Some anti-spam techniques (was Re: [plug] re: Email rules)

Peter Wright pete at
Wed Feb 20 10:40:44 WST 2008

On 20/02 08:39:29, Jon L. Miller wrote:
> It is only from the outside that this rule needs to be applied.  If
> I send an e-mail that originated from a remote location from me to
> me then I want this to be quarantined as the only time these users
> are using this system is from inside.

Ah, then I misunderstood your original email - I'd thought you were
having a problem with Postfix dropping email that shouldn't be dropped.

But as some of the others have pointed out, the approach you're
suggesting is going to have such a low hit-rate (and a non-trivial
level of false-positives) as to be almost completely pointless.

I also agree that Spamassassin is almost useless nowadays - I suspect
it's actually used by some spammers to tune their emails so they pass.

My approach for my personal mailserver is a combination of two
blacklists, and - those two kill a
huge amount of spam before it ever gets to my filters. XBL in
particular is great, it's a collection of several respectable and
effective blocklists.

I also use Bayesian filtering with bogofilter. This can be a bit
fiddly to set up - but if you have a decent collection of spam (and
non-spam, ie. "ham") to train it on, it's almost frighteningly
effective. And unlike Spamassassin, spammers can't really adjust their
email to get past a Bayesian filter.

Another technique which I've only recently been introduced to at my
workplace (and have set up for one client - they've been *very* happy
with the results so far) is greylisting. I wouldn't use it on my own
personal server (my other techniques work more than well enough), but
it does have the advantage of being *very* easy to set up, and
instantly effective.

I really liked greyfix - I found the install instructions very easy to
follow, though I think postgrey is older and has more features.

Note that greylisting in general *will* require whitelisting for some
large ISPs (eg. both Optus and Bigpond). See for
that - specifically for Postfix.

Also note that it's well worth reading about the disadvantages of
greylisting -

Though many formerly-spam-overrun office environments seem to consider
it a perfectly acceptable trade-off. ;)

> Jon

The study of non-linear physics is like the study of non-elephant biology.

More information about the plug mailing list