[BALUG-Admin] anti-spam ...

Michael Paoli Michael.Paoli@cal.berkeley.edu
Wed Aug 16 23:20:03 PDT 2017

Yes, ... a pretty good rule set, albeit quite aggressive.
Did already tweak fair bit on configuration earlier ... I'm
sure there will be occasional items (notably false positives)
that come up.  Fortunately thus far they've been pretty few,
but yes, will need to deal with those - at least as feasible
and appropriate.

But overall, at least thus far, I've been quite pleased with it.
I do also quite like the greylisting - which I also did tweak
(to initial delay of only 2 minutes - much more tolerable / less
annoying, for legitimate email that encounters such).  I like being
able to add domains that are (almost?) entirely spam to such, so that
they seem to (thus far) entirely thwart the spam, ... but should a
legitimate email ever come from such a domain - well, then it generally
would/should actually make it through ... just with a wee bit more delay
is all.  But yeah, some of the other email addresses (and ISPs, etc.)
I have ... sometimes I look over the spam for sending domains,
and for those I've never ever yet seen any non-spam use of,
rather than block 'em outright, I just tighten the screws a bit
more so spam from such is more probable to not make it through, while
leaving it still at least reasonable for legitimate email
(should there ever be such from such a domain) to reasonably
make it through.

Another thing I notice ... seems the spammers are learning
a bit ... and/or some of eximconfig's database tracking - the (attempted)
spam volumes seem to be trending down from earlier ... probably
started out as "ooh, fresh meat, let's see if we can spam there" - or
so the spambots would behave ... but weeks later, perhaps more like:
"uh, ... that's a harder target ... let's not spend quite as much
resource trying on that one".  Whether it's the spambots, or
eximconfig (notably with database bits), seems one or both
are learning ... at least some reasonable bit (or ... maybe
as statistical fluke, or unrelated correlation? ... who knows.
I don't exactly have huge volumes of data to compare and review
and do trend analysis on ... at least yet).

> From: "Rick Moen" <rick@linuxmafia.com>
> Subject: Re: [BALUG-Admin] anti-spam false positive ... egad, that  
> was annoying to track down	...
> Date: Wed, 16 Aug 2017 10:25:25 -0700

> Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
>> anti-spam false positive ... egad, that was annoying to track down ...
>> So ... got posting failure(s), e.g. (slightly trimmed):
> I don't think much of the 'verified' thing.  Can't recall whether I
> ever tested it.  (BTW, my current MTA doesn't use EximConfig's rulesets,
> because this system was put together in a hurry.)
> Occasionally, you will find rules that are poorly thought out or
> misbegotten.  Then, you'll need to decide whether to remove or fix them.

More information about the BALUG-Admin mailing list