On Fri, Nov 07, 2008 at 04:26:53PM -0500, Troy Settle wrote:
> I recently dropped service with Postini, in favor of attacking spam on
> my own. Over the last month, we've implemented the following:
>
> * Fake MX
> * Per-user Allow/Deny lists (bypasses DNSBL, Greylist, & SA)
> * DNSBL (based on >20 messages with a SA score >12)
> * 15 minute greylisting (based on the exim wiki article)
> * Limit hosts to 1 rcpt per connection
> * Clam-av with 3rd party signatures
> * SpamAssassin with SARE rules (reject >12, quarntine >2)
>
> Here are some numbers from yesterday:
>
> * No stats on fake MX yet (I just did this today)
> * 220k rcpts deferred via greylisting
> * 8k rcpts rejected by local DNSBL
> * 1.2k messages rejected by clamav
> * 6k messages rejected with SA score > 12
> * 18k messages delivered to spam quarantine
> * 14k messages delivered to inbox
>
> The delivery stats are slightly better than we had with Postini, but I
> think they can be better. What other tips & tricks are out there for
> public consumption?
Unrouteable address 2020
Fake Yahoo 37967
Fake hotmail 84105
Fake MSN 8
Fake AOL 872
host is listed in zen.spamhaus.org 32268
Blacklisted URL in message 1397
Sender verify fail 298
Spamassassin reject 545
Spamassassin warn 20521
deny message = Faked hotmail, so you must be spam.
log_message = Fake hotmail
senders = *@hotmail.com
condition = ${if match {$sender_host_name} \
{\Nhotmail.com$\N}{no}{yes}}
Think I got the above from the exim wiki, its been very effective for
me.
--
Pete
