Ok, I got sick of the spam, changed the mailer back

About a month ago, I altered our SMTP daemon to not be so picky about mail. Previous to this, I had turned on and tweaked many anti-spam things. One of my favorites so far has been spf.
Turns out, that lots of mailers are incorrectly configured. That is being generous. Lots of mailers are on the internet, and not complying with RFCs, which makes it real hard to distinguish spam sources from real mailers.
We implement spam filtering as a deep tagging pipeline. Long story, it just makes being able to handle inbound mail bombing much easier. We have had our share of these. Recently, someone tried knocking us over with a little mail bomb.

mail graph showing 100k rejected mails in a short window

Well, I am finally sick of continuously tuning the pipeline, and updating the various filters. We have email targets to analyze mails for spam content, and normal content (if it was mis identified as spam). But these filters aren’t as effectual when the content are images. But all of the other checks, you know, the ones that cause broken mailers to exhibit their broken-ness, do work.
So I put all the filters back into place. I’ll whitelist the customers who have broken mailers (a number of them, all running MS Exchange … go figure).
But enough is enough.
[update] I should point out that our mail pipeline runs on a JackRabbit. As do our websites. This means, until we get a 10GbE line in, I am not worried about the amount of mail that can be pushed through our box. Our network connection to the outside world is the slow link here, but you’d have to work pretty hard to fill it up. The are off by more than an order of magnitude.

3 thoughts on “Ok, I got sick of the spam, changed the mailer back”

  1. @Chris:
    I used to use it, but I found it doesn’t play well with Microsoft Exchange. Exchange is, from my perspective, shipped in a broken state relative to the RFCs, in that the 450 messages aren’t correctly respected. Among other things.
    So when I use greylisting I find that it reduces spam, and legitimate mail. All those folks saddled with Exchange can’t really handle greylisted sites without something else like postfix in front of it.
    We got lots of ticked off customers who couldn’t contact us via email. So I pulled off greylisting on all machines. I now use spf and a few other things. I am noticing many more email spam messages using domain keys. I also noted many in the past using some of the other technologies.
    Greylisting does work, but it requires RFC-adherent MTAs for it to work for everyone.

Comments are closed.