> One way you can get rid of about 1/4 of your botnet spam is to set your
> highest numbered MX record as follows:
>
> tarbaby.junkemailfilter.com
Why bother trying to defeat 1/4 of botnet SPAM? I was getting rid of *all* of
it with greylisting since 3-4 years. No need for bothering with MXes.
The problem started after I implemented spamassassin couple of months ago. Even
though I have near ~100% accuracy with bayes (over 1 million SPAM, zero FP),
this guy always gets through.
We get about 10-20 legit emails (everyone uses internal IM) with 40000-50000
SPAM a day. Most of which is same-sender/same-receipient rejected at
transaction stage. Spamd processes about 10K a day.
When we were implementing only greylisting, no spam except ebolamonkey 419 spam
passed through. That was easy to discard with simple procmail filters. However,
our client's RHEL5 sendmail did not play well with greylisting, so we decided
to do sa+grey.
Working very well, but needing constant attention because of this one pos.
Jenny
