Jump to content


Photo

reliably reject spam instead of blocking?


  • Please log in to reply
No replies to this topic

#1 Paul Hirschmüller

Paul Hirschmüller
  • Members
  • 1 posts

Posted 01 February 2019 - 12:54 PM

Hi

 

I recently stumbled across a very unpleasant situation. Some of our incoming false positives are discarded: neither the sender nor the receiver get any NDRs delivered.

According to https://www.barracud...0160000000GTrg this seems to be  working as planned as only "the first 5 layers of defense" are actually performed inline during the mail transfer session, while the remaining "7 layers of defense" only occur after the barracuda has accepted the incoming mail (with 250 ok) and responding with a message id.

In my case the reason to block was within the message body (spam rule scoring) therefor the mail was simply discarded and only to be found in the message log inside barracuda.

 

In my understanding it is essential to do all spam/virus scans BEFORE accepting a mail for delivery. Only in that case backscatter can be completely avoided.

 

The way my barracudca is currently running is imho considered as unlawful in my legislation. I'm not only accepting an incoming mail in my area of responsibility I'm also confirming that to the mailserver in the senders area of responsibility (250 OK). After that the barracuda assumes it could be spam and doesn't do anything with the mail at all. At no point was the mail actually blocked (=not accepted for delivery) - it is only moved to the message log. 

 

 

now to my questions:

is it possible to defer or reject mail considered as spam during all "12 layers of defense"?

 

if not: is it possible to just tag instead of block those mails in the last "7 layers of defense"?

 

What would be a recommended setting for my situation (under no circumstances should incoming e-mails be allowed to disappear but it is not acceptable to cause backscatter just because the barracuda cannot perform basic spam checks during a SMTP session)

 

 

How to reproduce: simply send a mail with the spam pattern test string (gtube see https://spamassassin.apache.org/gtube/) from an external (gmail) address to a user behind a barracuda: mail doesn't pass and sender receives no NDR.

I tested the same with a sophos antispam system and it was rejected inline, during the mail transfer session, no NDR necessary – just as I would expect

 

Because of the current situation we missed quite a few orders from an important client and I need to find a permanent solution (maybe even with another vendor)

 

kind regards 

Paul