[...]
> what incredible crap -- some fucking fingerprint. i wasn't
> so surprised at the lack of catches, i was really unprepared
> for the false positives though.
>
> i haven'r tried pyzor or that tla i can't remember (and am
> too lazy to look up) from vernon schryver and pals...
>
> probably won't, has anybody?
I had similar unpleasant experiences with the databases and don't use them.
[Apologies to all - have to geek out a bit on budge here.]
Here is what I do, for a mail environment of about 5000 users, using MIMEDefang and SpamAssassin:
* Reject any SMTP connection where the relay forges the HELO statement
with one of my domains * Reject relays from a couple of conservative blacklists (e.g. SBL at
http://www.spamhaus.org ) * Use a greylist of "troublesome domains" to reject spam based on a
forged address. Since spammers love to forge aol.com, hotmail.com,
yahoo.com, etc. as the sender, I check those senders' relays to
reverse-resolve to the right domain. This catches a lot of spam
but it also breaks all those sites that have "forward this to a
friend by email" if the person gives it a source address in my
greylist (since those sites basically forge the mail). Since this
is a prime method to collect addresses for spamming list, I don't
feel bad about discouraging this behavior.
The above blocks about 10000 spams per day at our site, and of the 25000 Internet mails we still receive each day, another 5000 are flagged as spam by SpamAssassin so the user can filter using their mail client.
What a lot of people perceive as "legitimate marketing email" here looks like spam to me (and to SpamAss) so we have about 50 addresses in a whitelist. To manage those requests, I started the threshold at 7 pts and have shrunk it by .1 each to week. We're right at 5.0 now.
I silently discard any emails that get more than 10 points by SpamAss.
Personally, I used to get about 100 spams/day in my INBOX. I delete anything with more than 5 pts automatically, and throw anything with 3-5 pts into a special folder. I get 2-3 there per day.
Some spammers are learning to work around SpamAss heuristics. I get a few a week with around 1 pt. :(
Matt
-- PGP RSA Key ID: 0x1F6A4471 aim: beyondzero123 PGP DH/DSS Key ID: 0xAFF35DF2 icq: 120941588 http://blogdayafternoon.com yahoo msg: beyondzero123
The technology that extends our senses is increasingly difficult to distinguish from the technology that creates our senses.
-Richard Thieme