> For instance on one mailserver I took over, I noticed that after adding > a Spamhaus sbl-xbl check, required rDNS, and other basic stuff like > requiring a legitimate HELO/EHLO, spam attempts dropped by perhaps a > factor of 100. It was shocking. >
Required rDNS, so false positives went up by a factor of 1000. Many DSL users who have an ounce of security understanding and unhelpful ISPs will be blocked by that. Check the forums for annoyed MTA users. > > Anyway, it seems (some) spambots got less demented and actually do > > resend, getting themselves whitelisted - thus working themselves > > around the whole premise of greylisting. > > Lots of spammers use snowshoe hosts now, which run normal MTA software. The first rule of spamkill club. A spammer should not know your address The second rule of spamkill club. A spammer should not know your address If a user gets too much spam warn you will kill that address and educate. At the very least be pro-active from now on with disposable addresses. Your users will be very happy in the end when they are surprised by who the spam instigating culprits are especially when they have violated their policies. Even on old highly spammed addresses I get very few spam through and only the occasional false positive which I catch, usually due to the quorum.to list but it does catch some that other lists don't and more than it false positives so I haven't deleted it, yet. Far better than UK2s top anti-spam level which had a lot of false positives. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________
