Steve, If there is one particular spammer that you want to stop at the MTA (to stop wasting bandwidth), I assume that there must be a pattern that you can find and use this to block the spam.
Postfix 2.1 also has a new feature for low volume MTAs: the Postfix before-queue content filter.
It accepts the DATA, asks spamassassin its opinion, and send a 5xx code to refuse it in case it is spam.
It means that your bandwidth is wasted, but the spammer got a rejection
instead of an accept+possible-wasted-message-because-there-might-be-a-spam-filter.
There is a fair chance that the spammer removes your address from his database
when you consistently reject messages, and then in the long end your bandwidth is saved.
-Marc
Steve Prior wrote:
Lately I've been noticing that while the amount of spam that gets
through SpamAssasin hasn't been too much, the number of entries in my
spam folder has doubled or tripled in recent weeks. One spammer I'd
especially like to make cry is Casino Zeal which keeps spamming and
spamming, almost never gets through to my Inbox, but wastes my bandwidth.
I have and like having a wildcard address for my domain, but recently
I'm seeing spam sent to one made up address at my domain cc'ed to a list
of made up addresses at my domain, so I see lots of copies of the same spam!
I was thinking of a combination of SpamAssassin and greylisting where once SpamAssassin processed an email and flagged it as spam, the IP address of the received from as well as the subject of the email would be added to a list. The list would be aged somehow.
Here's my idea for processing: When delivery of any new email was attempted, the default would be to not greylist it. However, if the received from IP is on the list OR if the words in the subject line are some percent similar to a line in the list, then it gets greylisted. Anything that gets through the greylisting then goes through SpamAssassin.
My thinking is that this should have a REALLY low number of hams delayed by greylisting, but I'm seeing a lot of repetition in the spam I'm currently getting.
Has anyone already implemented something like this?
Steve
Marc Kool wrote:
greylisting has a small drawback, the delay. After implementation I watched it closely and in my case all legitimate servers sent the message again after 6 minutes or so.
The greylisting for postfix that I use (www.postgrey.org) has a whitelist so if you have 24x7 service contract with company ABC and might need to receive *urgent* mails from them, you can whitelist them.
