Author: Odhiambo Washington Date: To: Graeme Fowler CC: Exim-users Subject: Re: [exim] How to block using exim re:[doctor@nk.ca: Your account
has been hacked! You need to unlock.]
On Sun, 27 Jan 2019 at 22:58, Graeme Fowler via Exim-users <
exim-users@???> wrote:
> On 27 Jan 2019, at 17:30, Cyborg via Exim-users <exim-users@???>
> wrote:
> > I guess, you are not using spamhaus or a similar dns ip blocking service,
> > as the sheer amount of "got hacked" fraud messages is insane itselft.
>
> You guess incorrectly.
>
> Part of my day job is running the email infrastructure for a fairly large
> UK university. Today’s rejection stats for our staff email domain run at
> approx:
>
> * 50% rejected at connect time, whether for DNSBL lookups or other
> reputation services including our own in-house one
> * 20% invalid/rubbish/known bad EHLO/HELO
> * 15% rejected for invalid recipients or unverifiable senders
> * 15% for content-based problems - SpamAssassin, rspamd, malware, other
> lookups
>
Are you using spamassassin+rspamd together in the same server? How? Or you
run your mails through several servers?
>
> That’s a fairly quiet day. On weekdays we can reject over 90% of all the
> connections or messages that hit us, into the top hundreds of thousands or
> low millions per day.
>
> We’re of such a scale that we can’t use free DNSBL services, in the main.
> Encouraging people to use the free services is all very well but at scale
> they’ll end up being banned from them (or worst case getting a positive
> response for every lookup in order to discourage them).
>
> As an aside, the SaneSecurity signatures include an awful lot more than
> just malware but should be used with care as some of the sig files are
> documented as having a high FP rate.
>
I am following this advise for sure. Already looking into it.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
