[ILUG] spam filtering

[Conor McDermottroe]

Pete McEvoy wrote:
> Hi.
> My spam filter seems to be less effective now than it once was.

> Is there anything that anyone is using other than the above thats
> catching much?

Here's the current (last 7 days) state of how my spam filtering is 
performing:

SUMMARY
-------
Accepted:                   954  15.213%
   (whitelisted)             859  13.698%
   (<= 0)                     17   0.271%
   (> 0 && < 5)               38   0.606%
   (>= 5 && < 10)             40   0.638%
Rejected:                  5317  84.787%
   (>= 10)                   498   7.941%
   (bad HELO)                 91   1.451%
   (bad rcpt)                824  13.140%
   (DNSBL)                  3277  52.256%
   (blacklisted sender)        4   0.064%
   (blacklisted server)      623   9.935%
Total:                     6271 100.000%

Only about 10% of the mail is hitting SpamAssassin, I like to keep it 
that way since much more would require me to up the number of SA child 
processes beyond my RAM budget for SA.

The DNS blacklists do most of the heavy lifting, I'm using the following 
ones:

bl.spamcop.net
dnsbl-{1,2,3}.uceprotect.net (union of these)
dnsbl.njabl.org
dnsbl.sorbs.net
list.dsbl.org
no-more-funn.moensted.dk
psbl.surriel.com
rhsbl.sorbs.net
zen.spamhaus.org

Any sender that appears on 3 or more DNSBLs gets rejected (unless 
they're explicitly whitelisted).

The "blacklisted server" list is constructed from any client which has 
sent something in the last 2 hours which was rejected by SpamAssassin, 
DNSBLs, had an obvious bad HELO/EHLO argument or tried to send to 2 or 
more bogus addresses. I reject these in the connect ACL. This tends to 
cut down on the number of SA hits, DNSBL lookups and other work that has 
to be done to handle them.

I'm not using greylisting, I've though about it a few times but haven't 
had the motivation to bother yet.

When you say that your spam filtering is less effective, do you know by 
how much?

-C