Somebody in the thread at some point said:
> This is a fundamental issue with using something like spam assassin:
>
> It needs to be run on the SMTP server, as an INPUT filter, so that spam
> gets refused before entry, with a notification as part of the SMTP
> transaction. That way, the sender (the actual sender, not just the
That's right, it's much harder once anybody accepted the mail, because
then that person is trying to pass the mail on probably from a real
honest server. I found this to be really effective for over a year now:
- greylisting (I use gps + sqlite)
- Spamhaus RBL lookup (IPs that are detected by Spamhaus as sending
spam to their fake emails get blacklisted here)
- tight rules on postfix:
- insist that the server has reverse DNS
- insist that the recipient user actually exists (end of most virus
mails)
- insist on proper Helo FQDN (lot of spam tools and viruses don't
take care of this)
- Use helo_restrictions to override one way or the other
Spams are down to five or so a day.
-Andy
