In the last seven days, SpamAssassin has placed 2975 messages in my personal spam folder. There was a definite upsurge in spam volume starting in October. As such, I've added additional filters to my mail server. Here are yesterday's stats:
First, I block anyone coming to me from an IP on a wide variety of black lists:
2027 Client host rejected: On DNSBL cbl.abuseat.org
72 Client host rejected: On DNSBL list.dsbl.org
38 Client host rejected: On DNSBL dnsbl.njabl.org
15 Client host rejected: On DNSBL sbl.spamhaus.org
541 Client host rejected: On DNSBL dnsbl.sorbs.net
2 Client host rejected: On DNSBL multihop.dsbl.org
3 Client host rejected: On DNSBL dnsbl.antispam.or.id
0 Client host rejected: On DNSBL relays.ordb.org
0 Client host rejected: On RHSBL rhsbl.antispam.or.id
3 Client host rejected: On RHSBL ex.dnsbl.org
Previously the messages above would've been refused 'cause most of them are to addresses that don't exist on my system. Still, some get through:
611 Recipient address rejected: Access denied
Do that three times and you get a 24 hour ban:
399 Client host rejected: bounce
And I block anyone who has sent me spam in the last 24 hours:
51 Client host rejected: spam
I've started blocking any message who's sender address's domain doesn't resolve:
153 Sender address rejected: Domain not found
One attempt to relay through me... these probes are very rare now, showing just how rare open relays actually are now.
1 Relay access denied
This one requires the most explanation, though I think it's had a real impact on my spam volume and server load. One of my users has all of his mail forwarded to a Yahoo mail account. Yahoo does something clever, sender address based bounce throttling. If a sender address has too many bounces then they start defering the messages. They'll let them through eventually, but that'll only happen if they aren't talking directly to a spammer (spammers don't defer and retry). So I look for these warnings in my logs, purge the queue entries if they're still active and add them to one of my 24 hour black lists. I'm gonna start doing what Yahoo does soon, myself. (The lists are pretty small, considering the number of blocks. I currently have 4 IPs listed and 22 email addresses. All of these blocks came from the email address blocking.)
209 Sender address rejected: Yahoo
Of the messages that made it through the above filters, I run some of them through SpamAssassin:
107 Identified as Ham
472 Identified as Spam
The rest are being forwarded to remote systems, which hopefully have spam filtering of their own:
836 Unfiltered
![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
Comments
I hope you don't find that you start missing important mail though.
I'm actually on the bad side of AOL right now. They're blocking email from me and I can't find out why. They require you to take 3 - 5 business days to set up one of their 'feedback loops' so that you can see email that's being marked by their users. I've recently emailed them to request expediting that. I suspect a bad web script is to blame but am having trouble finding it. (suggestions welcome, BTW :)
Glad to see DNSBLs are helping you. Hooray! :)