Author: Bill Hacker Date: To: exim users Subject: Re: [exim] increase in spam exponentially
Jim Pazarena wrote:
> I have experienced an incredible increase in volume of spam these days.
> My spam filter and RBL blocks at least 25,000 daily (quite a bit in a dinky
> little 600 customer client base), it seems just as much sneaks thru.
>
> Can anyone recommend a fairly aggressive RBL which doesn't suffer from
> too many false positives?
>
> Thanks
>
> Jim
>
A look at what RBL's current updates of SpamAssassin are using AND the relative
point-value / weight they assign to hits from each should have as good a chance
of any of reflecting the current experience of a large community.
We then run these, NOT in SA, but earlier in Exim:
Most effective on a server with 12+ month history, fairly 'global' balance of
traffic AND spam/mal-traffic:
dul.dnsbl.sorbs.net (used for dynamic-IP checking)
CAVEAT: That box stops checking on first hit, so *results ARE skewed!*.
A devel/test server instrumented to run multiple checks, NOT stop on first hit,
shows:
list.dsbl.org
..with more hits, BUT nearly always matched by sbl-xbl.spamhaus.org.
CAVEAT: The second set of results reflect less than a full month of
instrumentation, and are to-date *heavily* skewed towards spam/mal-traffic
between/among Asian and Middle-Eastern countries, Korea, Taiwan, the Gulf
States, and PRC in that order.
NB: Something fairly new (as we archive and analyze the messages) - we caught
two networks in Taiwan beating the Royal Aitch out of *each other* with useless
traffic. Some of it appeared to be to 'honeypots'.
The rise in traffic may reflect splash from that sort of 'apparently successful'
activity being repeated with vigor.