On Monday 27 July 2009 10:40:34 Martijn de Munnik wrote: > > I'm using a couple of anti-spam techniques which successfully reject > (5xx) or ban (ipfilter firewall rule) most spam before even getting in > the queue.
You use a LOT of blacklists, which probably results in more false positives than needed. I'd suggest if you want to use more than one or two blacklists you use something like policyd-weight, although it is a little fiddly to get set-up just so in my experience once running it is pretty good. http://www.policyd-weight.org/ > A couple of days ago about 2600 spam messages where delivered > to an user with a catch-all account. These messages where classified as > SPAM or SPAMMY by spamassassin and where indeed spam. I wonder why these > messages got through at all? Without knowing the content of the email, or details of the senders, it is going to be hard for folks to comment. Here the usual "catchall" problem is bounces, which defeat greylisting and block lists because they come from servers we'd (plausibly at least) want to accept email from. I'd suggest losing the catch-alls, it is simple, effective, and has a low false positive rate as not many genuine correspondents make up email addresses to try. Simon