Lately I've been noticing that while the amount of spam that gets through SpamAssasin hasn't been too much, the number of entries in my spam folder has doubled or tripled in recent weeks. One spammer I'd especially like to make cry is Casino Zeal which keeps spamming and spamming, almost never gets through to my Inbox, but wastes my bandwidth. I have and like having a wildcard address for my domain, but recently I'm seeing spam sent to one made up address at my domain cc'ed to a list of made up addresses at my domain, so I see lots of copies of the same spam!
I was thinking of a combination of SpamAssassin and greylisting where once SpamAssassin processed an email and flagged it as spam, the IP address of the received from as well as the subject of the email would be added to a list. The list would be aged somehow.
Here's my idea for processing: When delivery of any new email was attempted, the default would be to not greylist it. However, if the received from IP is on the list OR if the words in the subject line are some percent similar to a line in the list, then it gets greylisted. Anything that gets through the greylisting then goes through SpamAssassin.
My thinking is that this should have a REALLY low number of hams delayed by greylisting, but I'm seeing a lot of repetition in the spam I'm currently getting.
Has anyone already implemented something like this?
Steve
Marc Kool wrote:
greylisting has a small drawback, the delay. After implementation I watched it closely and in my case all legitimate servers sent the message again after 6 minutes or so.
The greylisting for postfix that I use (www.postgrey.org) has a whitelist so if you have 24x7 service contract with company ABC and might need to receive *urgent* mails from them, you can whitelist them.
-Marc
