On Tue, Aug 12, 2014 at 6:08 AM, Matteo Dessalvi <mte...@yahoo.it> wrote:
> Hi all. > > Thanks for all the answers. I am afraid I was being naive. > I was explicitly thinking of a scenario like this: filter as > much as possible 'unsolicited email' sent by some (possibly) > 'infected' account. > > I thought that turning off the bayesian classifier (and the > RBL checks) would still let me able to catch the occasional > spam email. Of course there's already a ClamAV filtering > system for all the outgoing email. > > In the past week one of our outgoing SMTP server was blacklisted > for 12 hours (just to be clear: it was not SpamHaus). > Unfortunately, looking at the logs did not give me any clues: there > were no spikes of bulk sending email to thousands of users or > anything particularly suspicious. And the black list manager did > not provide any additional information about the incident. > > I have the same kind of setup. I only scan outgoing email in case of a compromised account being used to send spam. Last attack, Amavis/Spamassassin blocked 83% of all outgoing spams ( 2390 passed out of 13938 ) so you can have some OK results even without using bayes/RBL/SPF/DKIM checkup. DCC and URIBL help a lot. I still want/need to go over 90%+ blocked. Karl