* Jacob Yocom-Piatt <[EMAIL PROTECTED]> [2006-12-14 09:15]:
> spamd in greylisting mode without any blacklists has been working pretty
> well here at work and at home for the past couple weeks. however, at
> work i noticed that a considerable amount of spam was getting through
> and was confused as to what was going on. from the get-go i noticed that
> one employee was receiving ~50% of the inbound spam for the whole
> company, but did not figure out what was happening until a few minutes ago.
>
> apparently, the employee had been replying to the spam and/or following
> the links contained therein in hopes of "removing themselves from the
> 'spam list'". this was whitelisting a lot of spammer IPs due to spamlogd
> running without -I. i have since told the employee that responding to or
> clicking links from spam is a bad idea.
>
> is there any way to work around users like this besides not whitelisting
> outbound mail?
Probably not a good one.
> a spamlogd "blacklist" of users that do not have the
> outbound mail IPs whitelisted is a thought, but maybe not the right idea.
Education (with a baseball bat?) is probably your best bet,
failing that put the dummies on another smtp server that you don't
log outbound from
-Bob
