On Wed, 2005-03-16 at 04:17, Henk van Lingen wrote: > > > > I silently drop known viruses since virtually all of them for the last > > few years have forged the sending address, > > Great, I do the same. (However, some may think this is 'hiding the > problem' :-)). BTW: if you just drop, why do you care about before > or after smtp-time? I used to reject them with 5xx SMTP errors which would normally cause them to be dropped anyway when sent directly by a virus-infected box. However, now some send through relays and those would be obligated by the rejection to construct and return a bounce message. I'm in favor of hiding problems - especially from people who can't solve them... For spam, though, I want the option of a 5xx reject after the scan. You really don't want to have to construct your own bounces and let them clog the outbound queue for those. Also, temp-failing messages with a 4xx response at a certain spam-score threshold from previously unknown senders on the first attempt is probably the best defense against spam right now. I just haven't had time to set it up to do that yet. The http://www.mimedefang.org/ site and mailing list cover a lot of the load issues and the scale that some places are handling with it. -- Les Mikesell les@xxxxxxxxxxxxxxxx