3

Currently I use postfix with spamass-milter and clamav-milter as before-queue milters, which both work very well. I reject hundreds of messages a day on my small personal mail server on the basis of a robust set of Spamassassin rules and Bayesian data.

smtpd_milters = unix:/spamass/spamass.sock, unix:/clamav/clamav.sock
milter_default_action = accept

Mar 20 12:00:00 hostname spamd[23017]: spamd: result: Y 14 - {LIST OF SPAMASSASSIN RULES APPLIED} scantime=1.0,size=15000,required_score=5.0, [...]
Mar 20 12:00:01 hostname postfix/cleanup[23375]: BA3D3ADB33F milter-reject: END-OF-MESSAGE from unknown[IP_ADDRESS]: 5.7.1 Blocked by SpamAssassin; from=<spam@spam.spam> [...]

My one complaint is that the SMTP reply in the second log line above reveals that I rejected the message because of Spamassassin/spamass-milter just before it terminates the SMTP session. In turn, clamav-milter blocks and replies in the SMTP session with the virus it thinks it detected.

What I want is silent replies with only the SMTP numeric status code. No reason to overinform spammers, and my understanding of RFC compliance is that only the numeric status code is required.

I have looked and looked for a tunable to customize these replies, both for milters and for postfix in general (for example, my postfix also before-queue rejects based on RBL info, etc.), but I can't seem to find the right knob, if there is one.

Does anyone know if this customization is possible, and if so, how to go about it?

datn
  • 158
  • 9

1 Answers1

1

This can be customized in the milter. spamass-milter version 0.4.0, the latest release from 2014 added two options to override the response for messages it rejects:

-C rejectcode

Mail that is rejected is rejected by default with a 5.7.1 code.
This option  allows that to be overridden.  See also, -R -S option.

-R rejecttext

Mail that is rejected is rejected with the message "Blocked by SpamAssassin".
This option allows the user to call with a different message, instead.   See
also, the -C option.

If you set both to values already used elsewhere for a different EOM-stage reject you might make the source of the decision less obvious. Some Linux distributions make the arguments to such options available in config files, check the relevant startup script (systemctl cat spamass-milter.service) to find the best place to edit these.

Keep in mind that a sender who really wants to investigate why his mail was rejected can still gather such information from other sources, such as MDN.

anx
  • 6,875
  • 4
  • 22
  • 45