Has anybody a suggestion or experience with any program being able to bounce spam mail before it arrives on server? we use SpamAssassin, this works very nice, but does the filtering only after the message is downloaded on server. with SoBig we have GB's of more daily traffic, I would like to bounce even before it is on the server as the ruleset for this one would be pretty easy.
An email comes in at least three separate parts: envelope, message headers and message body. The only checks you can make without receiving the message are on the envelope.
You can block some spam directly on the server, but only based on the connection and on the envelope, such as relay host, envelope sender and envelope recipient. If you want to filter on other criteria, you will need to download the mail to examine the content.
A good way is to use RBL lists to block mail from open relays or from unprotected formmail scripts. It removes quite a bit spam, but not much
You probably cannot block the current viruses without accepting the message body, since you need to look at the subject or other message headers.
If anyone is still interested in this topic, I've just amended the config file for sendmail on my RAQ4 to filter out all (well most) sobig viruses at source and discard them. This means that the users on the various sites don't have to download the emails to then delete them.
This saves bandwidth and annoyed users.
If it would help I can post the code changes and instructions. (I only know exactly for a RAQ4 using redhat but it's *nix so it should all be similiar)