Mailing List Archive: NANOG: users

Re: Spam filtering bcps

Index | Next | Previous | View Threaded

Bryan.Bradsby at capnet

Apr 12, 2006, 12:28 PM

Post #1 of 5 (847 views)
Permalink

Re: Spam filtering bcps

> Silently deleting other people's e-mail should never even be considered.

Unless that email is a virus, or a spam with a forged envelope sender.

-bryan bradsby

Valdis.Kletnieks at vt

Apr 12, 2006, 12:35 PM

Post #2 of 5 (793 views)
Permalink

Re: Spam filtering bcps [In reply to]

On Wed, 12 Apr 2006 14:28:59 CDT, Bryan Bradsby said:
>
> > Silently deleting other people's e-mail should never even be considered.
>
> Unless that email is a virus, or a spam with a forged envelope sender.

No, in that case you 550 the sucker.

black at csulb

Apr 12, 2006, 1:44 PM

Post #3 of 5 (769 views)
Permalink

Re: Spam filtering bcps [In reply to]

On Wed, 12 Apr 2006 14:28:59 -0500 (CDT)
Bryan Bradsby <Bryan.Bradsby [at] capnet> wrote:
>
>> Silently deleting other people's e-mail should never even be considered.
>
> Unless that email is a virus, or a spam with a forged envelope sender.
>
> -bryan bradsby

Aha, so there are situtations where this is acceptable?
What about deleting viral attachments or altering subject
lines...is that permissible? The sweeping generalizations
I've read leave little room for responding to real-world
situations.

matthew black
california state university, long beach

matthew at sorbs

Apr 12, 2006, 4:56 PM

Post #4 of 5 (775 views)
Permalink

Re: Spam filtering bcps [In reply to]

Bryan Bradsby wrote:

>>Silently deleting other people's e-mail should never even be considered.
>>
>>
>
>Unless that email is a virus, or a spam with a forged envelope sender.
>
>
Why? - You can scan for viruses inline using a variety of products (eg:
I have patched Postfix to use clamav inline on modest hardware (single
CPU AMD64 will do it, so will a Dual PIII 866) and it will accept
messages at 50 messages per second (sustained load) and scan for viruses
before responding to the end-of-data command, rejecting if a virus is
detected.).

Spam is a different subject altogether - are you that sure you can
detect spam without a false positive? If so then why aren't you doing
it inline? If you can't why are you blindly deleting the messages? - My
BCP comment is if you can't detect inline (eg for performance reasons)
tag it and deliver it (if you have the capabilities, deliver it to a
junk folder) - that way you are following the RFC's and no non spam mail
is deleted by the system.

Regards,

Mat

andy at strugglers

Apr 13, 2006, 10:38 AM

Post #5 of 5 (784 views)
Permalink

Re: Spam filtering bcps [In reply to]

On Wed, Apr 12, 2006 at 03:35:51PM -0400, Valdis.Kletnieks [at] vt wrote:
> On Wed, 12 Apr 2006 14:28:59 CDT, Bryan Bradsby said:
> >
> > > Silently deleting other people's e-mail should never even be considered.
> >
> > Unless that email is a virus, or a spam with a forged envelope sender.
>
> No, in that case you 550 the sucker.

Unfortunately there is plenty of mailing list manager software that
will disable your subscription if your mail is rejected enough
times. Mailman being a good example. I have been unsubbed from
mailman lists that have allowed viruses through, even with the
default mailman settings for boucne processing.

In a perfect world, no mailing lists distribute spam, viruses and
malware.

At the moment therefore while practicing reject after DATA I do find
it necessary to mark as spam and accept if it has Precedence: bulk
(or list or whatever), because otherwise my users complain and
"don't subscribe to poorly-managed lists then" is not an acceptable
answer for them.

Regards,
Andy

Attachments:

signature.asc (0.18 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads