I’ve been handling mail for some friends, one of which gets a LOT of spam. He’s a good litmus test for how to tweak a spam filter to maximum effectiveness.
I’m using a combination of Sendmail, triple-RBL, ordb.org, SpamAssassin (and the milter), and iptables to filter out spam from reaching $USER mailboxes. Here’s some recent tweaks I came up with (some with the gentle nudging of others):
# There is no reason to send HTML in email, none. Blocked. HContent-type: $>+Check_Content_Type SCheck_Content_Type Rtext/html $* $#error $@ 5.5.5 $: "555 HTML email denied; use plain text." # There is no reason for anyone to send a Content-Type of # multipart/alternative. Multipart is fine in the body # or as an attachment, but the generalized header for those # should be text/plain, not multipart/alternative. Blocked. HContent-type: $>+Check_Content_Type SCheck_Content_Type Rmultipart/alternative $* $#error $@ 5.5.5 $: "555 multipart mail blocked; use plain text" # Likewise for base64-encoded bodies. There is no reason # for the ENTIRE message body to be base64-encoded. Blocked. HContent-Transfer-Encoding: $>+Check_Transfer_Encoding SCheck_Transfer_Encoding Rbase64 $* $#error $@ 5.5.5 $: "555 base64-encoded body blocked; use plain text"
And recently, there is an increase in the number of people being affected by this W32/Sobig@MM trojan, so I blocked that (and another worm) too:
email@example.com ERROR:5.7.1:550 Sobig worm rejected firstname.lastname@example.org ERROR:5.7.1:550 Hybris worm rejected
These small changes alone have begun to cut down the number of spam messages that my system(s) will accept for users. A quick grep shows that in the last 2 days, the three tweaks above have successfully blocked 417 separate spam messages that would have otherwise been caught by spamassassin or passed onto a user.
Any spams that get through these + spamassassin, I block with iptables. It’s been doing quite a good job so far. In the last week, my iptables blocks for known spammers has produced 1,291 hits in the logs.
Things are busy here, but still no permanent employment (427 days, 61 weeks so far). It may be time to call UPS/Fedex/USPS and see if they have any openings. There are definately no technology jobs left here on the East Coast. Depressing.