Re: [exim] anti-spam... what's next?

Top Page
Delete this message
Reply to this message
Author: Pete McEvoy
Date:  
To: Troy Settle
CC: exim-users
Subject: Re: [exim] anti-spam... what's next?
On Fri, Nov 07, 2008 at 04:26:53PM -0500, Troy Settle wrote:
> I recently dropped service with Postini, in favor of attacking spam on
> my own. Over the last month, we've implemented the following:
>
>     * Fake MX
>     * Per-user Allow/Deny lists (bypasses DNSBL, Greylist, & SA)
>     * DNSBL (based on >20 messages with a SA score >12)
>     * 15 minute greylisting (based on the exim wiki article)
>     * Limit hosts to 1 rcpt per connection
>     * Clam-av with 3rd party signatures
>     * SpamAssassin with SARE rules (reject >12, quarntine >2)

>
> Here are some numbers from yesterday:
>
>     * No stats on fake MX yet (I just did this today)
>     * 220k rcpts deferred via greylisting
>     * 8k rcpts rejected by local DNSBL
>     * 1.2k messages rejected by clamav
>     * 6k messages rejected with SA score > 12
>     * 18k messages delivered to spam quarantine
>     * 14k messages delivered to inbox

>
> The delivery stats are slightly better than we had with Postini, but I
> think they can be better. What other tips & tricks are out there for
> public consumption?


Unrouteable address            2020
Fake Yahoo                37967
Fake hotmail                84105
Fake MSN                8
Fake AOL                872
host is listed in zen.spamhaus.org    32268
Blacklisted URL in message        1397
Sender verify fail            298
Spamassassin reject            545
Spamassassin warn            20521



deny message = Faked hotmail, so you must be spam.
           log_message = Fake hotmail
           senders = *@hotmail.com
           condition = ${if match {$sender_host_name} \
            {\Nhotmail.com$\N}{no}{yes}}


Think I got the above from the exim wiki, its been very effective for
me.

--
Pete