On 16/10/11 19:28, Martin Gregorie wrote:
On Sun, 2011-10-16 at 20:02 +0200, Benny Pedersen wrote:
I may never know they sent me an email.
Unless I spend time going over my logs.
ah you have logs ? :=)
A possible way out is to process the logs overnight, possibly as part of
logwatch, and build a datastore of addresses that mail has been sent to
via your MTA. You can use this as the basis for an automatic
whitelisting SA plugin which whitelists people who have received mail
from your domain. Messages from everybody else have to take their
chances with the standard SA rules and any locally defined ones.
This works well here: the only difference is that I archive all incoming
and outgoing mail and use my archive as the sender-whitelisting plugin's
data source.
That's pretty much what I've been doing too - hotmail, yahoo and aol
score 6pts by default and legit/known senders get a whitelist scoring to
counterbalance that. Works brilliantly. Catches all new spam runs from
the big freemail providers and, worst case, very occasionally the first
correspondence from a legit sender gets stuck in quarantine for a few hours.
I see more spam that ham out of these big freemail providers so have
long since lost any trust in them. Funny, google manages to keep spam to
a minimum (at least from the flow I see here) so one can only conclude
the other big freemail providers simply don't care.
