[Mimedefang] SA-score multi-recipient mail before breaking up?

David F. Skoll dfs at roaringpenguin.com
Tue Mar 27 18:24:21 EST 2007


Jim O'Leary wrote:

> We've been using mimedefang/spamassassin for a couple of years now with
> mostly good results.  The one problem we do run into is on the break-up
> and re-submission of multi-recipient emails to the submit queue, where
> clientmqueue backlogs become unwieldy when the machines are too busy to
> accept on port 25.

:-) Funny, we've been looking at this problem with our CanIt product also.

> We have an idea we hope can reduce the load significantly.  We'd like to
> perform a spamassassin scan on multi-recipient messages *before*
> breaking them up.  If the score exceeds a certain threshold we want to
> reject it right up front - regardless of any individual user
> preferences, including whitelists.  Plus, if we do keep decide to keep
> it, a "basic" score might be inserted into the headers and we might use
> that to bypass or cut short the individual SA scans further down the
> pipeline.

There are two basic approaches:  A magical header to communicate SA
scores -- you just make sure to (a) delete the magical header before
delivering mail, (b) delete the magical header on any mail originating
from other than 127.0.0.1, and (c) *never* to trust the magical header
unless the relay address is 127.0.0.1.

The second approach is to hash the message and store information
about it, either in a database or on the file system.  This is
a bit more secure, and lets you conveniently store more information
about a message than a magical header could.  You have to be careful
that your hash function recognizes a re-mailed message as the original.

Also, instead of remailing for all recipients, you might want to divide
the recipients into equivalence-classes, where all recipients in a given
class use the same set of rules.  (CanIt-PRO does this.)  That can reduce
or even eliminate the need to stream messages.

Regards,

David.


More information about the MIMEDefang mailing list