From owner-freebsd-questions@freebsd.org Thu Jan 12 00:13:50 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00CD8CAB686 for ; Thu, 12 Jan 2017 00:13:50 +0000 (UTC) (envelope-from rcarter@pinyon.org) Received: from h2.pinyon.org (h2.pinyon.org [65.101.20.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C071118CF for ; Thu, 12 Jan 2017 00:13:49 +0000 (UTC) (envelope-from rcarter@pinyon.org) Received: by h2.pinyon.org (Postfix, from userid 58) id 40008BD9A; Wed, 11 Jan 2017 17:13:48 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pinyon.org; s=DKIM; t=1484180028; bh=c+KT3jT55rxQStyguUUXaJ8NlDCOx+lQ0SnuBbm+54U=; h=Subject:To:References:From:Cc:Date:In-Reply-To; b=paxwjuyD8KeqjMd0TmVh7/N9uD5Q4hgBhcBwZOmInWPSJhZnZBCXtfK9SfhIxq2Ca TAtPJPzk5YEMY6pRxkd1bHkcRWtFltEbhxo3v28k/hwk+9hD65iesRknq7UT4RH2yd eAgv3DBRJzi579SwDqGhURSkZy55fn5Ml8LXZ3IM= X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on h2.pinyon.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.1 Received: from [10.0.10.15] (h1.pinyon.org [65.101.20.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by h2.pinyon.org (Postfix) with ESMTPSA id 7B870BD72; Wed, 11 Jan 2017 17:13:46 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pinyon.org; s=DKIM; t=1484180026; bh=c+KT3jT55rxQStyguUUXaJ8NlDCOx+lQ0SnuBbm+54U=; h=Subject:To:References:From:Cc:Date:In-Reply-To; b=CTSwp00IL6yMURtEqHdHHnAmSrZH9xyeanDGl1+y1QlFbEgynbzDPRQd6oBxj/0If 1akEeuAqWTVW+HOAioQB4H+UlG2bkbDGEoJZSk7kR3L049R/hYL37h+dBZMRkXumGQ dPKslably4qIeUlPbEhkjJPT8xlzpD3ZmQP0E+FA= Subject: Re: spamassassin not lethal anymore To: Steve O'Hara-Smith References: <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org> <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org> From: "Russell L. Carter" Cc: freebsd-questions@freebsd.org Message-ID: <8016faa3-5af4-6c2d-acdf-9b02f7f1afc8@pinyon.org> Date: Wed, 11 Jan 2017 17:13:46 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2017 00:13:50 -0000 On 01/11/17 14:05, Steve O'Hara-Smith wrote: > On Wed, 11 Jan 2017 13:45:47 -0700 > "Russell L. Carter" wrote: > >> Howdy, >> >> I've been happy using postfix+spamassassin for a long long >> time, and it's always worked great. However in the last >> few weeks it's not been scoring spam high enough, and in the >> last 10 days the spam is getting through in a torrent. I >> see a lot of scores in the 1-2 range, for what is obviously >> spam. I'm not really comfortable setting the threshold to >> 1, say. > > I had a similar setup until recently, and like you I've been seeing > spam getting through more and more despite regular running of sa-update, > most of it botnet sourced. I've pretty much eliminated it now by a > combination of installing dcc and razor plugins to spamassassin (reduced Ok, good things to do. I was sorta hoping the answer wasn't going to be "need moar weapons!" but I guess that's the way it is. Several people asked if I was running sa-update regularly, and yes I am, through the sa-utils script in /usr/local/etc/periodic/daily. Checking my logs I don't see any new rules coming down lately, though. I have the threshold set at the default 5 out of laziness. In the past I've been as low as 3, but as I mentioned, a whole bunch of spam is getting through lower than that now. It's all SPF verified, etc. > the spam getting through by 70% or so) and adding a backup MX with a free > service that only accepts messages to relay when the primary is down (it's > amazing how much spam stopped coming in when I did that). > I'm not sure what you mean here, can you elaborate a bit more? I can do anything I like with my MX hosts so I'm game. I *think* I'm already doing that. I have multiple domains, and so I have a primary MX and a couple of backup MX hosts (one of which is effectively a passive dovecot replicator, lordy that works fantastic). The backup MX hosts are lower priority than the primary. Are you doing something different? Thanks everybody for the suggestions. I will start incrementally adding to my weapons stash and hope for the best. Thanks, Russell