I'm seeing a lot of people saying that bayes isn't working like it used
to, that load levels are high, and that they are getting a lot of image
and botnet spam. There are a few simple tricks you can do to get rid of
90% of it.
First - use dummy MX records. Real mail retries. Botnet and must
spammers don't. It's easier for them to try to spam someone else than to
fight your filter. MX config is as follows:
dummy - 10
real - 20
real-backups - 30
dummy - 40
dummy - 50
dummy - 60
...
All dummy IP addresses are dead IPs. Port 25 closed. Don't do a 4xx on
the lowest numbers IP because QMail is brain dead and won't retry the
higher numbered servers. The upper MX can return 4xx if you want to log
botnet traffic. This will eliminate 75%-90% of your spam with no false
positives ust making this change.
Second - use blacklists in a way that blocks the spam, not just score
it. If you use the spamhaus list you,ll get rid of about 1/3 of what's left.
Then - you just let SA process the rest. What you'll find is that most
all botnet spam will be gone, Bayes will start working again. Load
levels will drop dramatically.
Another thing - I don't know what everyone else uses but Exim is my MTA
and it has the power to be easily configured to do just about anything
you can imagine. If you are unhappy with your MTA Exim is the what I
think is the right choice.
Another solution is to just have me get rid of your spam for you and
make the problem go away. If anyone is tired of all this and just wants
it done you can email me privately and I'll set you up.
