[Mimedefang] SA-score multi-recipient mail before breaking up?
David F. Skoll
dfs at roaringpenguin.com
Tue Mar 27 18:24:21 EST 2007
Jim O'Leary wrote:
> We've been using mimedefang/spamassassin for a couple of years now with
> mostly good results. The one problem we do run into is on the break-up
> and re-submission of multi-recipient emails to the submit queue, where
> clientmqueue backlogs become unwieldy when the machines are too busy to
> accept on port 25.
:-) Funny, we've been looking at this problem with our CanIt product also.
> We have an idea we hope can reduce the load significantly. We'd like to
> perform a spamassassin scan on multi-recipient messages *before*
> breaking them up. If the score exceeds a certain threshold we want to
> reject it right up front - regardless of any individual user
> preferences, including whitelists. Plus, if we do keep decide to keep
> it, a "basic" score might be inserted into the headers and we might use
> that to bypass or cut short the individual SA scans further down the
There are two basic approaches: A magical header to communicate SA
scores -- you just make sure to (a) delete the magical header before
delivering mail, (b) delete the magical header on any mail originating
from other than 127.0.0.1, and (c) *never* to trust the magical header
unless the relay address is 127.0.0.1.
The second approach is to hash the message and store information
about it, either in a database or on the file system. This is
a bit more secure, and lets you conveniently store more information
about a message than a magical header could. You have to be careful
that your hash function recognizes a re-mailed message as the original.
Also, instead of remailing for all recipients, you might want to divide
the recipients into equivalence-classes, where all recipients in a given
class use the same set of rules. (CanIt-PRO does this.) That can reduce
or even eliminate the need to stream messages.
More information about the MIMEDefang