On 05/22/2013 12:59 PM, Michael Torrie wrote: > On 05/21/2013 11:32 PM, Gabriel Gunderson wrote: >> It's been a while I've admin-ed an SMTP server. I'm wondering what the >> state of the art is in SPAM filtering. Back in the day, it was all >> about Spam Assassin. >> >> Any tips to get me looking in the right direction? BTW, I'm willing >> to do this one right, it could potentially become a pretty big >> installation. Also, using a hosted offering is not in the cards. > I haven't managed an SMTP server in a couple of years now at BYU I used > a combination of connection greylisting, dspam, and spamassassin. Still > found that it was a losing battle. Of everything I did, greylisting > seemed to have the most immediate effect and the most long-term effect. > Though crafting an SMTP server whitelist to prevent unnecessary delays > in legitimate mail took time. > > Dspam only worked if the users were willing to spent time to train it. > > I never could approach the level of Google's Gmail spam filter. > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > I'm in process of refreshing my mail servers from the metal up as we speak. SpamAssassin is still king in my estimation. I started using the full spamhaus xen list in postfix to block spam at connect time, and that made a huge difference in my server load, and my average message process time went from 23 seconds down to 14 seconds.
I've done most all my training using just my own messages, a semi-recycled honeypot that's been around forever (and consequently on every spammer's list), and a pristine honeypot. Spam that is close to my user's normal email occasionally gets through (mainly annoying consultant's webinar invites). Ever since using the spamhaus list though, I don't get enough spam to my honeypots to keep the training data current. I'm thinking of exempting the honeypots from that check as a remedy. In the last month, I've had a couple hundred snowshoe spams from the .pw domains. After the user finally told me about it, I retrained and most are now getting caught. Grazie, ;-Daniel Fussell /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
