Re: [exim] increase in spam exponentially

Top Page
Delete this message
Reply to this message
Author: Bill Hacker
Date:  
To: exim users
Subject: Re: [exim] increase in spam exponentially
Jim Pazarena wrote:

> I have experienced an incredible increase in volume of spam these days.
> My spam filter and RBL blocks at least 25,000 daily (quite a bit in a dinky
> little 600 customer client base), it seems just as much sneaks thru.
>
> Can anyone recommend a fairly aggressive RBL which doesn't suffer from
> too many false positives?
>
> Thanks
>
> Jim
>


A look at what RBL's current updates of SpamAssassin are using AND the relative
point-value / weight they assign to hits from each should have as good a chance
of any of reflecting the current experience of a large community.

We then run these, NOT in SA, but earlier in Exim:

Most effective on a server with 12+ month history, fairly 'global' balance of
traffic AND spam/mal-traffic:

xbl.spamhaus.org / sbl-xbl.spamhaus.org (recent change)

dul.dnsbl.sorbs.net (used for dynamic-IP checking)

CAVEAT: That box stops checking on first hit, so *results ARE skewed!*.

A devel/test server instrumented to run multiple checks, NOT stop on first hit,
shows:

list.dsbl.org

..with more hits, BUT nearly always matched by sbl-xbl.spamhaus.org.

CAVEAT: The second set of results reflect less than a full month of
instrumentation, and are to-date *heavily* skewed towards spam/mal-traffic
between/among Asian and Middle-Eastern countries, Korea, Taiwan, the Gulf
States, and PRC in that order.

NB: Something fairly new (as we archive and analyze the messages) - we caught
two networks in Taiwan beating the Royal Aitch out of *each other* with useless
traffic. Some of it appeared to be to 'honeypots'.

The rise in traffic may reflect splash from that sort of 'apparently successful'
activity being repeated with vigor.

:-(

Bill