At 12:11 PM 10/14/2003 -0400, you wrote: > >> and then let SPAMASSAIN block. This way the > >>customers would SEE some of the blocked mail. > > >How will the customers see the mail if SA blocks it? Tag some of it and > >let it through? perhaps pass some farm porn to one of the people who > >complains about spam leaks? > >That's the plan. > > > >> >To block increments of spam that leak past IMGate, I find it useful to put >in filters that are more aggressive than your would-be-blocked legit > >> > >That's part of the NEW plan.
well, EVERYBODY right now, should be running the all the "aggressive" filters in warn_if_reject mode to: 1. see what is getting through per day, and identify 1) spammers not being blocked so you can add them manually and 2) legit servers who would be blocked (so whitelist them now) 2. build up an archive of maillog.*.gz files with reject_warning's that you can harvest later when you do get ready to move to from warn to reject mode. The pflogsumm report put the reject_warnings in a separate section, but it only shows you one of the 4tuple fields. the 4tuple reports are much better, simply because they have more info, for black/white decisions. Len
