On Thu, Nov 01, 2012 at 08:49:39PM +0100, Jan Stary wrote:
> After cleaning my spamdb on the first of last month,
> I see that there are 572 WHITE hosts now.
>
> Only a handfull of those are legitimate (my mailserver
> is very low traffic, basically just mail for my family).
You and I have similar usage but wildly different traffic:
$ spamdb | awk -F '|' '/^WHITE/ {print $2}'|wc -l
19
I don't think this has anything to do with spamd.
You might try creating an SPF -all record; maybe some spammers cull such
domains from their lists. I also use the Spamhaus DROP list and Team
Cymru's fullbogons list and require FCrDNS. Domains that can't
be contacted, under a certain threshhold, eventually get culled from
some lists, and over time there's a dramatic benefit.
For instance on one mailserver I took over, I noticed that after adding
a Spamhaus sbl-xbl check, required rDNS, and other basic stuff like
requiring a legitimate HELO/EHLO, spam attempts dropped by perhaps a
factor of 100. It was shocking.
> Anyway, it seems (some) spambots got less demented and actually do
> resend, getting themselves whitelisted - thus working themselves
> around the whole premise of greylisting.
Lots of spammers use snowshoe hosts now, which run normal MTA software.
Nicolai
