On Sun, 27 Jan 2019 at 22:58, Graeme Fowler via Exim-users < [email protected]> wrote:
> On 27 Jan 2019, at 17:30, Cyborg via Exim-users <[email protected]> > wrote: > > I guess, you are not using spamhaus or a similar dns ip blocking service, > > as the sheer amount of "got hacked" fraud messages is insane itselft. > > You guess incorrectly. > > Part of my day job is running the email infrastructure for a fairly large > UK university. Today’s rejection stats for our staff email domain run at > approx: > > * 50% rejected at connect time, whether for DNSBL lookups or other > reputation services including our own in-house one > * 20% invalid/rubbish/known bad EHLO/HELO > * 15% rejected for invalid recipients or unverifiable senders > * 15% for content-based problems - SpamAssassin, rspamd, malware, other > lookups > Are you using spamassassin+rspamd together in the same server? How? Or you run your mails through several servers? > > That’s a fairly quiet day. On weekdays we can reject over 90% of all the > connections or messages that hit us, into the top hundreds of thousands or > low millions per day. > > We’re of such a scale that we can’t use free DNSBL services, in the main. > Encouraging people to use the free services is all very well but at scale > they’ll end up being banned from them (or worst case getting a positive > response for every lookup in order to discourage them). > > As an aside, the SaneSecurity signatures include an awful lot more than > just malware but should be used with care as some of the sig files are > documented as having a high FP rate. > I am following this advise for sure. Already looking into it. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
