War on Spam

I have always used real email addresses on the 'net, so I get a good deal of spam and other unwanted mail. I also am the listed contact on many domain names, admin many servers, etc. Before I started filtering heavily I was getting around 1000 emails/day; now it's about 100 (and most of it wanted).

Here's a typical snapshot from a 24 hour period:

  bytes       # destination     
======================================================================
7767313     700 /dev/null		(killed outright)
 583007      74 /var/spool/mail/mouse	(legitimate mail)
 842579      89 KILL-assassin		(spam ID'ed by SpamAssassin)
  34621       7 KILL-rbl		(spam from RBL'ed relay that SA missed)
 991037       7 KILL.virus.klez		(klez worm not found by SA/RBL)

The current model works like this:

sendmail rejects open relays using ORDB.
procmail uses various files to call:
- a recipe that kills any email written in an Asian characterset.
- a recipe that kills any email written to certain throwaway addresses I use.
- a recipe that traps virus-laden email
- SpamAssassin that does content analysis, etc. A spam comes out looking like this, although you probably /dev/null it so you'll never see it anyhow.
- rblchk, a perl script that checks various Realtime Black Lists (rbl's) in case any sneaked past the tame RBL rejection done by sendmail
- a recipe that munges the mime-type in HTML email so my readers render it as plain text

War on Spam

further reading