On 4 May 2013 05:15, "Patrick Joy" <pa...@paddyjoy.com> wrote:
>
> Hi everyone,
>
> I have just configured amavis-new (2.5.3) and spamassassin (3.2.5) and integrated with postfix (2.5.1). I have linked amavis to mysql also.
>
> Everything seems to working fine, spam headers are being added and some mail is going the the quarantine however I would appreciate it anyone could answer the following questions about the behaviour of the quarantine.
>
> I have the following settings:
>
> $sa_spam_subject_tag = '***SPAM*** ';
> $sa_tag_level_deflt = -9999; # add spam info headers if at, or above that level
> $sa_tag2_level_deflt = 8; # add 'spam detected' headers at that level
Email will have ***SPAM*** added to the subject..
> $sa_kill_level_deflt = 10; # triggers spam evasive actions
Email will quarantine..
> $sa_dsn_cutoff_level = 15; # spam level beyond which a DSN is not sent
Email will be discarded. Sender will not be notified. See $final_spam_destiny = D_DISCARD;
On 4 May 2013 11:31, "Patrick Joy" <pa...@paddyjoy.com> wrote:
>
> Thanks Simon,
>
> So if I don't want anything to be discarded I should increase $sa_dsn_cutoff_level to something large like 9999?
Thanks I'll experiment with both.Please don't top post..
Yes, or I believe just comment the line out.
That's good to know! The main reason I want to keep them all is because customers can be funny sometimes, one missing email (legitimate or not) and they will be up in arms.For what it's worth I've never seen a legitimate mail with a spamassassin score over 15. I can't imagine why you'd want to not discard them.
Simon
For what it's worth I've never seen a legitimate mail with a spamassassin score over 15. I can't imagine why you'd want to not discard them.
Simon
On 4 May 2013 12:02, "Patrick Joy" <pa...@paddyjoy.com> wrote:
>
>
> On 04/05/13 19:44, Simon Brereton wrote:
>>
> Thanks I'll experiment with both.
>
>> For what it's worth I've never seen a legitimate mail with a spamassassin score over 15. I can't imagine why you'd want to not discard them.
>
> That's good to know! The main reason I want to keep them all is because customers can be funny sometimes, one missing email (legitimate or not) and they will be up in arms.
But it's your responsibility as a service provider (which if you have customers is what you are) to also protect them. And us. And you.
Assume I'm wrong and only most email 15 and over is spam... the ones you're quarantining for them to look at contain phishing links and viruses/Trojans, whether by payload or link. Now if your customer is not educated to appreciate that smtp is an unreliable communications protocol, they are probably also likely to click on Trojan installers and respond to phishing attacks.
Now their network is compromised, or your machine is spewing spam and in a blacklist. Now all your other customers are mad and you have much bigger problems than a missing email (which might have gone missing for any number of reasons out of your control).
In short, yes, you have to, as a service provider, provide reliability. But as with any it service you have to balance the wants of a few against the security of many.
It's of course your machine, your customer and most important of all, your policy. I'm not mandating what you should or should not do, but have a think about it and the implications and look at the risk/reward.
Good luck!
Simon
John