On Thu, Feb 3, 2011 at 3:46 AM, Ian Eiloart <[email protected]> wrote: > --On 2 February 2011 23:41:56 +0200 Mikhail Lischuk <[email protected]> > wrote: >> Sometimes spam message gets through the SpamAssassin filters, and >> gets delivered to user who has forwarding to external mailbox set up. >> I wonder if there are some "best >> practices" about how to deal with that. Or maybe I am the only one who >> has such problem? Or maybe this is normal situation, and nothing to >> worry about?
Quite frankly, forwarders are the bane of my existence. Our users can have both local mailboxes and forwarders configured according to their preference. On a typical day, roughly 60K messages will get delivered to local mailboxes and 10-15K messages will get forwarded (to gmail, aol, etc). We reject roughly 300-400K based solely on the IP using RBL's (Spamhaus and an internal RBL). We greylist anything which has no reverse DNS (it doesn't have to match, just has to exist), or if it has reverse dns that looks like dynamic ip space. We have a greet pause configured, where if the sending server sends anything before the welcome banner, they get rejected outright. Finally, we have some custom local rules for SpamAssassin to catch some gross offenders. Spamhaus is the number 1 defender against inbound spam. Second is the greet pause, in my case. Another thing is that big mail providers keep track of how many email attempts are made to non-existent email addresses. If your mail server is forwarding email to non-existent email addresses, and repeatedly to the same ones, you'll find that they are much quicker to block you. This is the most difficult of the situations because you obviously would reject it if you knew the email address didn't exist, but you can't know that (assuming it passes the spam scan) until you actually try to deliver it to the forward-to email address. > One thing that you can do is subscribe to feedback loops, for example AOL's > at <http://postmaster.aol.com/Postmaster.FeedbackLoop.php> If you conform > to their requirements, then you'll get feedback on what people are marking > as spam, and they'll be more forgiving of your mail stream. This is true, but Mikhail they do expect you to take action upon it when you see the types of emails that are getting past. Custom local spamassassin rules typically are the best route, or if you find specific senders that are spewing trash at you, blacklist them. -- Regards... Todd I seek the truth...it is only persistence in self-delusion and ignorance that does harm. -- Marcus Aurealius -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
