? > Wouldn't it be possible to get Amavis also to either reject SPAM/Viruses > during the SMTP Handshake and thus not cause bounces or just silently drop > those messages? > It just does not make sense to notify the owners of fake sender addresses > that somebody abused that address to send email. As far as rejecting (vs. bouncing) is concerned, content filters fall into two main categories. In Postfix parlance these are pre-queue or post-queue filters. Sendmail milter and Postfix smtp proxy are examples of a pre-queue content filter setup which allows for the original SMTP session to REJECT the mail. Postfix 'content_filter' setup is a post-queue filter, which can no longer REJECT mail, because the original SMTP session is no longer around. It can only bounce or discard or deliver the mail. While the pre-queue content filtering has a definitive advantage in that it can reject mail, it also has serious performance/stability drawbacks when non-lightweight content filters are used in anything above a SOHO site, e.g. when spam scanning with SA is enabled, or when command-line virus scanners are used (vs. daemonized scanners, which are faster). The issues are explained in the Postfix documentation: README_FILES/CONTENT_INSPECTION_README, and also discussed in the http://www.ijs.si/software/amavisd/README.sendmail-dual In principle amavisd-new can be used as a pre-queue or a post-queue content filter, but in reality the pre-queue setup is strongly discouraged for the system stability reasons, except perhaps for small/home sites. That leaves us a choice or bouncing or discarding (or delivering) malware. It is clearly undesirable to bounce (i.e. generate a non-delivery notifications) on faked sender address, as commonly used by viruses or spam nowadays. To prevent undesired bounces, amavisd-new allows to DISCARD malware outright (possibly quarantining it), but also possesses two softer mechanisms to suppress DSN, even if bouncing is configured, which is a default. These mechanisms are: - bounce is suppressed if virus is know to fake the sender address. This is _always_ true by default since version amavisd-new-20030616-p8, which is more than a year old by now. In older versions, the list of virus names used to be adjusted to new threats, but this turned out to be too slow, and was abandoned; - bouncing spam is suppressed if spam scores above sa_dsn_cutoff_level, the recommended value (in the docs) is 10. This feature became available in the same version (March 9 2004), a year ago. So if you see a bounce from amavisd-new to a virus, this in almost all the cases means the site uses an ancient version of the software. As there is no self-destruct mechanism built into the package, there is nothing one can do about it, except to urge each site to upgrade. A bounce to a spam with versions amavisd-new-20030616-p8 and later indicates the spam score is within a score window above kill_level and below sa_dsn_cutoff_level. This window includes genuine mail which happened to be false positives, but unfortunately also some lower-level spam. Adjusting/narrowing the window is up to site administrator and recent spam trends, and is necessarily only a more or less good compromise between loosing genuine mail and genering some spam bounces. I'll consider lowering the sa_dsn_cutoff_level even further for the next release. Mark |