On 25/09/14 11:02, Corey Hickey wrote: > Hi, > > Lately I have been getting lots of spam that passes through when > initially received, but which is detected as spam when I test it later. > I guess the blacklists catch up to the spammers' new IPs, etc. We are sooo seeing this too. A lot of spam is getting through these days, and re-checking only 15 minutes later shows tonnes of RBLs trigger - but it's getting to us before it hits the RBLs
Greylisting would be the real solution to this situation, but our commercial environment means we could not use that option. In fact, greylisting even failed the "WAF test" on my home network: lasted two days before I was forced to turn it off ;-) > 2. Is it possible to achieve this with spamc, by some means? > I'd run up another copy of spamd on a different port - with a different configuration where you disable all the bits you don't want. Then if the network checks re-classify it as spam, you can re-learn it as spam using the normal spamd so as to fix up to BAYES_00 scores it originally got BTW, does it seem like Romania is a hot-bed at the moment? All this spam seems to be from Romania with perfect DNS and SPF records for new domains. Where's DOB when you need it ;-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
