Quote:
Originally Posted by thedaver
Filtering on sender email address is unreliable. Are you seeing a pool of IP addresses as sources? Are you seeing consistent string patterns in the spam itself?
|
You're correct... filtering on sender is unreliable. The email "From" address with be something like "Dr Oz Diet" but it's actually from some random address that changes every third email.
I'm not seeing any consistent ip addresses. Everything is very random.
I send all my mail through a set of checks before they get processed. I check and reject for invalid_hostname, non_fqdn, unknown_sender_domain, unauth_pipelining, unauth_destination and stuff like that. The I process it through Postgrey, Spamassassin and Amavis. Then it hits my RBL list:
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client combined.rbl.msrbl.net,
After it's passed all those checks I accept the mail.
If I could find a way I feel like it's better to just reject all mail that is not specifically white-listed per user. Not all of my users have this problem.
I wish I could find a way to handle it like I do the RBL checks. When the mail hits the server it looks to see who the mail is destined for then looks in a white-list ACL and if the sending domain is not listed drop it in a black hole or append the sending domain to a text file that can be checked periodically. Effectively all mail to a specific user would be rejected except known good addresses in the ACL.
Thanks,
Tony