Somebody in the thread at some point said: > On Mon, 2007-07-30 at 11:25 +0100, Andy Green wrote: >> I found this to be really effective for over a year now: >> >> - greylisting (I use gps + sqlite) > > I'm not enamoured of greylisting, though that might be down to the poor > implementations of it that've held my mail up for hours, rather than > greylisting in itself. The first time you get mail from someone it will hold it up for some minutes, and then for as long as it takes the other server to retry, usually some hours. After that, the sender/server/recipient triplet is held in a sqlite database whitelist automatically, so there is no delay. >> - Spamhaus RBL lookup (IPs that are detected by Spamhaus as sending >> spam to their fake emails get blacklisted here) > > Do they get false positives added by malicious people? One of my hosts > uses a RBL system, but I don't think it's spamhaus. They don't specify their fake email addresses and don't accept external recommendations for the blacklist. >> - tight rules on postfix: >> >> - insist that the server has reverse DNS > > Not all do, nor do they really have to, even if it's a damn good idea. > This could be a problem. As I said I've had over a year to assess what this set of rules performs like: I had to whitelist only two real servers in that time to work around the rules. That's fine by me. I didn't see any false positives from the blackhole either, although I guess you wouldn't. >> - insist that the recipient user actually exists (end of most >> virus mails) > > Does it also reject if the message has more than one recipient, and > they're not all real users? It rejects the whole mail if any of the recipients are not valid users on my mailserver. > I put a bait address into a HTML comment on my website, anything that > spammed that (along with any other address) got trashed. No real user > would have seen the bait, but HTML trawlers would. I could kill that > mail with 100% certainty. That's what the Spamhaus blackhole list is doing, except they publish their "winners" by a faked up DNS server. -Andy