Date: Wed, 11 Jan 2017 17:13:46 -0700 From: "Russell L. Carter" <rcarter@pinyon.org> To: Steve O'Hara-Smith <steve@sohara.org> Cc: freebsd-questions@freebsd.org Subject: Re: spamassassin not lethal anymore Message-ID: <8016faa3-5af4-6c2d-acdf-9b02f7f1afc8@pinyon.org> In-Reply-To: <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org> References: <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org> <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/11/17 14:05, Steve O'Hara-Smith wrote: > On Wed, 11 Jan 2017 13:45:47 -0700 > "Russell L. Carter" <rcarter@pinyon.org> wrote: > >> Howdy, >> >> I've been happy using postfix+spamassassin for a long long >> time, and it's always worked great. However in the last >> few weeks it's not been scoring spam high enough, and in the >> last 10 days the spam is getting through in a torrent. I >> see a lot of scores in the 1-2 range, for what is obviously >> spam. I'm not really comfortable setting the threshold to >> 1, say. > > I had a similar setup until recently, and like you I've been seeing > spam getting through more and more despite regular running of sa-update, > most of it botnet sourced. I've pretty much eliminated it now by a > combination of installing dcc and razor plugins to spamassassin (reduced Ok, good things to do. I was sorta hoping the answer wasn't going to be "need moar weapons!" but I guess that's the way it is. Several people asked if I was running sa-update regularly, and yes I am, through the sa-utils script in /usr/local/etc/periodic/daily. Checking my logs I don't see any new rules coming down lately, though. I have the threshold set at the default 5 out of laziness. In the past I've been as low as 3, but as I mentioned, a whole bunch of spam is getting through lower than that now. It's all SPF verified, etc. > the spam getting through by 70% or so) and adding a backup MX with a free > service that only accepts messages to relay when the primary is down (it's > amazing how much spam stopped coming in when I did that). > I'm not sure what you mean here, can you elaborate a bit more? I can do anything I like with my MX hosts so I'm game. I *think* I'm already doing that. I have multiple domains, and so I have a primary MX and a couple of backup MX hosts (one of which is effectively a passive dovecot replicator, lordy that works fantastic). The backup MX hosts are lower priority than the primary. Are you doing something different? Thanks everybody for the suggestions. I will start incrementally adding to my weapons stash and hope for the best. Thanks, Russell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8016faa3-5af4-6c2d-acdf-9b02f7f1afc8>