>From: frede...@ofb.net <frede...@ofb.net> >Sent: Thursday, December 15, 2016 11:26 AM >To: David Jones >Cc: users@spamassassin.apache.org >Subject: Re: recent increase in spam getting through >I'm using a friend's MTA, which is perhaps the source of the recent >change - I'll have to check what they are doing. All my mail goes to a >spool directory in my home on "ofb.net" and then I have a script which >transfers the files and puts them into a maildir on my laptop. That >way I don't have to have an internet connection to search through old >email, mailing lists, and so on.
> Received: from [171.247.127.4] (unknown [171.247.127.4]) > by ofb.net (Postfix) with ESMTP id 7BEB441DB1 > for <frede...@ofb.net>; Thu, 15 Dec 2016 06:01:58 -0800 (PST) > Date: Thu, 15 Dec 2016 06:02:07 -0700 > To: frede...@ofb.net Based on that received header IP, this should have easily been blocked by RBL and DNS FCrDNS (RDNS_NONE rule in SA) checks: http://multirbl.valli.org/lookup/171.247.127.4.html I am not able to require a perfect FCrDNS lookup on my MTA but I do require a PTR record to exist. This message would have been rejected by Postfix. There are many valuable SMTP realtime checks that must be done at the edge MTA. Since you don't have control of this, then you have to resort to tuning SA constantly which is a never-ending game of cat-n-mouse since spam changes characteristics all of the time. The best thing I have ever done to help with this cat-n-mouse game is to go heavy on the IP reputation of the sending mail server which involves RBLs, DNS FCrDNS, SPF, etc. which has to be done on the edge MTA. Dave
