On Thu, 15 Dec 2016 20:20:02 +0000 David Jones wrote: > >From: Martin Gregorie <mar...@gregorie.org> > >Sent: Thursday, December 15, 2016 1:39 PM > >To: users@spamassassin.apache.org > >Subject: Re: recent increase in spam getting through > > >On Thu, 2016-12-15 at 18:23 +0000, David Jones wrote: > >> There are many valuable SMTP realtime checks that must be done at > >> the edge MTA. Since you don't have control of this, then you have > >> to resort to tuning SA constantly which is a never-ending game of > >> cat-n-mouse since spam changes characteristics all of the time. > >> > >It doen't *have* to be done at the edge MTA provided you are happy to > >accept and then bin the junk rather than rejecting it. My system has > >been working this way for years.. > > True but one would have to know to put your ISP's mail server range > into the trusted_networks/internal_networks in SA.
If you are using getmail/fetchmail it commonly just works. SA has explicit support for fetchmail, and getmail headers are unparseable. Either way there is typically a chain of private and localhost IP addresses up to the MX server. > If you pull email later from an ISP mailbox, then RBLs > could have changed during that time. Actually RBLs and other network rules are much more effective with a delay. That's why problem FN's that are posted here usually get huge scores when retested. I find that about half the spam that I download with getmail hits RCVD_IN_XBL even though its already been through an MTA XBL check (including a variable greylisting delay). A secondary advantage of the higher scores is that very little spam ends up with a score close to 5, so if you have a separate folder for high-scoring spam, any FPs stand-out much more clearly. > Also the DNS server used by > client running SA post-MTA could cause the dreaded URIBL_BLOCKED > hit. In my opinion, it makes a complex software twice as complex to > run it post-MTA. Avoiding URIBL_BLOCKED is something you need to do when you run SpamAssassin irrespective of how your mail arrives. Setting-up resolver+SA is not twice as hard as setting-up resolver+SA+MTA.
