I have up to last week tried to avoid using dnslists and I could to some
extent manage using just spamassassin on our three mail servers. On one
I have the fuzzyocr-plugin to see how it handles the image-spam. I did
not install it on the other two because I still have issues like this in
exim's paniclog:
spam acl condition: cannot parse spamd output
This happens about 3 to 4 times per hour.
Last week on Friday I started to use dnslists:
deny message = rejected because $sender_host_address \
is in a black list at $dnslist_domain\n\
$dnslist_text
dnslists = sbl-xbl.spamhaus.org : relays.ordb.org : dnsbl.njabl.org
in acl_check_rcpt just after "accept hosts = :"
This made a dramatic difference. Messages marked as spam by SA dropped
from about 140000 per day to about 46000. The message count in the
queues are lower than before with less frozen messages in it.
I have also lowered the effect of the bayesian filter. Because of spam
poisoning those filters I had a surge of false positives in the past 10
days.
I have not implemented greylisting so far. Maybe it is time to do so. I
am not quite convinced that it is an unmixed blessing. Can somebody
convince me?
Regards
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"Do all things without murmurings and disputings;
That ye may be blameless and harmless, the sons of
God, without rebuke, in the midst of a crooked and
perverse nation, among whom ye shine as lights in the
world." Philippians 2:14,15
