A spammy update
[warning: geeky]
Returning to one of my favourite topics - I've found several ways of decreasing my spam load dramatically. First, upgrade to the latest spamassassin, then add custom rules to block:
Then block mail from spammy domains and countries. In exim do something like this:
host_reject = +allow_unknown:*.ru:*.tw:*.cn:*.kr:*.aol.com:*.attbi.com:*.rr.com:*.comcast.net:*.biz:*.info:*.ameritech.net:...
The list of domains I block like that is listed on my website. Those people aren't even allowed to connect, so don't chew my precious bandwidth sending shit only for spamassassin to later drop it in the bit bucket. Then, block people who claim to be you in their SMTP HELO. This is a common spammer technique, they think that by claiming to be me I'll let their shit through. Well no, it doesn't work like that. I know where mail claiming to be from me should be coming from, so can filter them out like so with an exim filter:
if ($sender_helo_name is "mydomain.com" or $sender_helo_name is "myotherdomain.co.uk") and $sender_host_address is not "myIP" and
$sender_host_address is not "myOtherIP"
then
fail text "please to not be faking HELO"
seen finish
endif
which again prevents their mail really early on, so saving bandwidth. This is technically a violation of some RFC or other.
My next project will be to figure out a way of making SA or better exim aware of ASes, so I can more easily block whole swathes of IPs, and have my filters automagically update themselves when spamming scum get new IP ranges.
I also note that a German legislator is advocating jail time for spammers. And about time too. Yay Germany!