From owner-freebsd-questions@freebsd.org  Wed Jan 11 21:51:44 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9CA4CAB571
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 11 Jan 2017 21:51:44 +0000 (UTC)
 (envelope-from steve@sohara.org)
Received: from smtp1.irishbroadband.ie (smtp1.irishbroadband.ie [62.231.32.12])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9536C1B26
 for <freebsd-questions@freebsd.org>; Wed, 11 Jan 2017 21:51:44 +0000 (UTC)
 (envelope-from steve@sohara.org)
Received: from [89.127.62.20] (helo=smtp.lan.sohara.org)
 by smtp1.irishbroadband.ie with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.76) (envelope-from <steve@sohara.org>)
 id 1cRQ54-0001Z0-5A; Wed, 11 Jan 2017 21:05:14 +0000
Received: from [192.168.63.1] (helo=steve.lan.sohara.org)
 by smtp.lan.sohara.org with smtp (Exim 4.87 (FreeBSD))
 (envelope-from <steve@sohara.org>)
 id 1cRQ5i-000Mxc-Gx; Wed, 11 Jan 2017 21:05:54 +0000
Date: Wed, 11 Jan 2017 21:05:07 +0000
From: Steve O'Hara-Smith <steve@sohara.org>
To: "Russell L. Carter" <rcarter@pinyon.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: spamassassin not lethal anymore
Message-Id: <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org>
In-Reply-To: <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org>
References: <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org>
X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.29; amd64-portbld-freebsd10.1)
X-Clacks-Overhead: "GNU Terry Pratchett"
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2017 21:51:44 -0000

On Wed, 11 Jan 2017 13:45:47 -0700
"Russell L. Carter" <rcarter@pinyon.org> wrote:

> Howdy,
> 
> I've been happy using postfix+spamassassin for a long long
> time, and it's always worked great.  However in the last
> few weeks it's not been scoring spam high enough, and in the
> last 10 days the spam is getting through in a torrent.   I
> see a lot of scores in the 1-2 range, for what is obviously
> spam.  I'm not really comfortable setting the threshold to
> 1, say.

	I had a similar setup until recently, and like you I've been seeing
spam getting through more and more despite regular running of sa-update,
most of it botnet sourced. I've pretty much eliminated it now by a
combination of installing dcc and razor plugins to spamassassin (reduced
the spam getting through by 70% or so) and adding a backup MX with a free
service that only accepts messages to relay when the primary is down (it's
amazing how much spam stopped coming in when I did that).

-- 
Steve O'Hara-Smith <steve@sohara.org>