Probably like
Sterling and almost all my clients, spam is a huge problem. A couple of years ago I started using exim4 with eximscan-av (an excellent set of tools), and configured it so:
- no .pif/.exe/....
- clamav (removes all remainng virus emails, like zips)
- No HTML only emails (or messages without text/plain)
- No korean / chinese subjects.
- No Multipart messages to my @php.net address.
- Some attempt at blocking virus bounces..
This achieved pretty good results It originally caught about 300 out of 340 spams per day. (and lets through 200-400 good messages). However after a while it became clear that a few spammers had realized that some people did this, and they started sending plain text spam.., so the number getting through slowly increased.
About a year ago, I decided that IP blacklisting was really the only other solution. So I wrote an exim Log parser, along with adding the Subject to the message log line, this enabled me to quickly scan and blacklist IP's on a daily basis, on average I blacklisted about 10-20 a day. However with the advent of the virus spammers, this began to seem like a neverending task..
In an effort to fight back, I finally rewrote the blacklist
parser code, and rejigged exim a little.
- any incomming email (IP) that is not 'greylisted' or 'whitelisted', is defered.
- once a day, A cron job parses the log, look at the defer messages, and compare the email From address to the IP
- If they are close (eg. same Class B) - it gets greylisted.
- If there is no match whatsoever, (fake from domain etc.), it gets instantly blacklisted.
- All virus IP's are auto blacklisted
- All HTML email senders are auto blacklisted
- once in a while, I check the parser web page, which lists all the emails recieved in the greylist, and white or blacklist them manually..
The solution is not perfect however, as it does depend heavily on me having created a good whitelist to start with, and for @php.net mail servers not to change to often (as they did recently, and got blacklisted accidentally by me, on the old manual system). But all these minor irritants, are not as bad as the alternative, having to wade through a ton of spam everyday..
The end result, About one spam per day (usually a nigerian scam one, via a freemail service) and I still get the occasional project enquiry (delayed by a day)..
Such a shame I miss out on all those fantastic offers for viagra...
