OT: extraordinary amount of spam to one domain
steve.freegard at fsl.com
Tue Dec 22 11:26:28 GMT 2009
On 22/12/09 11:02, Jeff Mills wrote:
> Thanks Steve.
> See attached image... Quite easy to tell when we signed up this domain.
> That count is obviously only one server too.
> One of the employees may have loved the plethora of questionable
> material on the interweb at some stage.
As you've found - it's difficult/impossible to predict traffic levels
for a domain before the MX record is pointed at you.
You could always use the high amount of junk directed at this domain to
For some time now - I've put rules in place in my SMTP proxy to 'trap'
messages meeting certain criteria (e.g. specific HELOs or rDNS patterns)
by writing rfc822 message files into a directory prior to rejecting them
at dot and ignoring any pre-DATA rejection conditions e.g. RBLs etc.
Then - once every 5 minutes; I train bayes on all of these messages
provided bayes has seen spam < ham (otherwise the messages are simply
just deleted and not trained).
I found that it's kept bayes far more accurate, better at handling new
spam as it mutates and anything that might not be rejected at the MTA
level due to RBL lag time and slip through etc.
More information about the MailScanner