1998-08-11-08:46:17 John D. Hardin:
I would say the overriding concern in implementing sitewide mail filtering
is to *be conservative*.
Don't ever send anything quietly to /dev/null.
That's one reasonable stance. Another one --- which can be appropriate in some
circumstances --- is to toss some categories of spam early and hard; e.g.
people who participate in the RBL at the router level, or via DNS lookup at
the smtp daemon startup.
Certainly if you're going to be electing to toss email, rather than tag it and
pass it on, then your users should know.
If you have plenty of all the resources needed to process all the spam that's
splattered your way, then it's certainly nice to simply mark it in the MTA,
and let users decide how and whether to filter. But sometimes one or more of
those resources isn't available; you might not have the upstream bandwidth, or
perhaps not enough CPU or memory for the MTA, or maybe even not enough spool;
if it comes to a choice between upgrading your hardware or connectivity to be
able to keep all the junkmail, or tossing it, perhaps tossing it is in order.
-Bennett