Re: [exim] Ocassional spam forwarding

Top Page
This message is part of the following thread:
M---\the complete thread tree sorted by date
M--\MIan Eiloart at <-
M+\MMLena at ->
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Ian Eiloart
CC: exim-users, Mikhail Lischuk
Subject: Re: [exim] Ocassional spam forwarding
On Thu, Feb 3, 2011 at 3:46 AM, Ian Eiloart <iane@???> wrote:
> --On 2 February 2011 23:41:56 +0200 Mikhail Lischuk <mlischuk@???>
> wrote:
>> Sometimes spam message gets through the SpamAssassin filters, and
>> gets delivered to user who has forwarding to external mailbox set up.
>> I wonder if there are some "best
>> practices" about how to deal with that. Or maybe I am the only one who
>> has such problem? Or maybe this is normal situation, and nothing to
>> worry about?

Quite frankly, forwarders are the bane of my existence. Our users can
have both local mailboxes and forwarders configured according to their
preference. On a typical day, roughly 60K messages will get delivered
to local mailboxes and 10-15K messages will get forwarded (to gmail,
aol, etc). We reject roughly 300-400K based solely on the IP using
RBL's (Spamhaus and an internal RBL). We greylist anything which has
no reverse DNS (it doesn't have to match, just has to exist), or if it
has reverse dns that looks like dynamic ip space. We have a greet
pause configured, where if the sending server sends anything before
the welcome banner, they get rejected outright. Finally, we have some
custom local rules for SpamAssassin to catch some gross offenders.
Spamhaus is the number 1 defender against inbound spam. Second is the
greet pause, in my case.

Another thing is that big mail providers keep track of how many email
attempts are made to non-existent email addresses. If your mail
server is forwarding email to non-existent email addresses, and
repeatedly to the same ones, you'll find that they are much quicker to
block you. This is the most difficult of the situations because you
obviously would reject it if you knew the email address didn't exist,
but you can't know that (assuming it passes the spam scan) until you
actually try to deliver it to the forward-to email address.

> One thing that you can do is subscribe to feedback loops, for example AOL's
> at <http://postmaster.aol.com/Postmaster.FeedbackLoop.php> If you conform
> to their requirements, then you'll get feedback on what people are marking
> as spam, and they'll be more forgiving of your mail stream.

This is true, but Mikhail they do expect you to take action upon it
when you see the types of emails that are getting past. Custom local
spamassassin rules typically are the best route, or if you find
specific senders that are spewing trash at you, blacklist them.

--
Regards...      Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm.  -- Marcus Aurealius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Fwd: Re: Mails are going to Spam[exim] Fwd: Fwd: Re: Mails are going to Spam->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)