OT: extraordinary amount of spam to one domain

Steve Freegard steve.freegard at fsl.com
Tue Dec 22 11:26:28 GMT 2009

On 22/12/09 11:02, Jeff Mills wrote:
> Thanks Steve.
> See attached image... Quite easy to tell when we signed up this domain.
> That count is obviously only one server too.
> One of the employees may have loved the plethora of questionable
> material on the interweb at some stage.

As you've found - it's difficult/impossible to predict traffic levels 
for a domain before the MX record is pointed at you.

You could always use the high amount of junk directed at this domain to 
your advantage....

For some time now - I've put rules in place in my SMTP proxy to 'trap' 
messages meeting certain criteria (e.g. specific HELOs or rDNS patterns) 
by writing rfc822 message files into a directory prior to rejecting them 
at dot and ignoring any pre-DATA rejection conditions e.g. RBLs etc. 
Then - once every 5 minutes; I train bayes on all of these messages 
provided bayes has seen spam < ham (otherwise the messages are simply 
just deleted and not trained).

I found that it's kept bayes far more accurate, better at handling new 
spam as it mutates and anything that might not be rejected at the MTA 
level due to RBL lag time and slip through etc.


More information about the MailScanner mailing list