News
Thu, 21 Aug 2008 11:55:50 GMT - Wonderful SPAM
I started a bit of an experiment a while ago. I'd stop the historical logs on my mailserver from being deleted and then see how much spam I get in a year. I started this on April 21st, and here's where I'm up to.
My mailserver has rejected 143,737 messages from 105,062 hosts. Of those messages; 80,586 messages were rejected because they were attempted to deliver to known blacklisted addresses and 41,543 were blocked for attempting to use me as a relay. Interestingly, this means that 85% of the spams I get through I don't need to run through spamassassin at all, which saves fairly significantly on processing time.
I suppose a quick word about what I use and how it's configured. I use spamassassin and exim4. I like exim, mainly because once you get past it's rather strange configuration setup, it's really powerful.
My mailserver is configured to be the primary MX for my domain. When mail comes in the door, it's inspected to make sure that the target address really is a domain I own and that the full address hasn't been blacklisted. If either of these is true, the connection is closed. If the mail is accepted, it is then run through spamassassin. If the mail was delivered over an authenticated connection, then the server assumes it's coming from a person allowed to use it as a relay, and then forwards it on. Spamassassin is configured to do it's usual bunch of checks, with a few tweaks to scoring. I run bayesian checks against a postgres database of data and that's fairly good at sorting stuff out. If the message goes above a certain threshold, it gets dumped in a spam folder which I then later use for bayesian learning. Anything else gets dumped in my inbox.
On the whole, it works well. I get the occasional false positive and have to copy stuff out of my spam folder. Any mail that I reject normally gets passed onto my secondary MX server, which is just a forwarder to my gmail account. Whilst 95% of that ends up in gmail's spam folder, some mails which I've said are deffinately spam end up in my gmail inbox. Looks like I do this better than Google :)
Things I want to investigate in the future are greylisting and tarpitting. I've just not got round to figuring these out yet and seeing as this is currently working quite well, I've not much motivation. One bored day I will though.
And yes, the BEST MAN DIARY is coming. Soon!
Comments
I've been meaning to go through my spam logs, would be interesting to see how many I'm refusing. Need to implement spamassassin - turned it off when I started whitelisting, but I'm getting about 250/day through again now though.
Followed your tour of europe on twitter - sounds pretty good!
And what are you using the eeeeepc for? I'm tempted, but need to find an excuse.
I'm in Edinburgh right now, and it's rather useful as it fits in the front pocket of my camera bag. Hook it up to a 3G modem, and it's perfect.
I wouldn't suggest that any serious work could be done on it, but it's very useful for ssh / web / email / skype (webcam) / breaking other people's wireless (not that I do that) / random stuff.
Interestingly, the wireless card is supported by aircrak if you want to go down the wardriving route. You need to use the linux native driver and not the ndiswrapper though.
Think it's still just a bit too big for me. What I want is a modern Psion 5 - I've got the laptop for real work, and the N95 for emergency portable access - but would love to have an instant on linux machine with full-size keys which fits in a pocket. Would bridge the gap perfectly.
Actually, perhaps I should just try using my psion? Hmmm...