Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abrupt spam increase

Hi all - long time...
responses in-line


Rich Braun said:

> (1) Have any of y'all tried to keep stats on the flow of spam?  Are my
> observations about message flow on-target?

I've also been seeing a pretty steady increase of spam and some very
creative approaches by spammers at getting through "the gauntlet."

> (2) Beyond SpamAssassin, have you tried out any tools which reject spam
> before
> it reaches your mailbox?  I know that I could configure sendmail to reject
> mail from sites listed in certain blacklist databases, but before I take
> that
> step I want to make sure to use the right blacklists and I also want to
> keep
> better statistics on a per-recipient basis (example, I get mail to
> "daemon"
> and "amanda", in addition to "richb", at my domain).

It used to be that I subscribed to the tag/report philosophy for spam
caught by MailScanner/SpamAssassin and had MailScanner doing a lot of the
RBL lookups, but as the volume grew, it proved to be onerous at best.  I
ended up moving a most of the RBL lookups to the front-line which reduced
the amount of spam for a while, but the volume seemed to creep back up as
the spammers caught on... The recent introduction of a dul and eventually
spamcop there helped tremendously.

Right now I'm basically using the following config to stop spam:
Mail Server (verifies domain exists) then queries
   RBL's (in order): njabl, dul at sorbs, sbl-xbl.spamhaus, relays.ordb,  - mail then passed to:
   MailScanner - to coordinate the AV and SpamAssassin checks.  It also
queries the other rbl's to tag anything that made it through the door.
Anything SA or MS hits on gets tagged and sent to the users junk

Reporting is accomplished via MailScanner-MRTG which gives a nice compact
historical view of traffic and I also leverage MailWatch for MailScanner
with an SQL back end.

Related Links:
MailWatch for MailScanner:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /