[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 6 Feb 2013, Simon Avery wrote:
I've spent *way* too much time crafting very convoluted rulesets with spamassassin (exim4 + clamav + SA to reject at SMTP). Must be up to hundreds of hours over the years, both paid and unpaid.
I used to do that - then gave up.Now I have a relatively simple setup that seems remarkably effective - for me. For my customers I have something simlar, but turned down a notch.
Up-front is NoListing.Next is a small set of hard-coded filters. Deliberately small. This is where I can chose to reject messages based on sender or IP address. I only update this when someone really annoys me.
Next is an RBL check. Sadly I feel that total blocking based on the various RBL lists out there is not a good thing to do these days, so if an incoming connection fails the RBLs I check against, then it's plan B.
Plan B is Greylisting.I used to use greylisting for everything, but it causes unnecessary delays and often simply doesn't work for some senders without trying to maintain a large whitelist.
If the messages pass that, then I feed it through spamassassin (via mimedefang called from sendmail) SA is updated nightly - that's the real arm race ... I know that if I get spam one day, it's highly unlikely I'll get the same type in a day or 3's time, once someone has updated the SA rules.
Mimedefang just flags the message as 'spammy' at that point, then it's up to my MUA to filter the message into the spam folder. I don't use my MUA's own filters, but I use procmail. This also filters messages from mailing lists, etc. into their own folder rather than cluttering up my inbox.
And that's been very effective for a number of years now. I do not think I've lost a valid email to the RBL+Greylisting part of it at all. Very occasionally something does end up in my spam folder though - usually because people try to be too clever with html, colours, etc. in their works of phart.
I offer this to my customers but without the hard-coded filters. Incredibly, some of my customers actually want email from some of the people who break all my own rules of sense and sensibility. Their loss.
Checking todays greylisting stats - looks like it's rejected nearly 4000 sending sites this week for my own email. My clients is about 3x that.
Todays spam folder only contains about 10 items and I've manually deleted 2 or 3 today that got through.
Spam is manageable, but it needn't be a chore. Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq